www.coloring.ws Open in urlscan Pro
54.82.38.167 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.coloring.ws/
Submission: On January 08 via api (January 8th 2024, 10:28:26 am UTC) from DE — Scanned from DE

Summary HTTP 374 Redirects Links 21 Behaviour Indicators

Summary

This website contacted 65 IPs in 7 countries across 78 domains to perform 374 HTTP transactions. The main IP is 54.82.38.167, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.coloring.ws.
TLS certificate: Issued by Amazon RSA 2048 M01 on May 19th 2023. Valid for: a year.

This is the only time www.coloring.ws was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
23	54.82.38.167 54.82.38.167	14618 (AMAZON-AES) (AMAZON-AES)
3	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
8	2606:4700:20:... 2606:4700:20::681a:7da	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3035::6815:815	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:1691	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	2600:9000:206... 2600:9000:206f:aa00:11:b309:9100:21	16509 (AMAZON-02) (AMAZON-02)
6	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	34.95.69.49 34.95.69.49	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
1	2600:9000:223... 2600:9000:223e:3c00:5:82fd:2500:21	16509 (AMAZON-02) (AMAZON-02)
3	162.19.138.119 162.19.138.119	16276 (OVH) (OVH)
2	2606:4700:20:... 2606:4700:20::ac43:4bf1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	46.228.174.115 46.228.174.115	56396 (AMOBEE) (AMOBEE)
2	52.208.7.68 52.208.7.68	16509 (AMAZON-02) (AMAZON-02)
1	35.157.214.172 35.157.214.172	16509 (AMAZON-02) (AMAZON-02)
1	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	2a02:fa8:8806... 2a02:fa8:8806:12::1460	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1	54.228.30.154 54.228.30.154	16509 (AMAZON-02) (AMAZON-02)
7	2602:803:c003... 2602:803:c003:200::44	26667 (RUBICONPR...) (RUBICONPROJECT)
3	52.17.111.107 52.17.111.107	16509 (AMAZON-02) (AMAZON-02)
1	159.89.246.130 159.89.246.130	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
3 4	37.252.173.215 37.252.173.215	29990 (ASN-APPNEX) (ASN-APPNEX)
11	18.196.19.149 18.196.19.149	16509 (AMAZON-02) (AMAZON-02)
1 3	145.40.97.67 145.40.97.67	54825 (PACKET) (PACKET)
1	2606:4700:440... 2606:4700:4400::6812:22b2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
4	34.149.50.64 34.149.50.64	15169 (GOOGLE) (GOOGLE)
1	18.245.86.119 18.245.86.119	16509 (AMAZON-02) (AMAZON-02)
4 7	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	3.239.232.31 3.239.232.31	14618 (AMAZON-AES) (AMAZON-AES)
1	141.95.33.120 141.95.33.120	16276 (OVH) (OVH)
2	3.221.232.156 3.221.232.156	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
48	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
3	2602:803:c003... 2602:803:c003:200::37	26667 (RUBICONPR...) (RUBICONPROJECT)
7	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
5 9	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
3 3	193.135.9.124 193.135.9.124	48314 (IP-PROJECTS) (IP-PROJECTS)
3 3	217.79.187.54 217.79.187.54	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
4	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
41	2a00:1450:400... 2a00:1450:4001:808::2006	15169 (GOOGLE) (GOOGLE)
10	104.79.89.214 104.79.89.214	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	54.155.202.187 54.155.202.187	16509 (AMAZON-02) (AMAZON-02)
4	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
8	216.58.206.34 216.58.206.34	15169 (GOOGLE) (GOOGLE)
1	85.14.248.72 85.14.248.72	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	104.76.200.221 104.76.200.221	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2600:9000:223... 2600:9000:223f:c800:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
6	2600:1f13:800... 2600:1f13:800:7782:857d:d048:5cf8:98f7	16509 (AMAZON-02) (AMAZON-02)
1	172.64.149.180 172.64.149.180	() ()
1 2	34.98.64.218 34.98.64.218	() ()
1	13.32.27.7 13.32.27.7	() ()
1	104.18.127.252 104.18.127.252	() ()
1	151.101.65.108 151.101.65.108	() ()
1	76.223.111.18 76.223.111.18	() ()
1	2600:9000:244... 2600:9000:2447:3400:1b:fdeb:7440:93a1	() ()
4	23.218.208.200 23.218.208.200	() ()
2 2	23.201.255.110 23.201.255.110	() ()
1	2a02:26f0:350... 2a02:26f0:3500:4::b818:4d9e	() ()
3	51.89.9.252 51.89.9.252	() ()
374	65

23 54.82.38.167 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-82-38-167.compute-1.amazonaws.com

www.coloring.ws	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.dltk-kids.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:20::681a:7da (United States)

ASN13335 (CLOUDFLARENET, US)

qd.admetricspro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::6815:815 (United States)

ASN13335 (CLOUDFLARENET, US)

pioeg.admetricspro.workers.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
clients1.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1691 (United States)

ASN13335 (CLOUDFLARENET, US)

cadmus.script.ac	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:aa00:11:b309:9100:21 (United States)

ASN16509 (AMAZON-02, US)

d15kdpgjg3unno.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.95.69.49 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.69.95.34.bc.googleusercontent.com

i.clean.gg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223e:3c00:5:82fd:2500:21 (United States)

ASN16509 (AMAZON-02, US)

dyv1bugovvq1g.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 162.19.138.119 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31533570.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:4bf1 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 46.228.174.115 (United Kingdom)

ASN56396 (AMOBEE, GB)

targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.208.7.68 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-7-68.eu-west-1.compute.amazonaws.com

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.157.214.172 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-214-172.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:12::1460 (Singapore)

ASN41041 (VCLK-EU-SE, US)

web.hb.ad.cpe.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.228.30.154 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-228-30-154.eu-west-1.compute.amazonaws.com

hb-api.omnitagjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2602:803:c003:200::44 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.17.111.107 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-111-107.eu-west-1.compute.amazonaws.com

ads.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.89.246.130 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

e.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.252.173.215 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 18.196.19.149 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-19-149.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 145.40.97.67 (Amsterdam, Netherlands) 1 redirects

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:22b2 (United States)

ASN13335 (CLOUDFLARENET, US)

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.149.50.64 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 64.50.149.34.bc.googleusercontent.com

s.seedtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.245.86.119 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-119.fra60.r.cloudfront.net

hb.yellowblue.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 172.64.151.101 (United States) 4 redirects

ASN13335 (CLOUDFLARENET, US)

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.239.232.31 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-239-232-31.compute-1.amazonaws.com

sqs.us-east-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.33.120 (Germany)

ASN16276 (OVH, FR)
PTR: ns3203256.ip-141-95-33.eu

lb.eu-1-id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.221.232.156 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-221-232-156.compute-1.amazonaws.com

www.dltk-holidays.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.kidzone.ws	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

48 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2602:803:c003:200::37 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

beacon-ams3.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.185.98 (United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 193.135.9.124 (Germany) 3 redirects

ASN48314 (IP-PROJECTS, DE)

ads.smartstream.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 217.79.187.54 (Germany) 3 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: cm43.as.net

cm.adsafety.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.36.155 (None, )

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

41 2a00:1450:4001:808::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 104.79.89.214 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-79-89-214.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.155.202.187 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-155-202-187.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 216.58.206.34 (United States)

ASN15169 (GOOGLE, US)
PTR: lcfraa-aa-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.14.248.72 (Neukirchen-Vluyn, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.76.200.221 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-76-200-221.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:223f:c800:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:1f13:800:7782:857d:d048:5cf8:98f7 (Boardman, United States)

ASN16509 (AMAZON-02, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.149.180 (None, )

ASN- ()

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (None, ) 1 redirects

ASN- ()

teachingaids-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.7 (None, )

ASN- ()

public.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.127.252 (None, )

ASN- ()

cs.seedtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.108 (None, )

ASN- ()

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.223.111.18 (None, )

ASN- ()

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2447:3400:1b:fdeb:7440:93a1 (None, )

ASN- ()

sync.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.218.208.200 (None, )

ASN- ()

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.201.255.110 (None, ) 2 redirects

ASN- ()

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:4::b818:4d9e (None, )

ASN- ()

csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.89.9.252 (None, )

ASN- ()

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
64	googlesyndication.com 07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 140 tpc.googlesyndication.com — Cisco Umbrella Rank: 185	433 KB
41	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 407	731 KB
34	doubleclick.net 5 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 269 googleads.g.doubleclick.net — Cisco Umbrella Rank: 68 cm.g.doubleclick.net — Cisco Umbrella Rank: 338 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 677	347 KB
26	rubiconproject.com 2 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 791 beacon-ams3.rubiconproject.com — Cisco Umbrella Rank: 8452 eus.rubiconproject.com — Cisco Umbrella Rank: 951 token.rubiconproject.com — Cisco Umbrella Rank: 744 secure-assets.rubiconproject.com	97 KB
18	coloring.ws www.coloring.ws	712 KB
11	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 1241 static.adsafeprotected.com — Cisco Umbrella Rank: 988 dt.adsafeprotected.com — Cisco Umbrella Rank: 933	104 KB
11	sharethrough.com btlr.sharethrough.com — Cisco Umbrella Rank: 1894 match.sharethrough.com Failed	2 KB
11	google.com cse.google.com — Cisco Umbrella Rank: 5708 www.google.com — Cisco Umbrella Rank: 6 fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1187 clients1.google.com — Cisco Umbrella Rank: 629	295 KB
8	casalemedia.com 4 redirects htlb.casalemedia.com — Cisco Umbrella Rank: 757 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 1194 ssum-sec.casalemedia.com	4 KB
8	admetricspro.com qd.admetricspro.com — Cisco Umbrella Rank: 76750	449 KB
7	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 271	451 KB
5	seedtag.com s.seedtag.com — Cisco Umbrella Rank: 2270 cs.seedtag.com	17 KB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 356 acdn.adnxs.com secure.adnxs.com	21 KB
5	pubmatic.com hbopenbid.pubmatic.com — Cisco Umbrella Rank: 766 ads.pubmatic.com	18 KB
5	dltk-kids.com www.dltk-kids.com	21 KB
4	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 594	593 B
4	servenobid.com ads.servenobid.com — Cisco Umbrella Rank: 3421 public.servenobid.com	5 KB
4	unrulymedia.com targeting.unrulymedia.com — Cisco Umbrella Rank: 1418	409 B
3	onetag-sys.com onetag-sys.com
3	adsafety.net 3 redirects cm.adsafety.net — Cisco Umbrella Rank: 17119	4 KB
3	smartstream.tv 3 redirects ads.smartstream.tv — Cisco Umbrella Rank: 19705	2 KB
3	openx.net 1 redirects rtb.openx.net — Cisco Umbrella Rank: 1007 teachingaids-d.openx.net u.openx.net Failed us-u.openx.net Failed	1 KB
3	a-mo.net 1 redirects prebid.a-mo.net — Cisco Umbrella Rank: 1119	506 B
3	4dex.io script.4dex.io — Cisco Umbrella Rank: 2287 mp.4dex.io — Cisco Umbrella Rank: 3130	25 KB
3	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 658	2 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 101 region1.google-analytics.com — Cisco Umbrella Rank: 1695	21 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	214 KB
2	serverbid.com e.serverbid.com — Cisco Umbrella Rank: 3547 sync.serverbid.com x.serverbid.com Failed	2 KB
2	3lift.com tlx.3lift.com — Cisco Umbrella Rank: 991 eb2.3lift.com	914 B
2	gumgum.com g2.gumgum.com — Cisco Umbrella Rank: 2297	763 B
2	clean.gg i.clean.gg — Cisco Umbrella Rank: 2057	104 B
2	cloudfront.net d15kdpgjg3unno.cloudfront.net dyv1bugovvq1g.cloudfront.net	26 KB
1	smartadserver.com csync.smartadserver.com sync.smartadserver.com Failed ssbsync.smartadserver.com Failed
1	indexww.com js-sec.indexww.com	2 KB
1	bluekai.com tags.bluekai.com — Cisco Umbrella Rank: 1261	570 B
1	exactag.com m.exactag.com — Cisco Umbrella Rank: 11689	60 B
1	kidzone.ws www.kidzone.ws	12 KB
1	dltk-holidays.com www.dltk-holidays.com	13 KB
1	eu-1-id5-sync.com lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 1338	275 B
1	amazonaws.com sqs.us-east-1.amazonaws.com — Cisco Umbrella Rank: 5930	682 B
1	yellowblue.io hb.yellowblue.io — Cisco Umbrella Rank: 3550 cs-server-s2s.yellowblue.io Failed	612 B
1	omnitagjs.com hb-api.omnitagjs.com — Cisco Umbrella Rank: 3973 visitor.omnitagjs.com Failed	662 B
1	dotomi.com web.hb.ad.cpe.dotomi.com — Cisco Umbrella Rank: 6056	215 B
1	script.ac cadmus.script.ac — Cisco Umbrella Rank: 3813	48 KB
1	workers.dev pioeg.admetricspro.workers.dev — Cisco Umbrella Rank: 111366	748 B
0	sascdn.com Failed ced-ns.sascdn.com Failed
0	deepintent.com Failed match.deepintent.com Failed
0	ipredictive.com Failed sync.ipredictive.com Failed
0	stackadapt.com Failed sync.srv.stackadapt.com Failed
0	sitescout.com Failed pixel-sync.sitescout.com Failed
0	bidr.io Failed match.prod.bidr.io Failed
0	everesttech.net Failed sync-tm.everesttech.net Failed
0	ad.gt Failed ids.ad.gt Failed
0	liadm.com Failed i.liadm.com Failed
0	amazon-adsystem.com Failed aax-eu.amazon-adsystem.com Failed s.amazon-adsystem.com Failed
0	quantserve.com Failed cms.quantserve.com Failed
0	yieldmo.com Failed ads.yieldmo.com Failed
0	colossusssp.com Failed sync.colossusssp.com Failed
0	adswizz.com Failed synchrobox.adswizz.com Failed cdn.adswizz.com Failed
0	media.net Failed hbx.media.net Failed
0	disqus.com Failed ssp.disqus.com Failed
0	sonobi.com Failed sync.go.sonobi.com Failed
0	rfihub.com Failed p.rfihub.com Failed
0	1rx.io Failed sync.1rx.io Failed
0	adkernel.com Failed sync.adkernel.com Failed
0	minutemedia-prebid.com Failed cs-rtb.minutemedia-prebid.com Failed
0	opera.com Failed t.adx.opera.com Failed
0	creativecdn.com Failed creativecdn.com Failed
0	clientgear.com Failed event.clientgear.com Failed
0	lijit.com Failed ap.lijit.com Failed ce.lijit.com Failed
0	adform.net Failed cm.adform.net Failed c1.adform.net Failed
0	yahoo.com Failed ups.analytics.yahoo.com Failed pr-bh.ybp.yahoo.com Failed
0	360yield.com Failed ad.360yield.com Failed
0	bidswitch.net Failed x.bidswitch.net Failed
0	zemanta.com Failed b1sync.zemanta.com Failed
0	contextweb.com Failed bh.contextweb.com Failed
0	33across.com Failed ssc-cms.33across.com Failed
0	richaudience.com Failed sync.richaudience.com Failed
374	78

	Domain	Requested by
48	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com cadmus.script.ac pagead2.googlesyndication.com 07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com www.coloring.ws s0.2mdn.net
41	s0.2mdn.net	www.coloring.ws s0.2mdn.net 07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com
18	www.coloring.ws	www.coloring.ws
14	tpc.googlesyndication.com	cadmus.script.ac 07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com www.coloring.ws s0.2mdn.net
11	btlr.sharethrough.com	cadmus.script.ac
10	eus.rubiconproject.com	www.coloring.ws eus.rubiconproject.com cadmus.script.ac cs.seedtag.com public.servenobid.com
9	cm.g.doubleclick.net	5 redirects googleads.g.doubleclick.net teachingaids-d.openx.net ssum-sec.casalemedia.com g2.gumgum.com
9	securepubads.g.doubleclick.net	qd.admetricspro.com cadmus.script.ac securepubads.g.doubleclick.net www.coloring.ws
8	googleads4.g.doubleclick.net	www.coloring.ws
8	googleads.g.doubleclick.net	cadmus.script.ac 07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com www.coloring.ws
8	qd.admetricspro.com	www.coloring.ws qd.admetricspro.com
7	www.googletagservices.com	cadmus.script.ac 07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com www.coloring.ws
7	fastlane.rubiconproject.com	cadmus.script.ac
6	dt.adsafeprotected.com
6	www.google.com	cse.google.com www.google.com www.coloring.ws cadmus.script.ac
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	www.dltk-kids.com	www.coloring.ws
4	ads.pubmatic.com	cadmus.script.ac cs.seedtag.com public.servenobid.com sync.serverbid.com
4	token.rubiconproject.com	eus.rubiconproject.com
4	match.adsrvr.org	googleads.g.doubleclick.net cs.seedtag.com sync.serverbid.com teachingaids-d.openx.net ssum-sec.casalemedia.com
4	s.seedtag.com	cadmus.script.ac cs.seedtag.com
4	targeting.unrulymedia.com	cadmus.script.ac
3	onetag-sys.com	cs.seedtag.com public.servenobid.com sync.serverbid.com
3	static.adsafeprotected.com	www.coloring.ws 07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com
3	cm.adsafety.net	3 redirects
3	ads.smartstream.tv	3 redirects
3	beacon-ams3.rubiconproject.com	cadmus.script.ac
3	prebid.a-mo.net	1 redirects cadmus.script.ac
3	ads.servenobid.com	cadmus.script.ac public.servenobid.com ssum-sec.casalemedia.com g2.gumgum.com
3	id5-sync.com	cadmus.script.ac
3	www.googletagmanager.com	www.coloring.ws www.googletagmanager.com
2	ssum-sec.casalemedia.com	1 redirects public.servenobid.com
2	secure.adnxs.com	2 redirects g2.gumgum.com
2	secure-assets.rubiconproject.com	2 redirects
2	teachingaids-d.openx.net	1 redirects cadmus.script.ac
2	fw.adsafeprotected.com	1 redirects www.coloring.ws
2	07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com	cadmus.script.ac
2	ib.adnxs.com	1 redirects cadmus.script.ac acdn.adnxs.com
2	g2.gumgum.com	cadmus.script.ac public.servenobid.com
2	script.4dex.io	cadmus.script.ac
2	fundingchoicesmessages.google.com	cadmus.script.ac
2	i.clean.gg	cadmus.script.ac
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	cse.google.com	www.coloring.ws cadmus.script.ac
1	csync.smartadserver.com	cs.seedtag.com csync.smartadserver.com
1	sync.serverbid.com	cadmus.script.ac
1	eb2.3lift.com	cadmus.script.ac
1	acdn.adnxs.com	cadmus.script.ac
1	cs.seedtag.com	cadmus.script.ac
1	public.servenobid.com	cadmus.script.ac
1	js-sec.indexww.com	cadmus.script.ac
1	tags.bluekai.com	07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com
1	m.exactag.com	www.coloring.ws
1	clients1.google.com	www.coloring.ws
1	www.kidzone.ws	www.coloring.ws
1	www.dltk-holidays.com	www.coloring.ws
1	lb.eu-1-id5-sync.com	cadmus.script.ac
1	sqs.us-east-1.amazonaws.com	d15kdpgjg3unno.cloudfront.net
1	htlb.casalemedia.com	cadmus.script.ac
1	hb.yellowblue.io	cadmus.script.ac
1	rtb.openx.net	cadmus.script.ac
1	mp.4dex.io	cadmus.script.ac
1	e.serverbid.com	cadmus.script.ac
1	hb-api.omnitagjs.com	cadmus.script.ac
1	web.hb.ad.cpe.dotomi.com	cadmus.script.ac
1	hbopenbid.pubmatic.com	cadmus.script.ac
1	tlx.3lift.com	cadmus.script.ac
1	dyv1bugovvq1g.cloudfront.net	cadmus.script.ac
1	region1.google-analytics.com	www.googletagmanager.com
1	d15kdpgjg3unno.cloudfront.net	qd.admetricspro.com
1	cadmus.script.ac	qd.admetricspro.com
1	pioeg.admetricspro.workers.dev	qd.admetricspro.com
0	ced-ns.sascdn.com Failed	csync.smartadserver.com
0	match.deepintent.com Failed	g2.gumgum.com
0	sync.ipredictive.com Failed	g2.gumgum.com
0	pr-bh.ybp.yahoo.com Failed	g2.gumgum.com
0	sync.srv.stackadapt.com Failed	g2.gumgum.com
0	us-u.openx.net Failed	g2.gumgum.com
0	pixel-sync.sitescout.com Failed	ssum-sec.casalemedia.com
0	match.prod.bidr.io Failed	ssum-sec.casalemedia.com
0	sync-tm.everesttech.net Failed	ssum-sec.casalemedia.com
0	ids.ad.gt Failed	ssum-sec.casalemedia.com
0	i.liadm.com Failed	ssum-sec.casalemedia.com
0	s.amazon-adsystem.com Failed	ssum-sec.casalemedia.com
0	aax-eu.amazon-adsystem.com Failed	teachingaids-d.openx.net
0	c1.adform.net Failed	teachingaids-d.openx.net g2.gumgum.com
0	cms.quantserve.com Failed	teachingaids-d.openx.net
0	ads.yieldmo.com Failed	sync.serverbid.com
0	x.serverbid.com Failed	sync.serverbid.com
0	sync.colossusssp.com Failed	sync.serverbid.com
0	cdn.adswizz.com Failed	sync.serverbid.com
0	synchrobox.adswizz.com Failed	sync.serverbid.com
0	hbx.media.net Failed	public.servenobid.com
0	ssp.disqus.com Failed	public.servenobid.com
0	sync.go.sonobi.com Failed	public.servenobid.com sync.serverbid.com
0	p.rfihub.com Failed	public.servenobid.com
0	sync.1rx.io Failed	public.servenobid.com
0	ce.lijit.com Failed	public.servenobid.com
0	cs-server-s2s.yellowblue.io Failed	public.servenobid.com
0	sync.adkernel.com Failed	public.servenobid.com
0	cs-rtb.minutemedia-prebid.com Failed	public.servenobid.com
0	ssbsync.smartadserver.com Failed	public.servenobid.com g2.gumgum.com
0	t.adx.opera.com Failed	cs.seedtag.com
0	creativecdn.com Failed	cs.seedtag.com
0	event.clientgear.com Failed	cs.seedtag.com
0	u.openx.net Failed	cs.seedtag.com
0	ap.lijit.com Failed	cs.seedtag.com public.servenobid.com sync.serverbid.com
0	cm.adform.net Failed	cs.seedtag.com
0	ups.analytics.yahoo.com Failed	cs.seedtag.com public.servenobid.com
0	ad.360yield.com Failed	cs.seedtag.com
0	x.bidswitch.net Failed	cs.seedtag.com g2.gumgum.com
0	b1sync.zemanta.com Failed	cs.seedtag.com g2.gumgum.com
0	sync.smartadserver.com Failed	cs.seedtag.com
0	bh.contextweb.com Failed	cs.seedtag.com sync.serverbid.com g2.gumgum.com
0	match.sharethrough.com Failed	cs.seedtag.com public.servenobid.com
0	ssc-cms.33across.com Failed	cs.seedtag.com
0	sync.richaudience.com Failed	cs.seedtag.com
0	visitor.omnitagjs.com Failed	cadmus.script.ac cs.seedtag.com
374	118

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
pinterest.com
www.youtube.com
www.dltk-kids.com
www.brainframe-kids.com
www.dltk-holidays.com
www.dltk-ninos.com
www.dltk-teach.com
www.first-school.ws
www.kidzone.ws
www.makinglearningfun.com
www.pauseitivity.com
www.primeraescuela.com
admetricspro.com

Subject Issuer	Validity	Valid
coloring.ws Amazon RSA 2048 M01	`2023-05-19` - `2024-06-16`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-06-10` - `2024-06-09`	a year	crt.sh
dltk-kids.com Amazon RSA 2048 M01	`2023-05-19` - `2024-06-16`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
script.ac E1	`2023-12-29` - `2024-03-28`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
i.clean.gg GTS CA 1D4	`2023-11-14` - `2024-02-12`	3 months	crt.sh
*.id5-sync.com R3	`2024-01-01` - `2024-03-31`	3 months	crt.sh
script.4dex.io Cloudflare Inc ECC CA-3	`2023-10-23` - `2024-10-22`	a year	crt.sh
*.targeting.unrulymedia.com Sectigo RSA Domain Validation Secure Server CA	`2023-05-10` - `2024-05-10`	a year	crt.sh
ie-ad-exch-prd-one-eks.prd.eks.ie.adexchange.gumgum.com Amazon RSA 2048 M01	`2023-07-17` - `2024-08-14`	a year	crt.sh
*.3lift.com Amazon RSA 2048 M02	`2023-04-13` - `2024-05-11`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2023-04-20` - `2024-05-20`	a year	crt.sh
ad.cpe.dotomi.com GlobalSign RSA OV SSL CA 2018	`2023-06-09` - `2024-07-10`	a year	crt.sh
omnitagjs.com Sectigo RSA Domain Validation Secure Server CA	`2023-06-23` - `2024-07-22`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
ads.servenobid.com Amazon RSA 2048 M01	`2023-04-29` - `2024-05-27`	a year	crt.sh
*.consumableaudio.com R3	`2023-10-30` - `2024-01-28`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
*.sharethrough.com Amazon RSA 2048 M01	`2023-06-14` - `2024-07-12`	a year	crt.sh
*.a-mo.net R3	`2024-01-06` - `2024-04-05`	3 months	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
*.seedtag.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-29` - `2024-04-15`	a year	crt.sh
*.yellowblue.io Amazon RSA 2048 M01	`2023-03-24` - `2024-04-21`	a year	crt.sh
casalemedia.com Cloudflare Inc ECC CA-3	`2023-05-21` - `2024-05-20`	a year	crt.sh
queue.amazonaws.com Amazon RSA 2048 M01	`2023-03-08` - `2024-03-07`	a year	crt.sh
*.eu-1-id5-sync.com R3	`2024-01-01` - `2024-03-31`	3 months	crt.sh
dltk-holidays.com Amazon RSA 2048 M02	`2023-05-19` - `2024-06-16`	a year	crt.sh
kidzone.ws Amazon RSA 2048 M02	`2023-05-19` - `2024-06-16`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.exactag.com Sectigo ECC Domain Validation Secure Server CA	`2023-08-22` - `2024-09-15`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-12-11` - `2024-12-11`	a year	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M01	`2023-05-09` - `2024-06-06`	a year	crt.sh
indexww.com Cloudflare Inc ECC CA-3	`2023-09-05` - `2024-09-03`	a year	crt.sh
*.servenobid.com Amazon RSA 2048 M02	`2023-12-08` - `2025-01-05`	a year	crt.sh
cdn.adnxs.com GeoTrust TLS RSA CA G1	`2023-03-27` - `2024-04-26`	a year	crt.sh
sync.serverbid.com Amazon RSA 2048 M02	`2023-03-22` - `2024-04-19`	a year	crt.sh
*.smartadserver.com DigiCert TLS RSA SHA256 2020 CA1	`2023-08-02` - `2024-08-04`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-28` - `2024-01-28`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh

This page contains 58 frames:

Primary Page: https://www.coloring.ws/
Frame ID: 3013FD7B1FAC15CA0856BB515A0DC399
Requests: 101 HTTP requests in this frame

Frame: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 82988A06EF4CFC01DD2DF0A0371A7BD2
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 8D86A263928E7DCECA6CA1E3E27E4395
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 86909DD8BC6851A3A432A6DC3744EE86
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst1RgnuEYyENhIEDwx8WRTnhYM7Fcm86lNWS91OvzkuslQsuOSYX7bPgzuzglAx2htTe57AX-6ApmfFDaURMdyjBvqxoufLRpJaWd-SIBn2DH89Qqgzcz90MLZt24l5Yv7S0Gz_NvKg3k5Aoeo-uRHVC_dG5svAmdpmc7ZmjR89BtHAYsZDszVLpL5CtuMIdlHpRXG8gpeQq7obZdLoYHhRPSCsJZQaJ0nhTxoLrlA5COiBDNy7yucI4Rba-JbJpZCoJODsiJ3th8TDhrMesDdhnvfIiU88AxRWLLfqpRjVrTXtrYKrJ5CfLZ5RHWKuEZnKWeCaTIhRHdoPrl07qeERgJIUdedowIXbS7tOSv1sOic4jSfLmNhUiQiloAc-u_PKbJte5XUwkg&sai=AMfl-YR8l7dGhd96q76K_bD6AL97kxSbgiVKOCD0O7t3tEFHBgXWk__OHiZUxvzrLfOx3BkB-Pqu2Mrhz9uZLHbd1JxrMUNByGXzW5s78sM28cMvOVGKqYJOdYHDi4QmvoJZIMPUVSNYs5N3qCk43HfDWf0&sig=Cg0ArKJSzFhj0nk_d80ZEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 1604B89D844B1071D322440A2ED970A2
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYsYWGgAIwAQ&v=APEucNUHujezZ9O6lyEncMH2jT1j5t6U6Jx4Xli2LtyI0CPkLCELEsfEAuNzaRIs3x_8l-CD_UsFfbfRm_j-4RdLdqyo7SRGq1QvESEFmQOgvAsdAG3qJ2k
Frame ID: 0382613A36E9C1EF91E36D596BF23C6B
Requests: 3 HTTP requests in this frame

Frame: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 3DF7CD9DE232BAE9BA14F3308ECC0D6E
Requests: 29 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvKTsL1ZoWV32kbajPELUUz8AOfFEwWO1Rj05pL0FbANYZemFsHHGf8aAyaI6ZpQbRg-uZMpUpqEbF3XgevDqZH8hIyIaNHmuRQ8l2LkuM_isrFHqSijWtS-8pTEDAyopakeTj0caNyBKTGiXbr0ljCWMj-CrFOggneFOPGore0qcu8IbXo8e4oJgmeS_jLZvY8vSb3UhgStX3Lo0lT8LCCUfd2A_VYpfVlOUJdd_m0Nc-lJ5yBUOLReDHJClXTgneDcB_09-xDLVVjIDK4Mgb58fa2X3fuOPqxzSEMACLDCxlZ260xCW4fKUuH3Gir-YqWXGzCHeamZ74h6TepR_7HSBFwAGwP7bAtNQbP6eNrx3odWmpAaTryPuDH6xOacvG-&sai=AMfl-YQO7_lbUeIKcmFNVJTXQZVUwhe3LeIv5wAK8n2O_-ANFrFusLE-Cam_0PjYJA2L75dhX2Z6L5XaJINS61IifPMrHlwnL--RvG8bBqD7XF0kp1iMh8kJl303JUk1ICTWib-tfGLLTGF3fx_rLqndl40&sig=Cg0ArKJSzHCv1yuEUNjeEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 541243A141FBDB29C10AFDFFB39D88EF
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYl9-FgAIwAQ&v=APEucNWjlMrQG4zRxhP4rYZFsgczHbywHnUQH3uO2CHtHzPxyBidwotSTCm7u8zeE5UhTyO_8IjQyTzf_24p0VFjZKi25skjnZNnRZy2gYBQi9PoW_a01bw
Frame ID: 9ADD5AFDA8D7B6A31DA689B2AC2E54BB
Requests: 3 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstKMSJXHC3dZNXXtztMSBfO0kIMUR5zVt4bkoo6oa6uKj_pgRblEPunukFDRLI6WeIm5HxNUWMbwlg4lRFL1z_HNl0G878dKwNef05gd5xx5q-g9NN6rZtuJ8feG5yRXlD129mAV9_w0SkMUXXQtUBp67cmpKppdw0lyHrE4byN-c9pjqlqNc-zNRAXtti5Z2foNngLwrBWbxNlHqJIJwbXp8XjXKL5pH4c4g6GcuZ-kUJ0PO_YfoRpSsNWcZm12miQnJqFRi-fz0rHl_rIRtkzOxH-lgmd2Hg1jc1cRPgr0aFW0IsY52F-EumTihpU4g5jmZ_NtF5kXKjGVTe2WgK81hSRssrgJe5beZczig7OnP2ov2o-cxc_2PZe-4fOE8gt&sai=AMfl-YTOKBgU6OWV29wK5AmwANbWAAWfZftEk4R5D-0eOc6pJP7UvZNB-fGMdgb8JlK7UP-0aIh8IKOf9NrBDZAR9yWmFWxk0BRUY8HPq-kOf6KoxkVfN-8MZ33VdzB-rz77RBabU3862pQIcmc-QMYHYw8&sig=Cg0ArKJSzOFxxrWVSGK5EAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 4794A2F3E3150D703FC392F12E377A40
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMY9PijgAIwAQ&v=APEucNUZ003n2qKhYJEGfJ_pHKk00UuV2sMbeFm5rbjfaznG_NjapDdLaPeki3o6CJ4FKNOMD9-EBxPjVtUMz9I-Z9eB8o-EAqkhOL7RUVz7xFYMymF0dg4
Frame ID: 793CBB96E21CE816A48A9437E248F938
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGNOvnYICMAE&v=APEucNWwWZOwwTQ1PiffaoJAD4bvDrV_YmIV5rl4KSrVkyLBfctij5NezOErinpqshU1kp2S-yiSU8j_7fHZOxpRvi3Sc8oQLVh6TXtb9-KFHNgmiQaqZDM
Frame ID: 0D49F969F4422A6E3F5E68EAEADD7DE2
Requests: 4 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&gdpr=0&us_privacy=1---&geo=eu&co=de
Frame ID: 1BC3B5372D82D4D86DBD513ACE2A66BA
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&gdpr=0&us_privacy=1---&geo=eu&co=de
Frame ID: D0B382FB9C309672C4504C51F07747D0
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: A78D75F17ADAAE2AF21FADF3DDB2EBFC
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&gdpr=0&us_privacy=1---&geo=eu&co=de
Frame ID: 5DE3DB747CBD256629D5992754A11B08
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/12881238839111139704/index.html?ev=01_250
Frame ID: 577AC572E196139EDD2C68EF749C7B96
Requests: 10 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/4037769011434089471/index.html?ev=01_250
Frame ID: 4E562E892A0ECCDFE0DBE77903238069
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 77597D01938D463EC1574AFEB2BECA9B
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/4797436206633363095/index.html?e=69&leftOffset=0&topOffset=0&c=zt3bq741Ix&t=1&renderingType=2&ev=01_250
Frame ID: 9F348671EA759115F28D0218CB474329
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: D3E9D554C6CEAB44C859513119AE9F22
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 4A85A0648275B562203AFD5566812A24
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/index.html?ev=01_250
Frame ID: F2DE41B35E4CBF141066EF0C939DD565
Requests: 9 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 03E27697941BDBEF4091CBCC569939E6
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Frame ID: 6D57F51F52231ED7C212790094CC7F72
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 81004802E7890FAA86FCD3FB7CBD6412
Requests: 1 HTTP requests in this frame

Frame: https://teachingaids-d.openx.net/w/1.0/pd?cc=1&gdpr=0&gdpr_consent=&us_privacy=1---
Frame ID: 4D772C054503CFEFF6685DA6788A4917
Requests: 7 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html?usp_consent=1---
Frame ID: 5A8690604C844AA01962B1E4C6E91042
Requests: 13 HTTP requests in this frame

Frame: https://cs.seedtag.com/cs.html?pt=6686-0994-01&pc=US&cmp=true&us=1---
Frame ID: A638B78D43F6DECF21AEE9F90423513D
Requests: 17 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 2344025F5A8F3BAFA83F47AB76C53B12
Requests: 2 HTTP requests in this frame

Frame: https://prebid.a-mo.net/isyn?gdpr_consent=&gdpr=0&us_privacy=1---&gpp=&gpp_sid=
Frame ID: 0CC0C7312D342A74C2B885573FCC0D71
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?us_privacy=1---&
Frame ID: 23D311C7EAF7177EC3F747601E5DB4BF
Requests: 1 HTTP requests in this frame

Frame: https://sync.serverbid.com/ss/2000891.html
Frame ID: 12107B293A603A5C2C7C87786752ECA3
Requests: 12 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=&us_privacy=1---
Frame ID: 6C14FEC18BE99CEBEB9882331A40B03A
Requests: 1 HTTP requests in this frame

Frame: https://visitor.omnitagjs.com/visitor/isync?uid=19340f4f097d16f41f34fc0274981ca4&gdpr=0&gdpr_consent=&us_privacy=1---
Frame ID: E3AEEFF309CE40D40EFEFC931EE53ABE
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=0&us_privacy=1---
Frame ID: C2B24752464BD2D0CBE79F610380EF05
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=seedtag&endpoint=eu
Frame ID: E7C6F811F6537A360B9EEE719CE2C7E0
Requests: 2 HTTP requests in this frame

Frame: https://csync.smartadserver.com/rtb/csync/CookieSync.html?nwid=3050&dcid=3
Frame ID: 8AEA1205DCC7157EE094DEA0FA61BBBB
Requests: 4 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=157743&gdpr=0&gdpr_consent=&us_privacy=1---&predirect=https%3A%2F%2Fs.seedtag.com%2Fcs%2Fcookiesync%2Fpubmatic%3Fchanneluid%3D
Frame ID: 3DBC04FFDEAE8C5C69CBBD7AB60EFD5D
Requests: 1 HTTP requests in this frame

Frame: https://sync.richaudience.com/dcf3528a0b8aa83634892d50e91c306e/?ord=1704709705678&pubconsent=&euconsent=&hasConsent=1
Frame ID: F3E1CF6260C1F2A6B4524A06DFC53D8B
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0010b00002MptHCAAZ&ru=https%3A%2F%2Fs.seedtag.com%2Fcs%2Fcookiesync%2F33across%3Fchanneluid%3D33XUSERID33X
Frame ID: 0F77A46644AD6CC7E655A8C2CEA59508
Requests: 1 HTTP requests in this frame

Frame: https://visitor.omnitagjs.com/visitor/isync?uid=513c4e190506981c315d38ccadf488f2&name=SEEDTAG&visitor=&gdpr=0&gdpr_consent_string=&us_privacy=1---
Frame ID: CBBEDEFD8268A246885BF3B6AD74D7C1
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=75601b04186d260
Frame ID: FB349E4E4FC4612EE5A2DF39B1C33B5C
Requests: 1 HTTP requests in this frame

Frame: https://match.sharethrough.com/universal/v1?supply_id=2TwkgUpM&gdpr=0&gdpr_consent=&us_privacy=1---
Frame ID: 19E116C3D57C444B36C5FF246C7CF201
Requests: 1 HTTP requests in this frame

Frame: https://bh.contextweb.com/bh/rtset?pid=562983&ev=1&us_privacy=1---&rurl=https%3A%2F%2Fs.seedtag.com%2Fcs%2Fcookiesync%2Fpulsepoint%3Fchanneluid%3D%25%25VGUID%25%25
Frame ID: 17EA23706A47B28DAB12005BA21C40ED
Requests: 1 HTTP requests in this frame

Frame: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Frame ID: 0B48730B6C9899CC22E99B2D3385A4F6
Requests: 12 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Frame ID: 2B72FBE67FC8D96172A0F7F8BAAF7E8D
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1---&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Frame ID: 4916E8B58B1D0C7EB21FEDD3C2F3B9A6
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Frame ID: D8BD8E2B11BF732A988FA68CF5394E0D
Requests: 10 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east
Frame ID: 3580D559D3680197CA5CC6C2A28BD226
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1---&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Frame ID: AE923508C5CBA6BAAE74B483F5085C78
Requests: 1 HTTP requests in this frame

Frame: https://cs-rtb.minutemedia-prebid.com/sync-iframe?gdpr=0&gdpr_consent=&us_privacy=1---&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D348%26uid%3D%7BpartnerId%7D
Frame ID: AEFADE06202BC52DBDD28C8BE59316EE
Requests: 1 HTTP requests in this frame

Frame: https://sync.adkernel.com/user-sync?zone=181225&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D152%26uid%3D%7BUID%7D&gdpr=0&gdpr_consent=&us_privacy=1---&
Frame ID: 6DE2CDE293BCE2C91FE43120861B1486
Requests: 1 HTTP requests in this frame

Frame: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=0&gdpr_consent=&us_privacy=1---&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D352%26uid%3D%7BpartnerId%7D
Frame ID: 586571B64DCB92708E926130520EF368
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=&gdpr_consent=&us_privacy=&p=156319&predirect=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D3%26src%3D2%26cspi%3D0%26cn%3D3%26spui%3D%26dpui%3D
Frame ID: B55D9F68F02B543D8923894278D00590
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=6c68086c0c61793&gdpr=&gdpr_consent=&us_privacy=
Frame ID: 76499DFF55F99486BE1CA20563D0CD8A
Requests: 1 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent=
Frame ID: 81E4E878515650F56EAC85A330CBDCCF
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8xZjVkZDY2My1kZjc4LTRmNzEtYjkwNS1kODc3NDcxNTUzZDU=&gdpr=0&gdpr_consent=&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv
Frame ID: 6B37897AC34B6BCD39CADD36258F22F7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Coloring Pages for Kidssuchen

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

/prebid\.js
adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Page Statistics

374
Requests

77 %
HTTPS

40 %
IPv6

78
Domains

118
Subdomains

65
IPs

7
Countries

4073 kB
Transfer

10672 kB
Size

37
Cookies

21 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/DLTKsCraftsForKids

Search URL Search Domain Scan URL

URL: https://pinterest.com/leannedltk/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/DLTKcrafts/featured

Search URL Search Domain Scan URL

URL: https://www.dltk-kids.com/
Title: DLTK's

Search URL Search Domain Scan URL

URL: https://www.brainframe-kids.com/type/coloring-pages.htm
Title: Mental Health / Psychology

Search URL Search Domain Scan URL

URL: https://www.dltk-holidays.com/
Title: DLTK-Holidays.com

Search URL Search Domain Scan URL

URL: https://www.dltk-ninos.com/
Title: DLTK-Ninos.com

Search URL Search Domain Scan URL

URL: https://www.dltk-teach.com/
Title: DLTK-Teach.com

Search URL Search Domain Scan URL

URL: https://www.brainframe-kids.com/
Title: BrainFrame-Kids.com

Search URL Search Domain Scan URL

URL: https://www.first-school.ws/
Title: First-School.ws

Search URL Search Domain Scan URL

URL: https://www.kidzone.ws/
Title: KidZone.ws

Search URL Search Domain Scan URL

URL: https://www.makinglearningfun.com/
Title: MakingLearningFun.com

Search URL Search Domain Scan URL

URL: https://www.pauseitivity.com/
Title: Pauseitivity.com

Search URL Search Domain Scan URL

URL: https://www.primeraescuela.com/
Title: PrimeraEscuela.com

Search URL Search Domain Scan URL

URL: https://www.dltk-holidays.com/winter/m-paperstrip-snowflake.htm?feature
Title: Paper Strip Snowflake Craft

Search URL Search Domain Scan URL

URL: https://www.kidzone.ws/science/tornado/index.htm?feature
Title: Tornado in a Bottle science experiment

Search URL Search Domain Scan URL

URL: https://www.dltk-kids.com/feedback.htm
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.dltk-kids.com/prthlp.html
Title: Print Help

Search URL Search Domain Scan URL

URL: https://www.dltk-kids.com/privacy.htm
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.dltk-kids.com/copyright.htm
Title: Copyright

Search URL Search Domain Scan URL

URL: https://admetricspro.com/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 126

https://cm.g.doubleclick.net/pixel?google_nid=smartstreamtv_dbm&google_cm&google_dbm&gdpr=0 HTTP 302
https://ads.smartstream.tv/cm/?cmsrc=dcm&gdpr=0&google_gid=CAESEPXW-lsAvIatmWSS7jMzXPk&google_cver=1 HTTP 302
https://cm.adsafety.net/?_cmsrc=dcm&testmidt=1&testdid=CAESEPXW-lsAvIatmWSS7jMzXPk&idt=0&did=0&data[stv][midt]=100&data[stv][mdid]=2910c85f382cbfecf2a90e3a69978fab&uid=2910c85f382cbfecf2a90e3a69978fab&data[stv][idt_did_status]=added&gdpr_consent=&gdpr=0 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1&gdpr=1&gdpr_consent=

Request Chain 137

https://cm.g.doubleclick.net/pixel?google_nid=smartstreamtv_dbm&google_cm&google_dbm&gdpr=0 HTTP 302
https://ads.smartstream.tv/cm/?cmsrc=dcm&gdpr=0&google_gid=CAESEPXW-lsAvIatmWSS7jMzXPk&google_cver=1 HTTP 302
https://cm.adsafety.net/?_cmsrc=dcm&testmidt=1&testdid=CAESEPXW-lsAvIatmWSS7jMzXPk&idt=0&did=0&data[stv][midt]=100&data[stv][mdid]=2910c85f382cbfecf2a90e3a69978fab&uid=2910c85f382cbfecf2a90e3a69978fab&data[stv][idt_did_status]=added&gdpr_consent=&gdpr=0 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1&gdpr=1&gdpr_consent=

Request Chain 139

https://cm.g.doubleclick.net/pixel?google_nid=smartstreamtv_dbm&google_cm&google_dbm&gdpr=0 HTTP 302
https://ads.smartstream.tv/cm/?cmsrc=dcm&gdpr=0&google_gid=CAESEPXW-lsAvIatmWSS7jMzXPk&google_cver=1 HTTP 302
https://cm.adsafety.net/?_cmsrc=dcm&testmidt=1&testdid=CAESEPXW-lsAvIatmWSS7jMzXPk&idt=0&did=0&data[stv][midt]=100&data[stv][mdid]=2910c85f382cbfecf2a90e3a69978fab&uid=2910c85f382cbfecf2a90e3a69978fab&data[stv][idt_did_status]=added&gdpr_consent=&gdpr=0 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1&gdpr=1&gdpr_consent=

Request Chain 145

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMwurVf_FXgxVT2gB5JKFU4&google_cver=1&gdpr=0 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMwurVf_FXgxVT2gB5JKFU4&google_cver=1&gdpr=0&C=1

Request Chain 146

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgdpr%3D0%26google_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZvORfV4g7H5Q7OxKwWbVgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMwurVf_FXgxVT2gB5JKFU4&google_cver=1&gdpr=0

Request Chain 244

https://fw.adsafeprotected.com/rfw/st/1898970/77442736/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1015630378&ias_pubId=pub-4113681882311455&ias_chanId=1&ias_placementId=20903658371&bidurl=https://www.coloring.ws/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0h-UGFGziUfVXp9UxwKJly7&adsafe_url=https%3A%2F%2Fwww.coloring.ws&adsafe_type=y&adsafe_url=https%3A%2F%2Fwww.coloring.ws%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:4bfa629a-d79b-f809-bd4e-8a585479cc85,c:HIYBi,sl:na,em:true,fr:false,thd:1,mn:jsserver-primary-765c58974b-z2mh7,rg:ie,pt:1-5-15,mu:10000,br:c,bru:c,an:n,oam:0,mtim:128,mot:0,app:0,maw:0,fm:u0Lybff+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C191%7C192%7C1931%7C194%7C1a*.1898970-77442736%7C1a1%7C1a21%7C1a3%7C1b1%7C1b2%7C1b3%7C1b41%7C1c1%7C1c2%7C1c3%7C1c41,fm2:u0Lybff+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C191%7C192%7C1931%7C194%7C1a*.1898970-77442736%7C1a1%7C1a21%7C1a3%7C1b1%7C1b2%7C1b3%7C1b41%7C1c1%7C1c2%7C1c3%7C1c41,idMap:1a*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:140,oid:a5981088-ae10-11ee-a329-3e1397bff102,v:19.8.466,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js?ias_xappb=

Request Chain 274

https://teachingaids-d.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://teachingaids-d.openx.net/w/1.0/pd?cc=1&gdpr=0&gdpr_consent=&us_privacy=1---

Request Chain 287

https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Request Chain 288

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=seedtag&endpoint=eu HTTP 301
https://eus.rubiconproject.com/usync.html?p=seedtag&endpoint=eu

Request Chain 298

https://secure.adnxs.com/getuid?https%3A%2F%2Fs.seedtag.com%2Fcs%2Fcookiesync%2Fappnexus%3Fchanneluid%3D%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.seedtag.com%252Fcs%252Fcookiesync%252Fappnexus%253Fchanneluid%253D%2524UID HTTP 302
https://s.seedtag.com/cs/cookiesync/appnexus?channeluid=1252075283688378295

Request Chain 302

https://x.bidswitch.net/sync?ssp=seedtag&user_id=&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=seedtag&user_id=&gdpr=0&gdpr_consent=&us_privacy=1---

Request Chain 305

https://ssum-sec.casalemedia.com/usermatchredir?s=191730&cb=https%3A%2F%2Fs.seedtag.com%2Fcs%2Fcookiesync%2Findexexchange%3Fchanneluid%3D HTTP 302
https://s.seedtag.com/cs/cookiesync/indexexchange?channeluid=ZZvORfV4g7H5Q7OxKwWbVgAA%262183

Request Chain 317

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=duration_media&endpoint=us-east HTTP 301
https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east

Request Chain 322

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
https://ads.servenobid.com/sync?pid=312&uid=1252075283688378295

Request Chain 328

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1---&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D HTTP 302
https://ads.servenobid.com/sync?pid=327&uid=&us_privacy=1---&gdpr=0

Request Chain 342

https://ssum-sec.casalemedia.com/usermatchredir?s=185073&gdpr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&cb=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5528%26spui%3D%26dpui%3D HTTP 302
https://x.serverbid.com/usersync?gpp=&gpp_sid=&ttt=1&src=2&cspi=0&cn=5528&spui=&dpui=ZZvORfV4g7H5Q7OxKwWbVgAA%262183

Request Chain 343

https://ib.adnxs.com/getuid?https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5551%26spui%3D%26dpui%3D%24UID HTTP 302
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5551&spui=&dpui=1252075283688378295

Request Chain 344

https://prebid.a-mo.net/cchain/0?gdpr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&cb=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D6294%26spui%3D%26dpui%3D HTTP 302
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=6294&spui=&dpui=

374 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.coloring.ws/ 18 KB
6 KB 292ms
94ms Document
text/html 54.82.38.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.38.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-38-167.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 0de2733b6af0d185adaaab30a1fcd0591e717e5740264deca38d8f7056f6168e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
content-encoding: gzip
content-length: 5441
content-type: text/html
date: Mon, 08 Jan 2024 10:28:19 GMT
etag: "060e779321cda1:0"
last-modified: Tue, 21 Nov 2023 04:23:28 GMT
server: Microsoft-IIS/8.5
vary: Accept-Encoding
x-powered-by: ASP.NET

GET
H2 200 maincoloring.css
www.coloring.ws/dltkstyles/ 7 KB
2 KB 95ms
94ms Stylesheet
text/css 54.82.38.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.coloring.ws/dltkstyles/maincoloring.css
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.38.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-38-167.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 1ae436455d6df2cf89da5cfb00bf81a4b516fa40e088c24dd054163748b41d09

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
content-encoding: gzip
last-modified: Tue, 06 Jun 2023 22:23:58 GMT
server: Microsoft-IIS/8.5
etag: "0533296c598d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 2103

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 176 KB
65 KB 44ms
23ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-52971111-8

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f070099aa71c8004b74f1e003712b3029025c6b4775a7ef9b3255808b02277a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65777
x-xss-protection: 0
last-modified: Mon, 08 Jan 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 08 Jan 2024 10:28:19 GMT

GET
H2 200 sidebar2-layout.js Show response
qd.admetricspro.com/js/dltk/coloringws/ 42 KB
8 KB 34ms
17ms Script
application/javascript 2606:4700:20::681a:7da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/dltk/coloringws/sidebar2-layout.js
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:7da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 74ec4aad03326e63ff346f594c37f2cb10f580200b8996367f52e883f68d7ce7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 27 Dec 2023 15:25:37 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 95
etag: W/"a6ba-60d7f693b193b-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LMpRlvxPEYDNeyRIEliSiVC6XXpkKtdBStQ6CAbLNvdwHC77pBYonZEcyb5ibsdnxE8Wau8wFNz%2FZjecmhJ6fwDI5qFo729SwzZJMBmvadIG4HWb%2BAL8AN8Wpb9sPsCvqa1UXqFbCSacBix8XFQh0F8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 8423c0c67f2165d0-FRA
expires: Mon, 08 Jan 2024 10:27:16 GMT

GET
H2 200 line2.jpg
www.coloring.ws/images/ 397 B
573 B 93ms
93ms Image
image/jpeg 54.82.38.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.coloring.ws/images/line2.jpg
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.38.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-38-167.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: ec53bd429b8d41c4284486ffdbab99d72f0e4a550587c5884cba8a811ddea419

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
last-modified: Mon, 22 May 2023 08:10:49 GMT
server: Microsoft-IIS/8.5
etag: "2b05ceb848cd91:0"
x-powered-by: ASP.NET
content-type: image/jpeg
accept-ranges: bytes
content-length: 397

GET
H2 200 coloring-brand-1200.png
www.coloring.ws/images/ 8 KB
8 KB 95ms
95ms Image
image/png 54.82.38.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.coloring.ws/images/coloring-brand-1200.png
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.38.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-38-167.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: f5d2aee10ef029810d37cde6bd0060bf100ffc38c78b3099b5f347ea3e2cc0a5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
last-modified: Mon, 22 May 2023 08:10:46 GMT
server: Microsoft-IIS/8.5
etag: "39974be9848cd91:0"
x-powered-by: ASP.NET
content-type: image/png
accept-ranges: bytes
content-length: 8403

GET
H2 200 facebook.png
www.dltk-kids.com/images/ 921 B
1 KB 415ms
185ms Image
image/png 54.82.38.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dltk-kids.com/images/facebook.png
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.38.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-38-167.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 03945ce270fb1b8d694c3eebfe0f235fb54929973283c38c0e3e6c75127061ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
last-modified: Fri, 28 Apr 2023 09:11:55 GMT
server: Microsoft-IIS/8.5
etag: "3d2f3f7ab179d91:0"
x-powered-by: ASP.NET
content-type: image/png
accept-ranges: bytes
content-length: 921

GET
H2 200 pinterest.png
www.dltk-kids.com/images/ 1 KB
1 KB 414ms
184ms Image
image/png 54.82.38.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dltk-kids.com/images/pinterest.png
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.38.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-38-167.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: fc8deae28b64ae4499971481a402af6c85873da8a14f86b1d0eb45d0cc860763

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
last-modified: Fri, 28 Apr 2023 09:12:08 GMT
server: Microsoft-IIS/8.5
etag: "f84b5282b179d91:0"
x-powered-by: ASP.NET
content-type: image/png
accept-ranges: bytes
content-length: 1302

GET
H2 200 youtube.png
www.dltk-kids.com/images/ 1 KB
1 KB 324ms
94ms Image
image/png 54.82.38.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dltk-kids.com/images/youtube.png
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.38.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-38-167.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 50200e9b822674ca4901570d058b6f561e11384c6db21caabb08091db0716e30

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
last-modified: Fri, 28 Apr 2023 09:12:18 GMT
server: Microsoft-IIS/8.5
etag: "a21c88b179d91:0"
x-powered-by: ASP.NET
content-type: image/png
accept-ranges: bytes
content-length: 1173

GET
H2 200 cse.js Show response
cse.google.com/ 9 KB
4 KB 59ms
38ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse.js?cx=006942297880364118670:sudqxvczprm

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

eb7312d166df2490d073b83707b37de90f48f3bdf2a62581c939a13eeb21f510

Security Headers

Name	Value
Content-Security-Policy	object-src 'none';base-uri 'self';script-src 'nonce-hJiZcyM6rrZFDirLxJcIwQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-hJiZcyM6rrZFDirLxJcIwQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-encoding: br
date: Mon, 08 Jan 2024 10:28:19 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2991
x-xss-protection: 0
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
server: gws
x-frame-options: SAMEORIGIN
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private
permissions-policy: unload=()
origin-trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=, AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
expires: Mon, 08 Jan 2024 10:28:19 GMT

GET
H2 200 kawaii-little-red-ridinghood-1.jpg
www.coloring.ws/little-red-ridinghood-coloring-pages/s/ 69 KB
69 KB 95ms
95ms Image
image/jpeg 54.82.38.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.coloring.ws/little-red-ridinghood-coloring-pages/s/kawaii-little-red-ridinghood-1.jpg
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.38.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-38-167.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 1b9ae91a96163ea6e16c39dbfa77e1e8533019847224f6fdb41507cadafbc516

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
last-modified: Wed, 15 Nov 2023 01:32:53 GMT
server: Microsoft-IIS/8.5
etag: "842151a76317da1:0"
x-powered-by: ASP.NET
content-type: image/jpeg
accept-ranges: bytes
content-length: 70314

GET
H2 200 a-ant.gif
www.coloring.ws/abc/ 16 KB
16 KB 94ms
93ms Image
image/gif 54.82.38.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.coloring.ws/abc/a-ant.gif
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.38.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-38-167.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 40c5a0a89a842d74badaf242727e0b8bf6714a646f763fbefde91807ae44da10

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
last-modified: Mon, 31 Jul 2023 12:35:18 GMT
server: Microsoft-IIS/8.5
etag: "ece79a76abc3d91:0"
x-powered-by: ASP.NET
content-type: image/gif
accept-ranges: bytes
content-length: 15945

GET
H2 200 10.jpg
www.coloring.ws/animals/horses/s/ 45 KB
45 KB 270ms
269ms Image
image/jpeg 54.82.38.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.coloring.ws/animals/horses/s/10.jpg
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.38.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-38-167.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 7e4d6cd2b52689db7a318865603977da52b2c758f9f9f70aa4b92199102cd55f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
last-modified: Wed, 15 Nov 2023 01:23:22 GMT
server: Microsoft-IIS/8.5
etag: "adf9c9526217da1:0"
x-powered-by: ASP.NET
content-type: image/jpeg
accept-ranges: bytes
content-length: 45760

GET
H2 200 wizard-older.gif
www.coloring.ws/fantasy/ 63 KB
63 KB 271ms
269ms Image
image/gif 54.82.38.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.coloring.ws/fantasy/wizard-older.gif
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.38.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-38-167.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: e915f1a27c9e8375871017249f5ce3e23923ef0f8bcfa53a2e5eaa53720b2cb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
last-modified: Mon, 22 May 2023 08:05:09 GMT
server: Microsoft-IIS/8.5
etag: "bdea8820848cd91:0"
x-powered-by: ASP.NET
content-type: image/gif
accept-ranges: bytes
content-length: 64749

GET
H2 200 connect-the-dots-cat.jpg
www.coloring.ws/ctd/ 29 KB
29 KB 271ms
269ms Image
image/jpeg 54.82.38.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.coloring.ws/ctd/connect-the-dots-cat.jpg
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.38.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-38-167.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: d79267bb3777b4be52f4c637b3da249ddfffbfaf7451984ccbdd81923aa654a5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
last-modified: Wed, 15 Nov 2023 01:26:24 GMT
server: Microsoft-IIS/8.5
etag: "a4ed26bf6217da1:0"
x-powered-by: ASP.NET
content-type: image/jpeg
accept-ranges: bytes
content-length: 29451

GET
H2 200 b-aquarius-older.gif
www.coloring.ws/horoscope/ 101 KB
102 KB 271ms
270ms Image
image/gif 54.82.38.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.coloring.ws/horoscope/b-aquarius-older.gif
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.38.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-38-167.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: b904594d00e2dded3350917b2edaad4bc7d80b51c9d461c85864a8cf1d536590

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
last-modified: Mon, 22 May 2023 08:10:34 GMT
server: Microsoft-IIS/8.5
etag: "d2fc26e2848cd91:0"
x-powered-by: ASP.NET
content-type: image/gif
accept-ranges: bytes
content-length: 103875

GET
H2 200 plumber.gif
www.coloring.ws/construction/ 37 KB
38 KB 272ms
271ms Image
image/gif 54.82.38.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.coloring.ws/construction/plumber.gif
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.38.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-38-167.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: fb5e8f7da6f106389d935a224ec3be69f15e81ac2bf050732641dc081d21f84a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
last-modified: Mon, 22 May 2023 07:58:17 GMT
server: Microsoft-IIS/8.5
etag: "3aee452b838cd91:0"
x-powered-by: ASP.NET
content-type: image/gif
accept-ranges: bytes
content-length: 38257

GET
H2 200 cbncat.gif
www.coloring.ws/cbn/s/ 35 KB
35 KB 272ms
270ms Image
image/gif 54.82.38.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.coloring.ws/cbn/s/cbncat.gif
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.38.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-38-167.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 57a34c3474baff8258cd8ba4d98816c71f91da2feafd60c3c4c3d8a14bb84fa3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
last-modified: Wed, 15 Nov 2023 01:26:20 GMT
server: Microsoft-IIS/8.5
etag: "fd873cbd6217da1:0"
x-powered-by: ASP.NET
content-type: image/gif
accept-ranges: bytes
content-length: 35438

GET
H2 200 4.jpg
www.coloring.ws/steampunk/s/ 110 KB
110 KB 271ms
270ms Image
image/jpeg 54.82.38.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.coloring.ws/steampunk/s/4.jpg
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.38.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-38-167.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 4d7273a8aaee10127e8a79ae70d0599a322b5a80e5f4c51d210292b34c81060c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
last-modified: Mon, 20 Nov 2023 23:18:44 GMT
server: Microsoft-IIS/8.5
etag: "d424cee771cda1:0"
x-powered-by: ASP.NET
content-type: image/jpeg
accept-ranges: bytes
content-length: 112386

GET
H2 200 lamorak.jpg
www.coloring.ws/england/king-arthur/s/ 90 KB
91 KB 271ms
270ms Image
image/jpeg 54.82.38.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.coloring.ws/england/king-arthur/s/lamorak.jpg
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.38.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-38-167.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 3978f43fce998a79d918e4749b3963f915c2ba8267b9c45952de90c64130b031

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
last-modified: Mon, 20 Nov 2023 03:45:10 GMT
server: Microsoft-IIS/8.5
etag: "4dea4ef6631bda1:0"
x-powered-by: ASP.NET
content-type: image/jpeg
accept-ranges: bytes
content-length: 92531

GET
H2 200 guinevere-1.jpg
www.coloring.ws/england/king-arthur/s/ 97 KB
97 KB 272ms
271ms Image
image/jpeg 54.82.38.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.coloring.ws/england/king-arthur/s/guinevere-1.jpg
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.38.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-38-167.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: b288f979958f7a898b87b88f6eb370148873da78ebe77828df2fb1df9e24f6b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
last-modified: Sun, 19 Nov 2023 23:14:40 GMT
server: Microsoft-IIS/8.5
etag: "5a6f2c3e1bda1:0"
x-powered-by: ASP.NET
content-type: image/jpeg
accept-ranges: bytes
content-length: 99371

GET
H2 200 features-data.js Show response
www.dltk-kids.com/includes/ 82 KB
15 KB 413ms
183ms Script
application/javascript 54.82.38.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dltk-kids.com/includes/features-data.js
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.38.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-38-167.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: d3850cb9e6ac49e29e7ff04a93342a9029ae623a6669694fb75f6273ec574e15

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
content-encoding: gzip
last-modified: Sun, 14 May 2023 05:03:12 GMT
server: Microsoft-IIS/8.5
etag: "0a8fa612186d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 15049

GET
H2 200 features-insert.js Show response
www.dltk-kids.com/includes/ 5 KB
2 KB 414ms
186ms Script
application/javascript 54.82.38.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dltk-kids.com/includes/features-insert.js
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.38.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-38-167.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 0902bb736591ab3e13e835e90111282390ea8b3a8c70a197c3ea214988a90e68

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
content-encoding: gzip
last-modified: Sun, 07 Feb 2021 19:59:39 GMT
server: Microsoft-IIS/8.5
etag: "80752c48bfdd61:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 1679

GET
H2 200 small-device.css
www.coloring.ws/dltkstyles/ 992 B
765 B 361ms
360ms Stylesheet
text/css 54.82.38.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.coloring.ws/dltkstyles/small-device.css
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.38.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-38-167.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: c1fdbc8ec64d4cf587414ada354a2fa827f9cee7932c5f83e3f615e7c577d951

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
content-encoding: gzip
last-modified: Fri, 02 Jun 2023 17:59:47 GMT
server: Microsoft-IIS/8.5
etag: "1230257c95d91:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 557

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 169 KB
61 KB 21ms
20ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MZLBBHL

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

91d3a3c66bb9c38ee5e3a55eb0fe150741369ee4bd2885d3eae13e1f57e99349

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62254
x-xss-protection: 0
last-modified: Mon, 08 Jan 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 08 Jan 2024 10:28:19 GMT

GET
H2 200 / Show response
pioeg.admetricspro.workers.dev/ 280 B
748 B 61ms
24ms XHR
application/text 2606:4700:3035::6815:815
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pioeg.admetricspro.workers.dev/
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/dltk/coloringws/sidebar2-layout.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:815 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 84d25e034f6f18ea31ad0b21b1226522b88c4c2ea7712492da8677389051bc68

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iEDkKkfeHOixIx5VngdZG2sfoChSdz%2FKMdwLJjW7%2BNyLZtX%2FT97oKC%2BGyiSKPNqmd5Hl7skdcPjKjj88SAdi5e3BKW6EdClGWS3NoSga%2BRAvf1TfDpqDxS2Tn4T9nu51NLMohIWaiy%2FkSh4E8LORVIXzh1xd65uUEU62DlY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/text;charset=UTF-8
access-control-allow-origin: *
cf-ray: 8423c0c74f476fd5-CDG
alt-svc: h3=":443"; ma=86400
content-length: 280

GET
H2 200 coloringbullet1.gif
www.coloring.ws/dltkstyles/images/ 202 B
378 B 271ms
271ms Image
image/gif 54.82.38.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.coloring.ws/dltkstyles/images/coloringbullet1.gif
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/dltkstyles/maincoloring.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.38.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-38-167.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: d9112ea034e317b4ccce74c0276726528f4602f441a9965eeb619cfbccbdf865

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/dltkstyles/maincoloring.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
last-modified: Mon, 22 May 2023 07:59:52 GMT
server: Microsoft-IIS/8.5
etag: "3011f663838cd91:0"
x-powered-by: ASP.NET
content-type: image/gif
accept-ranges: bytes
content-length: 202

GET
H2 200 coloringbullet2.gif
www.coloring.ws/dltkstyles/images/ 189 B
364 B 270ms
270ms Image
image/gif 54.82.38.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.coloring.ws/dltkstyles/images/coloringbullet2.gif
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/dltkstyles/maincoloring.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.82.38.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-82-38-167.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: ac137e692578953440c86d2c72215e8f5ef3063c4d2e980f7e5a0d3dee90c9ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/dltkstyles/maincoloring.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
last-modified: Mon, 22 May 2023 07:59:53 GMT
server: Microsoft-IIS/8.5
etag: "ac4a064838cd91:0"
x-powered-by: ASP.NET
content-type: image/gif
accept-ranges: bytes
content-length: 189

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 27ms
6ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-52971111-8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 08 Jan 2024 09:22:27 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 3952
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 08 Jan 2024 11:22:27 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 260 KB
88 KB 22ms
22ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-KMSJ26XVV5&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZLBBHL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

926de1f885912e37248baa7ca510a456297cf3203cab643d6ec821734f343026

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90061
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 08 Jan 2024 10:28:19 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
206 B 15ms
13ms XHR
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1677615751&t=pageview&_s=1&dl=https%3A%2F%2Fwww.coloring.ws%2F&ul=en-us&de=UTF-8&dt=Coloring%20Pages%20for%20Kids&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=1383908976&gjid=533114716&cid=717232590.1704709700&tid=UA-52971111-8&_gid=220610332.1704709700&_r=1&gtm=457e4130&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&jsscut=1&z=401469672

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:19 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.coloring.ws
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 opticommon.js Show response
qd.admetricspro.com/js/optimera/ 8 KB
3 KB 17ms
15ms Script
application/javascript 2606:4700:20::681a:7da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/optimera/opticommon.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/dltk/coloringws/sidebar2-layout.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:7da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 47ce70ec38840c3c32ddabe877bc9c6f25bcde77bf60e908e9d85452a71e0d59

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 21 Jul 2023 18:40:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 395
etag: W/"211c-6010398b02838-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Br22Y4GCJJuSkVBYrQ7VNb7DRwGZTy89LHVx%2BRo3r7i0au3mA9PCdWfwrqtNWGF2Xa7NErgaMX2JxvWFE3LmYhdE8fvHClzToe9n6Vx7kcGshIji08RQeA1p1VVQunZNzF0IqHJ%2BNh0pXKl8gmAux2U%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 8423c0c76ffc65d0-FRA
expires: Mon, 08 Jan 2024 10:31:20 GMT

GET
H2 200 script.js Show response
cadmus.script.ac/droiw9gfb309t/ 137 KB
48 KB 33ms
15ms Script
application/javascript 2606:4700::6812:1691
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/dltk/coloringws/sidebar2-layout.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1691 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 550cd8038e49962f3fe059f4f397729bd9a920a4ab35d3391f34b4fdba5851d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
content-encoding: gzip
last-modified: Fri, 05 Jan 2024 17:59:17 GMT
server: cloudflare
age: 0
etag: W/"71732e94ad9af046ee31e8ba0030ded08f3b93cb"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public,max-age=600,stale-while-revalidate=3600,stale-if-error=86400
cf-ray: 8423c0c78872194b-FRA

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 90 KB
29 KB 142ms
114ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/dltk/coloringws/sidebar2-layout.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca6d8a36ed040d8dec31c94c8d219bb4ceffd8aba7b21336970dcf970e224c7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29024
x-xss-protection: 0
server: cafe
etag: 975 / 19730 / m202401020101 / config-hash: 6543920534500417499
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 10:28:19 GMT

GET
H2 200 cmp.js Show response
qd.admetricspro.com/js/dltk/coloringws/ 322 KB
92 KB 29ms
28ms Script
application/javascript 2606:4700:20::681a:7da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/dltk/coloringws/cmp.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/dltk/coloringws/sidebar2-layout.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:7da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 953950792fdff6cb144dd1220a26088651920a98b80da68d6da586696a919b1a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 20 Sep 2022 15:11:59 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 94
etag: W/"506e3-5e91d3ff33230-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DK42CgCHOcog4nLM%2F%2FmFFTDZkl1NgIMKUy6gQN2j29rgABCvbkgQCVlMNbCUhIw5SFoCz0DpoPh7MtUVM6s10TUdig9ld0XEuHlwLXPR3GiXh3wj0JL3iNHqBFbGC8%2F6SBDQC1HBQSIyN9%2Bi1CjIl4A%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 8423c0c76ffd65d0-FRA
expires: Mon, 08 Jan 2024 10:30:28 GMT

GET
H2 200 uspcmp.js Show response
qd.admetricspro.com/js/dltk/coloringws/ 169 KB
80 KB 23ms
21ms Script
application/javascript 2606:4700:20::681a:7da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/dltk/coloringws/uspcmp.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/dltk/coloringws/sidebar2-layout.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:7da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ef624ec962415bd378947e5207227907e499957a465bcf20238dc938a7dbfb0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 20 Sep 2022 14:38:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 95
etag: W/"2a4f5-5e91cc9d2952a-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l3sikeJoUyC%2BpLkMH88PcN84z12pV%2Bof4ojxVVtwRPhD368UM%2F9r0AvhaUPcI%2BIPnTLAjCjkC8RYWC%2BuvvWGPc9fpTbMsx%2BNHEcc98cInNrnpOXhFCxjZ7PBN87tAkYHfEXmPJS7oIWNcaZ84QkjVxE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 8423c0c76fff65d0-FRA
expires: Mon, 08 Jan 2024 10:30:28 GMT

GET
H2 200 prebid.js Show response
qd.admetricspro.com/js/dltk/coloringws/ 577 KB
175 KB 36ms
35ms Script
application/javascript 2606:4700:20::681a:7da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/dltk/coloringws/prebid.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/dltk/coloringws/sidebar2-layout.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:7da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a90077950eaf8b209bcc2219fa2cd0a1e487cae8d896087e57d367d7f084f66

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 07 Nov 2023 22:05:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 95
etag: W/"904a0-609972b64a234-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4fJ5O0ejHHp8aqel7WD%2FZ7Pdk1jI8cITS9tOFy%2FcdaQFA2BppMRYVUAk1T3mld84NiyLT66iKln7%2BI9GKwhqQ%2B8CV0TxaECI9h%2B7NogxqQN%2BvjnRtV7rvb175YfBGSRFr4D7Ip5AcavPVMDtAzAYXMo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 8423c0c7680165d0-FRA
expires: Mon, 08 Jan 2024 10:30:28 GMT

GET
H2 200 engine.js Show response
qd.admetricspro.com/js/dltk/coloringws/ 135 KB
36 KB 20ms
20ms Script
application/javascript 2606:4700:20::681a:7da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/dltk/coloringws/engine.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/dltk/coloringws/sidebar2-layout.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:7da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f43fa0c6fbe53e743cc30977c6c79562747170917001cb8c229df3101ebaba9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 13 Sep 2023 00:16:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 95
etag: W/"21da5-6053278b8b876-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6TpVfUvnI1B4l1TD0EofcPU4t1b6yBwguCb8jLGBTNfjUnGXu100JOTytpCA9B9xsi%2FppT7K9x5cqBQtP20Wks3ZCi6Hw3xN8cOHniok%2FWP1KdZ5YwhWmKxTrHzVOpQea6BN1%2FXR3qablmjpE%2Bmnw20%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 8423c0c7680365d0-FRA
expires: Mon, 08 Jan 2024 10:30:28 GMT

GET
H2 200 oPS.js Show response
d15kdpgjg3unno.cloudfront.net/ 122 KB
25 KB 52ms
8ms Script
text/javascript 2600:9000:206f:aa00:11:b309:9100:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d15kdpgjg3unno.cloudfront.net/oPS.js?cid=96
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/dltk/coloringws/sidebar2-layout.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:aa00:11:b309:9100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 36df88557f5d9520a8518f1c63c31203a81e8ca3936296cd7fedce2da7fb622c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: vJGOPXg55Eg10ePpe.oKRR8kUd73XmCz
content-encoding: gzip
via: 1.1 cf2939e85531f45f3306f792ea104eaa.cloudfront.net (CloudFront)
date: Sun, 07 Jan 2024 20:00:39 GMT
last-modified: Wed, 03 Jan 2024 22:00:33 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 52061
x-amz-server-side-encryption: AES256
etag: W/"89881b677e6e0a30830bf701b3bc6cbe"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=84600
x-amz-cf-id: aJ0L2MAJupilYA2fU7FN1M-059_1uKAfAGZvxPvT78YLCNT_geRTTA==

GET
H2 200 cse_element__de.js Show response
www.google.com/cse/static/element/3bd4ac03c21554b3/ 315 KB
105 KB 42ms
17ms Script
text/javascript 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/3bd4ac03c21554b3/cse_element__de.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=006942297880364118670:sudqxvczprm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

501efd26e0adb1b58e4e630bed3978be00907c298ebb68c6b3c12ba0ca435a0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 107398
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 16:53:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/javascript
cache-control: private, max-age=31536000
accept-ranges: bytes
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Mon, 08 Jan 2024 10:28:19 GMT

GET
H2 200 default+de.css
www.google.com/cse/static/element/3bd4ac03c21554b3/ 41 KB
9 KB 69ms
44ms Stylesheet
text/css 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/3bd4ac03c21554b3/default+de.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=006942297880364118670:sudqxvczprm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5402de70228d4bf5379b518225b702918f6ae277e9293f9d16334c2b1fa31e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9068
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 16:53:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: private, max-age=31536000
accept-ranges: bytes
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Mon, 08 Jan 2024 10:28:19 GMT

GET
H2 200 default.css
www.google.com/cse/static/style/look/v4/ 4 KB
2 KB 32ms
7ms Stylesheet
text/css 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/default.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=006942297880364118670:sudqxvczprm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:15:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 751
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1345
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Mon, 08 Jan 2024 11:05:48 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
254 B 34ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-KMSJ26XVV5&gtm=45je4130v898724976z8898724007&_p=1704709699675&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=717232590.1704709700&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1704709699&sct=1&seg=0&dl=https%3A%2F%2Fwww.coloring.ws%2F&dt=Coloring%20Pages%20for%20Kids&en=page_view&_fv=1&_ss=1&tfd=509
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-KMSJ26XVV5&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:19 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.coloring.ws
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 1a Show response
i.clean.gg/ 0
104 B 97ms
96ms XHR
application/octet-stream 34.95.69.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.21.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
via: 1.1 google
server: nginx/1.21.6
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

OPTIONS
H2 204 1a
i.clean.gg/ Frame 0
0 120ms
96ms Preflight
text/plain 34.95.69.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.21.6 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.coloring.ws
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=utf-8
date: Mon, 08 Jan 2024 10:28:19 GMT
server: nginx/1.21.6
via: 1.1 google

GET
H2 200 vendor-list.json Show response
qd.admetricspro.com/js/cmp2/ 404 KB
55 KB 35ms
19ms XHR
application/json 2606:4700:20::681a:7da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/cmp2/vendor-list.json
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/dltk/coloringws/cmp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:7da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd362f4e6ebce8ac52397d018782ec0dd387292b6edd2d33809f0eec847ad114

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 28 Mar 2023 23:01:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 38
etag: W/"65017-5f7fdd667db3b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iSlOiSKaPIvQ%2FALra%2FzIAa36noFv5gAySkD5%2FszMqr4P1b066Dot1q45KUmsv2MjositYw78gl0xCIep7c0EzjpRrzabIXp1PtgHWDVdm%2F5BiJmKcIH9%2BGjpL7oL2Ra2MDu7Ue9L9eNSUt2WROgYUIE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 8423c0c8199a71ca-FRA
expires: Mon, 08 Jan 2024 10:31:25 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/ 436 KB
137 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8538fa1e11fa1334100b86b0c251b8ffa0b51f5db3e732c23963053686a93dc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 17:08:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62419
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 140253
x-xss-protection: 0
server: cafe
etag: 11435206252018266965
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Mon, 06 Jan 2025 17:08:00 GMT

GET
H2 200 1018018 Show response
fundingchoicesmessages.google.com/i/ 182 KB
61 KB 274ms
252ms Script
application/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/1018018?ers=3

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c5f3aec2d59bba0c34f14a954d0cd4e48215534b03192ece400d901492a20007

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-qClYX_RpX0UG5YEt9E8c6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:20 GMT
content-security-policy: script-src 'report-sample' 'nonce-qClYX_RpX0UG5YEt9E8c6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 .js Show response
dyv1bugovvq1g.cloudfront.net/96/www.coloring.ws/ 523 B
879 B 57ms
9ms Fetch
application/json 2600:9000:223e:3c00:5:82fd:2500:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dyv1bugovvq1g.cloudfront.net/96/www.coloring.ws/.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:3c00:5:82fd:2500:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d4a0a9fa76029b71b47e0af45db320ee458fec1f26cf62990c9019902dafa783

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

date: Mon, 08 Jan 2024 10:28:18 GMT
content-encoding: gzip
via: 1.1 944dc31277adc1021b0776fe818f07f6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 95
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 242
x-amz-expiration: expiry-date="Sat, 09 Mar 2024 00:00:00 GMT", rule-id="cleanup"
last-modified: Mon, 08 Jan 2024 08:39:12 GMT
server: AmazonS3
etag: "730db4eddf2812dc128775b118cf25d5"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.coloring.ws
cache-control: max-age=300
access-control-allow-credentials: true
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: HTb6G4Sn_a5NkSMSp29VFEMgQxl8LkR5D7r-SeAqxscwMnTEErWz4Q==

POST
H2 200 prebid Show response
id5-sync.com/api/config/ 135 B
416 B 30ms
7ms Fetch
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

96fe096e13a57e700af2ea95d16a12cc4b2f3b8323b9bbe4d678bd4226563633

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://www.coloring.ws
date: Mon, 08 Jan 2024 10:28:19 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type: application/json;charset=UTF-8

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ 483 B
1014 B 41ms
16ms Script
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 08 Jan 2024 10:28:20 GMT
Content-Encoding: br
CF-Cache-Status: HIT
Last-Modified: Mon, 27 Nov 2023 07:14:08 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Age: 962012
ETag: W/"922cffdd75f7192f75231d92684885aa"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fdhsR4c72mMePebAKSVZsngfLsSoPx8X%2BVqiVi4LsITVTjc9YZFFqI3OzWYzSNztfvti42h5PzB6r4t3TFxnzeXa6BtbgJhwqChZ0Nn0fswFsyFNl240nRk8efecCRLyEHF8ZJ1Zs9aOSkI9"}],"group":"cf-nel","max_age":604800}
Cache-Control: public, max-age=1800
Connection: keep-alive
CF-RAY: 8423c0c8fe3f1cab-FRA

OPTIONS
H2 204 unruly_prebid
targeting.unrulymedia.com/ Frame 0
0 65ms
13ms Preflight
text/plain 46.228.174.115
AMOBEE

General

Check archive.org

Show headers Download Go to

Full URL: https://targeting.unrulymedia.com/unruly_prebid
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.coloring.ws
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Accept-Encoding,Origin,Accept-Language,X-CSRF-Token,x-unruly-override
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.coloring.ws
access-control-max-age: 1728000
content-length: 0
content-type: text/plain charset=UTF-8
date: Mon, 08 Jan 2024 10:28:20 GMT

OPTIONS
H2 204 unruly_prebid
targeting.unrulymedia.com/ Frame 0
0 65ms
14ms Preflight
text/plain 46.228.174.115
AMOBEE

General

Check archive.org

Show headers Download Go to

Full URL: https://targeting.unrulymedia.com/unruly_prebid
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.coloring.ws
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Accept-Encoding,Origin,Accept-Language,X-CSRF-Token,x-unruly-override
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.coloring.ws
access-control-max-age: 1728000
content-length: 0
content-type: text/plain charset=UTF-8
date: Mon, 08 Jan 2024 10:28:20 GMT

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 563 B
763 B 142ms
62ms Fetch
application/json 52.208.7.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?lt=1704709700049&to=-60&aun=div-gpt-ad-1661529611690-0&pubcid=b3f31c17-3d93-43ac-9824-9bddf816a5f0&gpid=%2F22404337467%2C1018018%2Fcoloringws-Sticky&t=z0rgzua4&pi=2&gdprApplies=0&uspConsent=1---&schain=1.0%2C1!admetricspro.com%2C599%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fwww.coloring.ws%2F&ce=false&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.22.0%22%7D&ogu=null&ns=10240
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.208.7.68 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-208-7-68.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a53364f0bd9b487734692ef955e3582341e36cf713e1faf6f14525cbd45cdd5c

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:20 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.coloring.ws
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
774 B 124ms
76ms Fetch
application/json 35.157.214.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=8.22.0&referrer=https%3A%2F%2Fwww.coloring.ws%2F&tmax=1200&gdpr=false&us_privacy=1---

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.157.214.172 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-157-214-172.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:20 GMT
accept-ch: sec-ch-downlink,sec-ch-ua-full-version-list,sec-ch-prefers-color-scheme,sec-ch-ua-platform,sec-ch-dpr,user-agent,sec-ch-width,sec-ch-viewport-height,sec-ch-save-data,sec-ch-ect,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-device-memory,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-full-version,sec-ch-ua-arch,sec-ch-rtt,sec-ch-ua-mobile,sec-ch-viewport-width
x-auction-status: 29, 29
content-type: application/json; charset=utf-8
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.coloring.ws
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
113 B 70ms
20ms Fetch 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://www.coloring.ws
date: Mon, 08 Jan 2024 10:28:19 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 25 Show response
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ 0
215 B 80ms
13ms Fetch 2a02:fa8:8806:12::1460
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:fa8:8806:12::1460 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:20 GMT
server: nginx
accept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Bitness
access-control-allow-origin: https://www.coloring.ws
cache-control: no-cache
access-control-allow-credentials: true
expires: 0

POST
H2 200 v1 Show response
hb-api.omnitagjs.com/hb-api/prebid/ 712 B
662 B 440ms
360ms Fetch
application/json 54.228.30.154
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fwww.coloring.ws%2F&PageUrl=https%3A%2F%2Fwww.coloring.ws%2F&PageReferrer=https%3A%2F%2Fwww.coloring.ws%2F&CanonicalUrl=https%3A%2F%2Fwww.coloring.ws%2F

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.228.30.154 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-228-30-154.eu-west-1.compute.amazonaws.com

Software

Resource Hash

c626c74b119080bad5c162f1b1e5014a90ff0f5c869335473afffe308cf93ab1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

date: Mon, 08 Jan 2024 10:28:20 GMT
via: kong/2.8.4
x-content-type-options: nosniff
content-encoding: gzip
x-kong-proxy-latency: 0
x-kong-upstream-latency: 330
pragma: no-cache
access-control-max-age: 3600
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.coloring.ws
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Accept-Encoding, Content-Type
expires: 0

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 12 KB
6 KB 157ms
104ms Fetch
application/json 2602:803:c003:200::44
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=435954&zone_id=2495182&size_id=15&alt_size_ids=2%2C55%2C57&p_pos=atf&gdpr=0&us_privacy=1---&rp_schain=1.0,1!admetricspro.com,599,1,,,&eid_pubcid.org=b3f31c17-3d93-43ac-9824-9bddf816a5f0%5E1&rf=https%3A%2F%2Fwww.coloring.ws%2F&kw=coloring%2Ccoloringpages%2Cchildren%2Ckids%2Cprintable&tg_i.domain=coloring.ws&tg_i.page=https%3A%2F%2Fwww.coloring.ws%2F&tg_i.pbadslot=%2F22404337467%2C1018018%2Fcoloringws-leaderboard-top&tk_flint=pbjs_lite_v8.22.0&l_pb_bid_id=4399cda1cc5b00c&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22404337467%2C1018018%2Fcoloringws-leaderboard-top&slots=1&rand=0.7428388496027631
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 7a9cfd1cc02be60c437282e3721f51789e1bdb955b444c5eea992e153a0f3e07

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:20 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.coloring.ws
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 12 KB
6 KB 176ms
123ms Fetch
application/json 2602:803:c003:200::44
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=435954&zone_id=2495182&size_id=15&alt_size_ids=2%2C55%2C57&p_pos=atf&gdpr=0&us_privacy=1---&rp_schain=1.0,1!admetricspro.com,599,1,,,&eid_pubcid.org=b3f31c17-3d93-43ac-9824-9bddf816a5f0%5E1&rf=https%3A%2F%2Fwww.coloring.ws%2F&kw=coloring%2Ccoloringpages%2Cchildren%2Ckids%2Cprintable&tg_i.domain=coloring.ws&tg_i.page=https%3A%2F%2Fwww.coloring.ws%2F&tg_i.pbadslot=%2F22404337467%2C1018018%2Fcoloringws-leaderboard-top&tk_flint=pbjs_lite_v8.22.0&l_pb_bid_id=440b5f0946aea9a&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22404337467%2C1018018%2Fcoloringws-leaderboard-top&slots=1&rand=0.5281958341025799
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: ce5089e737c07d9f0dcb91ebe804e28b5592fd2480cbcc74f6df7da2c7025e10

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:20 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.coloring.ws
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 12 KB
6 KB 183ms
131ms Fetch
application/json 2602:803:c003:200::44
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=435954&zone_id=2495182&size_id=15&alt_size_ids=2%2C55%2C57&p_pos=atf&gdpr=0&us_privacy=1---&rp_schain=1.0,1!admetricspro.com,599,1,,,&eid_pubcid.org=b3f31c17-3d93-43ac-9824-9bddf816a5f0%5E1&rf=https%3A%2F%2Fwww.coloring.ws%2F&kw=coloring%2Ccoloringpages%2Cchildren%2Ckids%2Cprintable&tg_i.domain=coloring.ws&tg_i.page=https%3A%2F%2Fwww.coloring.ws%2F&tg_i.pbadslot=%2F22404337467%2C1018018%2Fcoloringws-leaderboard-top&tk_flint=pbjs_lite_v8.22.0&l_pb_bid_id=4596e5e408ee0b9&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22404337467%2C1018018%2Fcoloringws-leaderboard-top&slots=1&rand=0.05278446740371501
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 849b03abc9aa6f3f3857fb93a7b23f5c3a38e830063964a309c560d171ceda6f

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:20 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.coloring.ws
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 13 KB
6 KB 200ms
148ms Fetch
application/json 2602:803:c003:200::44
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=435954&zone_id=2495186&size_id=2&p_pos=atf&gdpr=0&us_privacy=1---&rp_schain=1.0,1!admetricspro.com,599,1,,,&eid_pubcid.org=b3f31c17-3d93-43ac-9824-9bddf816a5f0%5E1&rf=https%3A%2F%2Fwww.coloring.ws%2F&kw=coloring%2Ccoloringpages%2Cchildren%2Ckids%2Cprintable&tg_i.domain=coloring.ws&tg_i.page=https%3A%2F%2Fwww.coloring.ws%2F&tg_i.pbadslot=%2F22404337467%2C1018018%2Fcoloringws-Sticky&tk_flint=pbjs_lite_v8.22.0&l_pb_bid_id=465d416381f7806&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22404337467%2C1018018%2Fcoloringws-Sticky&slots=1&rand=0.4999984452938353
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 17b92f7ef160798a4203c8079d5ddff99f1b2be5bf332c84458d9893e6fdd116

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:20 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.coloring.ws
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 12 KB
6 KB 189ms
137ms Fetch
application/json 2602:803:c003:200::44
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=435954&zone_id=2495188&size_id=15&alt_size_ids=9%2C10&p_pos=atf&gdpr=0&us_privacy=1---&rp_schain=1.0,1!admetricspro.com,599,1,,,&eid_pubcid.org=b3f31c17-3d93-43ac-9824-9bddf816a5f0%5E1&rf=https%3A%2F%2Fwww.coloring.ws%2F&kw=coloring%2Ccoloringpages%2Cchildren%2Ckids%2Cprintable&tg_i.domain=coloring.ws&tg_i.page=https%3A%2F%2Fwww.coloring.ws%2F&tg_i.pbadslot=%2F22404337467%2C1018018%2Fcoloringws-Sidebar1&tk_flint=pbjs_lite_v8.22.0&l_pb_bid_id=47adc8d8ccd875&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22404337467%2C1018018%2Fcoloringws-Sidebar1&slots=1&rand=0.8546001504792566
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: b3509c31bf7f044fdf5623e12bbbea6ff65942b1e748ebe4a0f69faca5a2d5e1

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:20 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.coloring.ws
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 12 KB
6 KB 205ms
153ms Fetch
application/json 2602:803:c003:200::44
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=435954&zone_id=2495182&size_id=15&alt_size_ids=9%2C10&p_pos=atf&gdpr=0&us_privacy=1---&rp_schain=1.0,1!admetricspro.com,599,1,,,&eid_pubcid.org=b3f31c17-3d93-43ac-9824-9bddf816a5f0%5E1&rf=https%3A%2F%2Fwww.coloring.ws%2F&kw=coloring%2Ccoloringpages%2Cchildren%2Ckids%2Cprintable&tg_i.domain=coloring.ws&tg_i.page=https%3A%2F%2Fwww.coloring.ws%2F&tg_i.pbadslot=%2F22404337467%2C1018018%2Fcoloringws-Sidebar1&tk_flint=pbjs_lite_v8.22.0&l_pb_bid_id=48e14faa238cd2&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22404337467%2C1018018%2Fcoloringws-Sidebar1&slots=1&rand=0.8777462567875218
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 3d61769c819dc5399bf535c6eb2650b81a1e48ff2625cd0e4299e06ea1edc3d7

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:20 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.coloring.ws
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 12 KB
6 KB 191ms
140ms Fetch
application/json 2602:803:c003:200::44
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=435954&zone_id=2495184&size_id=15&alt_size_ids=9%2C10&p_pos=atf&gdpr=0&us_privacy=1---&rp_schain=1.0,1!admetricspro.com,599,1,,,&eid_pubcid.org=b3f31c17-3d93-43ac-9824-9bddf816a5f0%5E1&rf=https%3A%2F%2Fwww.coloring.ws%2F&kw=coloring%2Ccoloringpages%2Cchildren%2Ckids%2Cprintable&tg_i.domain=coloring.ws&tg_i.page=https%3A%2F%2Fwww.coloring.ws%2F&tg_i.pbadslot=%2F22404337467%2C1018018%2Fcoloringws-Sidebar2&tk_flint=pbjs_lite_v8.22.0&l_pb_bid_id=49f1a1d77a4d07d&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22404337467%2C1018018%2Fcoloringws-Sidebar2&slots=1&rand=0.2988951760063414
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: d393b0b154d991cc9f2830a16cfa985e158d2f821517cdc2bea0a5b74c138358

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:20 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.coloring.ws
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 adreq Show response
ads.servenobid.com/ 525 B
657 B 348ms
273ms Fetch
application/json 52.17.111.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/adreq?cb=2933
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.111.107 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-111-107.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: ea9381e585ee2baa1e55490a0a89867e7d9ff85c8dc31ea6ba52a11319faeefd

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

date: Mon, 08 Jan 2024 10:28:20 GMT
content-encoding: gzip
amp-access-control-allow-source-origin: *
vary: accept-encoding
content-type: application/json
access-control-allow-origin: https://www.coloring.ws
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true

POST
H2 200 v2 Show response
e.serverbid.com/api/ 16 B
389 B 362ms
108ms Fetch
application/json 159.89.246.130
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://e.serverbid.com/api/v2
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.89.246.130 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: 903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

date: Mon, 08 Jan 2024 10:28:19 GMT
content-encoding: gzip
access-control-max-age: 10080
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://www.coloring.ws
access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept
content-length: 42

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ 471 B
1 KB 41ms
6ms Fetch
application/json 37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b120dd7c9d775e0f4c68cb58ed0f274a60a28323d0ce5949f73219086bdf678

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:20 GMT
an-x-request-uuid: 42448564-6abb-428a-a7de-677bc2aa655b
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.coloring.ws
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 138.199.38.134; 138.199.38.134; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 471
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
157 B 132ms
99ms Fetch 18.196.19.149
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.19.149 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-19-149.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://www.coloring.ws
date: Mon, 08 Jan 2024 10:28:20 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
157 B 140ms
107ms Fetch 18.196.19.149
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.19.149 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-19-149.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://www.coloring.ws
date: Mon, 08 Jan 2024 10:28:20 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
157 B 113ms
80ms Fetch 18.196.19.149
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.19.149 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-19-149.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://www.coloring.ws
date: Mon, 08 Jan 2024 10:28:20 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
157 B 149ms
117ms Fetch 18.196.19.149
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.19.149 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-19-149.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://www.coloring.ws
date: Mon, 08 Jan 2024 10:28:20 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
157 B 122ms
89ms Fetch 18.196.19.149
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.19.149 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-19-149.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://www.coloring.ws
date: Mon, 08 Jan 2024 10:28:20 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
157 B 123ms
91ms Fetch 18.196.19.149
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.19.149 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-19-149.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://www.coloring.ws
date: Mon, 08 Jan 2024 10:28:20 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
157 B 124ms
92ms Fetch 18.196.19.149
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.19.149 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-19-149.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://www.coloring.ws
date: Mon, 08 Jan 2024 10:28:20 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
157 B 124ms
92ms Fetch 18.196.19.149
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.19.149 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-19-149.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://www.coloring.ws
date: Mon, 08 Jan 2024 10:28:20 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
157 B 120ms
88ms Fetch 18.196.19.149
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.19.149 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-19-149.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://www.coloring.ws
date: Mon, 08 Jan 2024 10:28:20 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
158 B 110ms
79ms Fetch 18.196.19.149
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.19.149 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-19-149.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://www.coloring.ws
date: Mon, 08 Jan 2024 10:28:20 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
157 B 111ms
80ms Fetch 18.196.19.149
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.19.149 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-19-149.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://www.coloring.ws
date: Mon, 08 Jan 2024 10:28:20 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
354 B 163ms
121ms Fetch 145.40.97.67
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.97.67 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://www.coloring.ws
date: Mon, 08 Jan 2024 10:28:19 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 109
server: envoy
vary: origin, Accept-Encoding

POST
H2 200 prebid Show response
mp.4dex.io/ 60 B
397 B 62ms
34ms Fetch
application/json 2606:4700:4400::6812:22b2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22b2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 77b47b7a038f38916adbe760bc262fe2aa75e9f2a0d67621d19ad74e41acdb39

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:20 GMT
x-err: Shapings: no adunits with size and seat and mapping
x-version: 3.0.0-gcp-ams
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
content-encoding: gzip
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.coloring.ws
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 8423c0c99fd6bbad-FRA
expires: 0

POST
H2 200 prebidjs Show response
rtb.openx.net/openrtbb/ 53 B
340 B 403ms
377ms Fetch
text/plain 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.openx.net/openrtbb/prebidjs
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: /
Resource Hash: b1d283eff364ef75d7232990c33774054a899c834a5f606f780e46c865d5ec75

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

date: Mon, 08 Jan 2024 10:28:20 GMT
content-encoding: gzip
via: 1.1 google
vary: Origin
content-type: text/plain
access-control-allow-origin: https://www.coloring.ws
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77

POST
H2 200 unruly_prebid Show response
targeting.unrulymedia.com/ 11 B
205 B 43ms
16ms Fetch
application/json 46.228.174.115
AMOBEE

General

Check archive.org

Show headers Download Go to

Full URL: https://targeting.unrulymedia.com/unruly_prebid
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 846949c5a40e3ffbb702473e54dfac0646541aa624a844369b6e24e51ddaf96b

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json

Response headers

access-control-allow-origin: https://www.coloring.ws
pragma: no-cache
date: Mon, 08 Jan 2024 10:28:20 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 11
content-type: application/json

POST
H2 200 unruly_prebid Show response
targeting.unrulymedia.com/ 11 B
204 B 55ms
28ms Fetch
application/json 46.228.174.115
AMOBEE

General

Check archive.org

Show headers Download Go to

Full URL: https://targeting.unrulymedia.com/unruly_prebid
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 846949c5a40e3ffbb702473e54dfac0646541aa624a844369b6e24e51ddaf96b

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: application/json

Response headers

access-control-allow-origin: https://www.coloring.ws
pragma: no-cache
date: Mon, 08 Jan 2024 10:28:20 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 11
content-type: application/json

POST
H2 200 bid Show response
s.seedtag.com/c/hb/ 96 B
854 B 394ms
369ms Fetch
application/json 34.149.50.64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://s.seedtag.com/c/hb/bid
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.50.64 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 64.50.149.34.bc.googleusercontent.com
Software: openresty /
Resource Hash: 13dfb26087f1e49487d02b5d5a7cb50b9a33db44f7a65e96af48bcb77cd138c5

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

date: Mon, 08 Jan 2024 10:28:20 GMT
content-encoding: gzip
via: 1.1 google
server: openresty
vary: X-HTTP-Method-Override
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, HEAD
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.coloring.ws
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H2 200 hb-multi Show response
hb.yellowblue.io/ 85 B
612 B 160ms
136ms Fetch
application/json 18.245.86.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.yellowblue.io/hb-multi
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.86.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-86-119.fra60.r.cloudfront.net
Software: istio-envoy /
Resource Hash: 4f72226ff362d27bc5940a15a3a92ad1310e960e8b9515dc8cef8e44dc38a3d6

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

date: Mon, 08 Jan 2024 10:28:20 GMT
via: 1.1 e3f7f612cf7d05edb500a43ad2f70e96.cloudfront.net (CloudFront)
server: istio-envoy
x-amz-cf-pop: FRA60-P6
x-reason: maxmind hosting provider
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://www.coloring.ws
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-credentials: true
x-envoy-upstream-service-time: 103
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length: 85
x-amz-cf-id: kl_aAezOAyClXbSibMXXMUrlTopNUDSY06jhLOIHbsGA2tgw3jTZcA==
alt-svc: h3=":443"; ma=86400

POST
H2 200 pbjs Show response
htlb.casalemedia.com/openrtb/ 37 B
548 B 254ms
232ms Fetch
application/json 172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/openrtb/pbjs?s=851197
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e326ba8216613abc95ffdfe43c0b4434277d6f012e46e5f62553df2332a269e5

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:20 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fLznXtlNqTd6u5t8ZDf%2FgkE%2FyTCa2KqurOWAAreOL1s0mKNhoQ%2FNaa39Eb7tAc0clIygOE01UtfC8iqMRO%2FhCGd%2FPZ6IB4SKajmq8xHvkl8jRrrVg0ZGLIxYPbT7AT2fcyvay9vx"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://www.coloring.ws
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 8423c0c99b729b21-FRA
alt-svc: h3=":443"; ma=86400
content-length: 37
expires: 0

POST
H/1.1 200
OK Test_oPS_Script_Loads Show response
sqs.us-east-1.amazonaws.com/397719490216/ 378 B
682 B 368ms
96ms XHR
text/xml 3.239.232.31
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sqs.us-east-1.amazonaws.com/397719490216/Test_oPS_Script_Loads?Action=SendMessage&MessageBody=cid%3D96%26bt%3Dnull
Requested by: Host: d15kdpgjg3unno.cloudfront.net
URL: https://d15kdpgjg3unno.cloudfront.net/oPS.js?cid=96
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.239.232.31 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-239-232-31.compute-1.amazonaws.com
Software: /
Resource Hash: 0f82f9539be1f7801783c1747738132dec04198e7594d5be7ae2ab4cb6196b88

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
Date: Mon, 08 Jan 2024 10:28:20 GMT
connection: keep-alive
x-amzn-RequestId: 00bdc683-47ac-5278-a207-98969728ca1c
Content-Length: 378
Content-Type: text/xml

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ 33 B
275 B 35ms
7ms Fetch
application/json 141.95.33.120
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.95.33.120 , Germany, ASN16276 (OVH, FR),

Reverse DNS

ns3203256.ip-141-95-33.eu

Software

Resource Hash

e411488cb198b2e4a668590a09bb3125daae4cae3491886c3107a4e9a1abe5ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://www.coloring.ws
date: Mon, 08 Jan 2024 10:28:19 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type: application/json;charset=UTF-8

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/ 75 KB
24 KB 33ms
16ms Fetch
application/javascript 2606:4700:20::ac43:4bf1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26305a08644b4f51b55812cf0ecf879c22da303a365b3d2769baa1b54c028c4d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 08 Jan 2024 10:28:20 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 173914
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 27 Nov 2023 07:14:07 GMT
Server: cloudflare
ETag: W/"6faf3acfde3bb82adada71be4fc1deb0"
Vary: Origin, Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eQqFytibkX3VVL7GPqm853M2nlMPAdFUWNn%2BWOVRgD37%2FV95AMfvQTDSFGDnqrlGZ59r7jQvF91OJ7cQRM%2FSWYCmrsepEHCapFwmqxZoy%2FEEawR42KLgBOKuMTUtHT%2FaUN6iPTvyhsSmBZ3H"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Cache-Control: public, max-age=1800
CF-RAY: 8423c0c9afb88fd4-FRA

GET
H2 200 paperstrip-snowflake.jpg
www.dltk-holidays.com/winter/images/s/ 13 KB
13 KB 373ms
96ms Image
image/jpeg 3.221.232.156
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.dltk-holidays.com/winter/images/s/paperstrip-snowflake.jpg
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.221.232.156 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-221-232-156.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 86f9d97ff713e39f28306edb61d2c123f0214ef232debcaab0d1417a4f65199f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:20 GMT
last-modified: Wed, 26 Apr 2023 02:12:02 GMT
server: Microsoft-IIS/8.5
etag: "22f62e7de477d91:0"
x-powered-by: ASP.NET
content-type: image/jpeg
accept-ranges: bytes
content-length: 13124

GET
H2 200 ib-tornado.gif
www.kidzone.ws/science/tornado/ 12 KB
12 KB 409ms
176ms Image
image/gif 3.221.232.156
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.kidzone.ws/science/tornado/ib-tornado.gif
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.221.232.156 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-221-232-156.compute-1.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 5a2dfd23f7527a813460e45072fde6327ef77ffc619023cfcd9296e3d605ae0f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:20 GMT
last-modified: Mon, 01 Mar 2021 18:49:32 GMT
server: Microsoft-IIS/8.5
etag: "e2c339ecbed71:0"
x-powered-by: ASP.NET
content-type: image/gif
accept-ranges: bytes
content-length: 11901

GET
H2 200 async-ads.js Show response
cse.google.com/adsense/search/ 142 KB
52 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/adsense/search/async-ads.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7df0df8b3df8c42634ecc71d7ab35e197c61777eb5b41a3e14239322b5804f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
etag: "13376431191049311150"
vary: Accept-Encoding
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
accept-ranges: bytes
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
expires: Mon, 08 Jan 2024 10:28:20 GMT

GET
H2 200 clear.png
www.google.com/cse/static/css/v2/ 1018 B
1 KB 7ms
7ms Image
image/png 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/css/v2/clear.png

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/3bd4ac03c21554b3/default+de.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/cse/static/element/3bd4ac03c21554b3/default+de.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 18:26:14 GMT
x-content-type-options: nosniff
age: 576126
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1018
x-xss-protection: 0
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Tue, 31 Dec 2024 18:26:14 GMT

GET
H2 200 branding.png
www.google.com/cse/static/images/1x/de/ 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/images/1x/de/branding.png

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0b84c9c86ff8c6282031b41e5ca2526e45e5e9c1a3956579f5320c25fb40360

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 21:31:52 GMT
x-content-type-options: nosniff
age: 564988
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1838
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 21:00:00 GMT
server: sffe
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Tue, 31 Dec 2024 21:31:52 GMT

GET
H2 204 generate_204
clients1.google.com/ 0
117 B 47ms
6ms Image
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clients1.google.com/generate_204
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:20 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H2 200 724.json Show response
id5-sync.com/g/v2/ 251 B
532 B 21ms
8ms Fetch
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/724.json

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

9dcc940693579116fcc113245b4942716046e3ccc9dd4e724bea7aa82196d366

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.coloring.ws/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://www.coloring.ws
date: Mon, 08 Jan 2024 10:28:19 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type: application/json;charset=UTF-8

GET
H2 404 coloringws.PNG
qd.admetricspro.com/js/dltk/coloringws/ 0
0 14ms
14ms Image
text/html 2606:4700:20::681a:7da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qd.admetricspro.com/js/dltk/coloringws/coloringws.PNG
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:7da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H2 200 AGSKWxXDoANMj74RxrpBhulUc0E-IHYrDtjAe70FLzKLI6I5864_sFVPVRopOBhdooC1Ig5jdhrsbTgANzRt99TNs5dxPI7yfwTZPRlqfhmOQKdyExIg-Pwo7u4VmrkZk6N2fh4QFqnX0Q== Show response
fundingchoicesmessages.google.com/f/ 370 KB
59 KB 126ms
126ms Script
application/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXDoANMj74RxrpBhulUc0E-IHYrDtjAe70FLzKLI6I5864_sFVPVRopOBhdooC1Ig5jdhrsbTgANzRt99TNs5dxPI7yfwTZPRlqfhmOQKdyExIg-Pwo7u4VmrkZk6N2fh4QFqnX0Q==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA0NzA5NzAwLDI1MzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cuY29sb3Jpbmcud3MvIixudWxsLFtbOCwib09TZXBIbHh4ZEUiXSxbOSwiZGUiXSxbMTksIjEiXV1d

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1d4c5703902944ea75ac163adc07091e3fe2202b5ad1428a5d305363fa560f1f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-G7ei2_XzkZ6XnfxaJ3QKcg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:20 GMT
content-security-policy: script-src 'report-sample' 'nonce-G7ei2_XzkZ6XnfxaJ3QKcg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 109 KB
21 KB 560ms
560ms XHR
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2537425523623960&correlator=2812053086995671&eid=31080293%2C44807746%2C44777897%2C31079525&output=ldjh&gdfp_req=1&vrg=202401020101&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&tfua=0&tfcd=0&iu_parts=22404337467%3A1018018%2Ccoloringws-leaderboard-top%2Ccoloringws-Sticky%2Ccoloringws-Sidebar1%2Ccoloringws-Sidebar2&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4&prev_iu_szs=728x90%7C970x90%7C970x250%7C300x250%2C728x90%2C300x250%7C160x600%7C300x600%2C300x250%7C160x600%7C300x600&ifi=1&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1704709700516&lmt=1700540608&adxs=8%2C437%2C1275%2C1275&adys=8%2C1107%2C472%2C1690&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C0%7C1&ucis=1%7C2%7C3%7C4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.coloring.ws%2F&vis=1&psz=1584x250%7C1602x-1%7C316x2010%7C316x2010&msz=1584x250%7C728x-1%7C316x600%7C316x600&fws=0%2C512%2C4%2C4&ohw=0%2C0%2C316%2C316&ga_vid=717232590.1704709700&ga_sid=1704709701&ga_hid=1677615751&ga_fc=true&dlt=1704709699576&idt=369&prev_scp=optimera%3DZ%2CA6%2CM3%2CL7%2COA9%2CSA10%2CC0%2CM5%2COB1%2CD4%2CM6%2COB3%2CE1%2CM7%2CM1%2CL5%2CTC9%2CJ0%2CM8%2C0.11%26hb_adid_rubicon%3D116968c6ae739b4d%26hb_bidder_rubicon%3Drubicon%26dyn_bids%3D0.52%26hb_adid%3D116968c6ae739b4d%26hb_bidder%3Drubicon%7Coptimera%3DZ%2CC0%2CM5%2CL9%2CL3%2CJ3%2COB1%2CSA10%2CD4%2CM6%2CM0%2CL4%2CJ5%2CD3%2CD2%2CD1%2CTC2%2COB3%2C0.20%26hb_adid_rubicon%3D120c9e6bc63c56cf%26hb_bidder_rubicon%3Drubicon%26dyn_bids%3D0.13%26hb_adid%3D120c9e6bc63c56cf%26hb_bidder%3Drubicon%7Coptimera%3DZ%2CH6%2CN0%2CQ4%2CQ5%2CA6%2CM3%2CL7%2CL1%2CB3%2CM4%2CL8%2CL2%2CJ2%2CTA9%2COB0%2CSA10%2C0.17%26hb_adid_rubicon%3D1185a06d5e264427%26hb_bidder_rubicon%3Drubicon%26dyn_bids%3D0.50%26hb_adid%3D1185a06d5e264427%26hb_bidder%3Drubicon%7Coptimera%3DZ%2CH6%2CN0%2CQ4%2CSA10%2CA6%2CM3%2CL7%2CL1%2COA9%2CB3%2CM4%2CL8%2CTA9%2C9.90%26hb_adid_rubicon%3D119a202a3d7d709e%26hb_bidder_rubicon%3Drubicon%26dyn_bids%3D0.17%26hb_adid%3D119a202a3d7d709e%26hb_bidder%3Drubicon&cust_params=rf%3D0&adks=858445642%2C552655637%2C1931930176%2C4125508842&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a33e7c6510c770a0ba9a95f99c1a6adf96e97e4162921555c36b67c37e86ca01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21096
x-xss-protection: 0
google-lineitem-id: 5697900702,-1,5697900699,5697900450
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138350331117,-1,138350331120,138350331126
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.coloring.ws
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 8298 6 KB
3 KB 102ms
14ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 10:28:20 GMT
expires: Tue, 07 Jan 2025 10:28:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 80ms
59ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202401020101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d3bacf66f54201f46a47e40e3877611178355a9b7573cf92bfae54f99bfb2509

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:20 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12132
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 42ms
21ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 08 Jan 2024 10:28:20 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8D86 13 KB
5 KB 8ms
7ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3683
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 09:26:57 GMT
expires: Tue, 07 Jan 2025 09:26:57 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 8690 829 B
557 B 16ms
16ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

915e54b3676f0e3ec8655aef48abcedf5a14ca29cba51fd687bb86bd5568d201

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-g8YDccn4Xd0TLRer6yidpg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-g8YDccn4Xd0TLRer6yidpg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 10:28:20 GMT
expires: Mon, 08 Jan 2024 10:28:20 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 8D86 39 KB
15 KB 21ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 09:26:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3683
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 09:26:57 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 8690 0
0 48ms
40ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202401020101&jk=2537425523623960&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 8D86 0
10 B 6ms
6ms Image
text/plain 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?lR2kSw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:20 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1604 0
0 45ms
45ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst1RgnuEYyENhIEDwx8WRTnhYM7Fcm86lNWS91OvzkuslQsuOSYX7bPgzuzglAx2htTe57AX-6ApmfFDaURMdyjBvqxoufLRpJaWd-SIBn2DH89Qqgzcz90MLZt24l5Yv7S0Gz_NvKg3k5Aoeo-uRHVC_dG5svAmdpmc7ZmjR89BtHAYsZDszVLpL5CtuMIdlHpRXG8gpeQq7obZdLoYHhRPSCsJZQaJ0nhTxoLrlA5COiBDNy7yucI4Rba-JbJpZCoJODsiJ3th8TDhrMesDdhnvfIiU88AxRWLLfqpRjVrTXtrYKrJ5CfLZ5RHWKuEZnKWeCaTIhRHdoPrl07qeERgJIUdedowIXbS7tOSv1sOic4jSfLmNhUiQiloAc-u_PKbJte5XUwkg&sai=AMfl-YR8l7dGhd96q76K_bD6AL97kxSbgiVKOCD0O7t3tEFHBgXWk__OHiZUxvzrLfOx3BkB-Pqu2Mrhz9uZLHbd1JxrMUNByGXzW5s78sM28cMvOVGKqYJOdYHDi4QmvoJZIMPUVSNYs5N3qCk43HfDWf0&sig=Cg0ArKJSzFhj0nk_d80ZEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 08 Jan 2024 10:28:21 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0382 281 B
707 B 70ms
49ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYsYWGgAIwAQ&v=APEucNUHujezZ9O6lyEncMH2jT1j5t6U6Jx4Xli2LtyI0CPkLCELEsfEAuNzaRIs3x_8l-CD_UsFfbfRm_j-4RdLdqyo7SRGq1QvESEFmQOgvAsdAG3qJ2k

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a0f95dcad4811c2b85289326687f5e63764a1a24b5f8bd2d4ad59da3858f7992

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 104
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 10:28:21 GMT
expires: Mon, 08 Jan 2024 10:28:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 1604 89 KB
31 KB 57ms
56ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 10:28:21 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1604 42 B
63 B 41ms
40ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A0v0vXMdgOSCLS2Hq_qXzra8_YuvAph5B1uYoIK_IElRuYwRVjAwgfQwZTioOpPxerXCGGIVSeDVY3QXh6qcd66MpAG8rPpqmJTI0U2452d4Bevo8

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 4086fd4e-835c-4a7b-b5ea-51b2a31e2d04
beacon-ams3.rubiconproject.com/beacon/d/ Frame 1604 43 B
227 B 79ms
16ms Image
image/avif 2602:803:c003:200::37
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beacon-ams3.rubiconproject.com/beacon/d/4086fd4e-835c-4a7b-b5ea-51b2a31e2d04?oo=0&accountId=19254&siteId=435954&zoneId=2495182&sizeId=2&e=6A1E40E384DA563BE619A38432FC751712D512021B0D13727AFCEDF167BC63FE1363044724392519421BE0BBFC3AA4489F0BE1F8337FD75D0175310B839389990BA9299BA955625A3D298FC7F9C6ACA51C12B2544B417AD962DF1F5BA4A4F8B7E9106C3BF0BF37748D3A64D78B1DE53E9DC3D3892B57C731A86A06D74D0008A94E6FC96756E5E571294E8BE5E5EB5483C21FB84323EAD6C702B89BE2FC0267048074C101D9D63BBB138D63CB2E76A2FE01C7178414C2222FCDA10306204D320B

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2602:803:c003:200::37 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/avif
cache-control: private, max-age=0, no-cache
content-length: 43
x-xss-protection: 1; mode=block
expires: 01 Jan 1970 10:00:00 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1604 204 KB
65 KB 69ms
49ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65775
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704286440049996"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 10:28:21 GMT

GET
H2 200 container.html Show response
07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3DF7 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 10:28:20 GMT
expires: Tue, 07 Jan 2025 10:28:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5412 0
0 44ms
44ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvKTsL1ZoWV32kbajPELUUz8AOfFEwWO1Rj05pL0FbANYZemFsHHGf8aAyaI6ZpQbRg-uZMpUpqEbF3XgevDqZH8hIyIaNHmuRQ8l2LkuM_isrFHqSijWtS-8pTEDAyopakeTj0caNyBKTGiXbr0ljCWMj-CrFOggneFOPGore0qcu8IbXo8e4oJgmeS_jLZvY8vSb3UhgStX3Lo0lT8LCCUfd2A_VYpfVlOUJdd_m0Nc-lJ5yBUOLReDHJClXTgneDcB_09-xDLVVjIDK4Mgb58fa2X3fuOPqxzSEMACLDCxlZ260xCW4fKUuH3Gir-YqWXGzCHeamZ74h6TepR_7HSBFwAGwP7bAtNQbP6eNrx3odWmpAaTryPuDH6xOacvG-&sai=AMfl-YQO7_lbUeIKcmFNVJTXQZVUwhe3LeIv5wAK8n2O_-ANFrFusLE-Cam_0PjYJA2L75dhX2Z6L5XaJINS61IifPMrHlwnL--RvG8bBqD7XF0kp1iMh8kJl303JUk1ICTWib-tfGLLTGF3fx_rLqndl40&sig=Cg0ArKJSzHCv1yuEUNjeEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9ADD 281 B
167 B 51ms
48ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYl9-FgAIwAQ&v=APEucNWjlMrQG4zRxhP4rYZFsgczHbywHnUQH3uO2CHtHzPxyBidwotSTCm7u8zeE5UhTyO_8IjQyTzf_24p0VFjZKi25skjnZNnRZy2gYBQi9PoW_a01bw

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a0f95dcad4811c2b85289326687f5e63764a1a24b5f8bd2d4ad59da3858f7992

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 104
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 10:28:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 5412 89 KB
31 KB 84ms
84ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 10:28:21 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5412 42 B
63 B 42ms
40ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ANwYrDnkaV0w4oFe-tPWu3z2pD1HxK5R8KeTqA2MCmJzBa5163qf26GvOhlpav73hfJ4jsu-Fq5AblbIOd3WFw7ahyUYxzYNr-T5RZPpzYL1D7m5M

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cb9a2bd4-37f0-4045-ad05-e53683f6e8d4
beacon-ams3.rubiconproject.com/beacon/d/ Frame 5412 43 B
75 B 25ms
17ms Image
image/avif 2602:803:c003:200::37
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beacon-ams3.rubiconproject.com/beacon/d/cb9a2bd4-37f0-4045-ad05-e53683f6e8d4?oo=0&accountId=19254&siteId=435954&zoneId=2495188&sizeId=9&e=6A1E40E384DA563BF5238BFA43C4B18647DFCB6D98485DA78838F89DD8826390966DA064CCA2ED65C0948B555E66EE24B8B520C6696685692D8DFD91AE0AE1315DC5F82C1E088281DEEBF4507008070CDDA331823C1AAAB2BDAA24568BC45483DADED1F48590F1D383E67BC564B1F7E1555306CB74D48705E7BA5257D3BC8C89F1CA1D67F7645BF27178EC9ACFED98F9363ED6A22A6C79B9FFFE512D667E463B5D947BF0ADD18BC2F04FEF710AE36579E6D542C770B1284042584CA04B63589D

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2602:803:c003:200::37 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/avif
cache-control: private, max-age=0, no-cache
content-length: 43
x-xss-protection: 1; mode=block
expires: 01 Jan 1970 10:00:00 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5412 204 KB
64 KB 32ms
30ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65775
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704286440049996"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 10:28:21 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4794 0
0 44ms
44ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstKMSJXHC3dZNXXtztMSBfO0kIMUR5zVt4bkoo6oa6uKj_pgRblEPunukFDRLI6WeIm5HxNUWMbwlg4lRFL1z_HNl0G878dKwNef05gd5xx5q-g9NN6rZtuJ8feG5yRXlD129mAV9_w0SkMUXXQtUBp67cmpKppdw0lyHrE4byN-c9pjqlqNc-zNRAXtti5Z2foNngLwrBWbxNlHqJIJwbXp8XjXKL5pH4c4g6GcuZ-kUJ0PO_YfoRpSsNWcZm12miQnJqFRi-fz0rHl_rIRtkzOxH-lgmd2Hg1jc1cRPgr0aFW0IsY52F-EumTihpU4g5jmZ_NtF5kXKjGVTe2WgK81hSRssrgJe5beZczig7OnP2ov2o-cxc_2PZe-4fOE8gt&sai=AMfl-YTOKBgU6OWV29wK5AmwANbWAAWfZftEk4R5D-0eOc6pJP7UvZNB-fGMdgb8JlK7UP-0aIh8IKOf9NrBDZAR9yWmFWxk0BRUY8HPq-kOf6KoxkVfN-8MZ33VdzB-rz77RBabU3862pQIcmc-QMYHYw8&sig=Cg0ArKJSzOFxxrWVSGK5EAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 793C 281 B
167 B 51ms
48ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMY9PijgAIwAQ&v=APEucNUZ003n2qKhYJEGfJ_pHKk00UuV2sMbeFm5rbjfaznG_NjapDdLaPeki3o6CJ4FKNOMD9-EBxPjVtUMz9I-Z9eB8o-EAqkhOL7RUVz7xFYMymF0dg4

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a0f95dcad4811c2b85289326687f5e63764a1a24b5f8bd2d4ad59da3858f7992

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 104
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 10:28:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 4794 89 KB
31 KB 115ms
115ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 10:28:21 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4794 42 B
63 B 42ms
40ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AJDHvs9ipCMADYr9wUBEowuPMCW7SWBAHkpIn0JnAYlHTnDt7k7tSqE9TJOPYbQeCPZbrYAMW1tQSFTWAPL1FGQvsRPSR948Vb_BxoYhCu4YtlwME

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 e668f55f-e927-4765-833e-c9dba2c16fbc
beacon-ams3.rubiconproject.com/beacon/d/ Frame 4794 43 B
75 B 17ms
15ms Image
image/avif 2602:803:c003:200::37
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beacon-ams3.rubiconproject.com/beacon/d/e668f55f-e927-4765-833e-c9dba2c16fbc?oo=0&accountId=19254&siteId=435954&zoneId=2495184&sizeId=9&e=6A1E40E384DA563BCD0C4CE8F2B5AF952BB521361B94085735A929AA7D1C32477EC39F6931464782EB7DA5EF08052C62B8B520C669668569736AAF4B76A33F185DC5F82C1E088281DEEBF4507008070CDDA331823C1AAAB247FFC41ED941FDBA177E1A4D0C101948EEB47C86217D9C5183373DA0745CB1E4216A122DB73187D64E6FC96756E5E571EA074225DC714A61560ADE328306DF263A12249996E022A82AC1841170CEEA0A778E9353146B8144E43CDE1408DAE86ECDA10306204D320B

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2602:803:c003:200::37 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/avif
cache-control: private, max-age=0, no-cache
content-length: 43
x-xss-protection: 1; mode=block
expires: 01 Jan 1970 10:00:00 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4794 204 KB
64 KB 20ms
18ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65775
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704286440049996"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 10:28:21 GMT

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame 0382
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=smartstreamtv_dbm&google_cm&google_dbm&gdpr=0
https://ads.smartstream.tv/cm/?cmsrc=dcm&gdpr=0&google_gid=CAESEPXW-lsAvIatmWSS7jMzXPk&google_cver=1
https://cm.adsafety.net/?_cmsrc=dcm&testmidt=1&testdid=CAESEPXW-lsAvIatmWSS7jMzXPk&idt=0&did=0&data[stv][midt]=100&data[stv][mdid]=2910c85f382cbfecf2a90e3a69978fab&uid=2910c85f382cbfecf2a90e3a69978...
https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1&gdpr=1&gdpr_consent=

70 B
148 B

95ms
32ms

Image
image/gif

52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYsYWGgAIwAQ&v=APEucNUHujezZ9O6lyEncMH2jT1j5t6U6Jx4Xli2LtyI0CPkLCELEsfEAuNzaRIs3x_8l-CD_UsFfbfRm_j-4RdLdqyo7SRGq1QvESEFmQOgvAsdAG3qJ2k
Protocol: H2
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
server: Kestrel
content-length: 70
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Mon, 08 Jan 2024 10:28:21 GMT
Last-Modified: Mon, 08 Jan 2024 10:28:21 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1&gdpr=1&gdpr_consent=
Cache-Control: must-revalidate, no-cache, no-store, post-check=0, pre-check=0, private
Connection: keep-alive
Expires: Mon, 28 Jul 1997 05:00:00 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 0382 170 B
409 B 42ms
19ms Image
image/png 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm&gdpr=0

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYsYWGgAIwAQ&v=APEucNUHujezZ9O6lyEncMH2jT1j5t6U6Jx4Xli2LtyI0CPkLCELEsfEAuNzaRIs3x_8l-CD_UsFfbfRm_j-4RdLdqyo7SRGq1QvESEFmQOgvAsdAG3qJ2k

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1604 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=985879970905&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1604 0
20 B 41ms
40ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=985879970905&version=m202309260101&ct=76&x=8&cor=14245063285934735000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 1604 92 KB
39 KB 73ms
72ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BS6chW5XM2nHApAmdySol4glnjL5QpPNi706-rdaJeMpiLh_rr0JhcDbQWKJ-M49eDFeyMku4z5Fu-UPTRjE3zvVCBWIwgOQGKDir7lDKMxQrcKKnTKxX1W3jE0G9sOgaMFe-PHGjw56fVYxwZsGRHYZfrylEjW9-enhMR-E92UUB5iG4&dbm_d=AKAmf-BTOjFi1AGxgrnJE7W5NFhqV_0H09EQjrjD5iXtvbMTJgjXqTs6TNCA_QWgbM-dGk935PnPZ8z1qUHIioMqDDXyR1j0Q5b2oC1ZEt2_4ikG_y183JCi61_cE8xhzGdlnQn_hO-W-YS9sD3NtRJq9AiYXCgv2AeT6p1Z4mobmTDX11l5q_7NzOw0CR0kIMXEKckjsDvrTzD1H7BbhRgqHFQ2hR6Pw7FbuCOAmcsJDesnbhkh5nf9vdHWTX8Djd91wWgf-JDoue0QreaYG4BP5iXQWRegr7PObzMhHoIA_t7DpD09lph9iJ6DhTW9hti6tB2h02vvcy7cYafIy_EPoVmTRzVyaaQigcAFu3zaegwSQZgbrso-Keua4c5_gVhTBjJ39rNpN7NlyJp9e0hCVliPc5_rvnXJqKS5TdWeM2teCT-8ov-wq9n-IiK3Yi8AuRRUXea9Izi1XhOWStsw5nixU2nMpVT79Fvi1Yf9YGUBX4KO2h83nxX1dWqepX3IWqbTTDk_DMLxEbp1JZRHJpz5VGqdoLgAa8CIIlQW_P-xiC1ZQWPhz1Cc24K-KZJWYN5DFXZ52kKSDFvEgjfK-8ti4BORVeX3JmAMtrx-4xzTVxfQdrNDMgw7hiA-s_vzhCtgZ6ppR3dOeXwNAclAViP7yM7NJuSAF_2Im5-R7SH62lP1TRFjPzU6lz_7UjFdMh5unlF0yyhKNQyvbiKu_baM71of8lz6ZFb64pIVrwJH4-88ZSw3uw6MGSH_eRSKIMPb13DvUlQLEigRsZKEcCZqnG5i0VqVmE0ShnS_We7qCLnW1VegOfQ3C99VThbf_Zjyv-EDgVHgAHrUqG1_7HRYqkX2HNoeQ4Ybcqi6iPGEWQRrWxch2yF5srkN4INm4rkXc2yx7p33AVtwe2A87lmuIPb7GL_Uzo0cQgwpu8XK3HI4T-u16-GE6k5CrjHMh4aiZvpBo_MEYYL86yfIhOHa0c-jgKsM_b71q4nRAGgyEVXTHWbtre6rgiOMNjRYJrth2TKtCeBDLRn2sWJC-hKb0E-19hdSN1xRLQZGqPv0-ipZH6OMwp-fN5MWl8k389P_p6dKhrI5kOndv4vq2WJVWmqXZW3rQq-q2USoQFNhVteThptML2bX3io0HbnYxau4A8B7rsdykIX2SkWzrZ9G_2hX-tk5ekYIgUKESBx2woGgJx_xdMpUwO0Qpo2LByV9eFWzgHg8e41DcDCJyv-62F28sNyw2syObrma2ghTkvxJIYa6bTgptYODxVzFTpFKGtcf8dB-e2glDi3zlz_5M5NFmyAYzbjXWUWsE_FGNbUu9O34ngIoUt_M_AUAH_p1QVo8BTD858_J4qTWRtT8OBCOkMUllOJtTVJD_auevkG0NegsHg6D-Ci-5uZ7Ge2DPq1q0i6duCvqhxKAnvc8olfWZ0GqC2ity5kMLqvsnONs-qs4wXsxiX3BKrtS3XkdnLebL6r-uSg7LMBcvqGsMbZL15azuNlYK1uLbNGPxy6smpm-iH5COhIpWF0T7uF0oRfGadqVDuRBijGu_9qj0ojDhBsIMJ5aFgN1-KwY_ryzTdrMuw0-3Q3XObw2ik13tfMau-TikUaAjzcXGApHa6B71UrUzuI6FxmvI_oVabUBGQh6phZN-BjkPQfqatehHXVJAfBCbB59YrTZxSPElmfqNeIPVoN5PgSPtwm-D7FODEy2TL-qMgVq-GtFox2IkOhBXMn0JaQcREfJapaQOjeaWS1yst8m-iLqTCatgUIlccyyRlAhUOpYsoBQLUEhDzCX-mSqUOYMVhNIIzVyL66EVYbAzclzdr9eATnVPlG_R4xZ-t2KKvl2Q8JaSTnyZWYCbJr5ayEENxhPALEeLKU99lrvE0Dpy8jLyqRhtwDzZvdfCB-5Em63lOWab0TESSkv3i_2VhYgaeyGSbfvFmePGkiexlbBJKA7eSwm4QwuJ080t4BIapGbfBrIMOw9RdWHGTTbK3crdoY5SrI6ipLcniWbViKl15UYi5MoLbBHBZuFHyjRWebvGD22qmkq8RZWLYwMlA73BcZRiQm9rptnZG4GgS2Ux6Sb_P8kjJ8NwtnfvVRtxeCl368RFNU3IP6xMIA2rSaYrH3QSWoy1NIDCwe80oRj_bSn_GS2P_jfs_3yQ9oQWrt61qI0w8lnOft1L07fJT2CZ7ssXfSE5_zqNRnjXJtHw3s2XY1-Aox0tpwc7imQ1G1jPczV26TR8-AnMOdM4nTRkvhTB-RxxekA4Xx9StWQmfDQesu1ojbJm9x9RxR3IRDUWmF4jEA9PuwhJroDl1ux0ZjlGFCcnfLLps-Xluw5eN5UqqP798fboa5loDy9nRCkjycJf_mL-VX515y0OSxXN7_VKKCFpEDfIE3U3nN9ILXpFjQ4puMv2_MPno5MDgH890cnMXCuk5zFJz8oY3iVV396259HFi7LrV7KFX7I0Szn0ix5KLGiLmrhouxKVp_gkGDVUsqAr1jiR_RA6twM4yaVqyOc95_29puMWzJNuOxzbyJhroZU6pmrvKrTmZY9KU6ym6KgarfHUpGvdf7-2fzUBD-EQ4AK_Q038DGOrikWvvwwi4ghiHGQyTjiCGvphieZ47Ju2N-2D-EzlA2G1Sjg-88Rs_PyM6LKJFzElX48ejlRUrZiNV2zjqN_zgqC0qzMBweNl9lF-NUvUgkmYaAUN8uWY9hV17Zox220C7Mwwy2_fJ_F4y6NG7sQIxWCLbFPvq94Cod1izNVjoZAPe2qVFIl38lJsGyNboeA4IC1Cfd3_5P_8JO4LDJZD50YPRaXGuMXM2zBjJ-jnVumXxCaD_IJ_raKaW4nw1M88bf4ZhmY8wI3dBKtOXHMqt-oj-0xfDVlfzLskIX5GkiZerOPLcBhe6cn5ZmustcSHQ1Qqx5dRWfbhxl_Oifh5RQ1X_bRzHSozbVqDFVhjIFKIFdxYGaHnBBNO2bv9WiGUeiK2-rE-UjUgGB6ftzvK02R-HMqCAZM85YxmN3J7sd-wNld7MgTL7iwQRVTQIxTLNWC64T0G8arr91zP_Xs_7TCRitMZKAINXfGi_gXc-5gWFddshJXRdvRbrnokKchFdXKgtyt7Q4cOwMF1KlF93vouqlzF-2kCbxRMhuM6oShR3GShkHjidW8stkyHHRC6uU_jO0ZRsMaVq7f-NiUWb5-w_QncXtlNGhEJWD_uoc0fTvfhnz49eW96iZ8wwlpi1MQYZCJGWnAOiy5FEzFIEK-euZ3h9pslM0rVYHr0J1M8XDYiMVAmGCth3pYiu2XJuHYhIHSq-mF97j9gzUvaPFIeJL7XlepBkResNC8GBRQGCZd1Lc00LpgawI61TOFe5msLiGhpqNB-TXI3HLJEYtt63It4xf0zqLeoCMGQqelC-ZYm7-xit58LZomXson3Q5fH6RATeGwd8wjndLbt4D_Ypt2UyIHNjFNQpDY_dAGDFFeflZ5Dcha4W3kR5X7Ms4DcPTU_4OHu-oJKtwDk9jp3_DCzV0w8oBT&pr=8%3AE1F0C29C3320A394&cid=CAQSMgAvHhf_8BuKO0DU_6W-LRyJzHZr2aG3FQHvFyl5jDJiCRbGDN_ZNVj0kYJ7rmqBGzd4GAE&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.coloring.ws%2F&ds=l&xdt=0&iif=1&cor=14245063285934735000&adk=4144141731&idt=62&cac=0&dtd=20

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c43cbab759a11f2518e2855e74fc14f99afa2467a788087a59c757ae0c5f02d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39198
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0D49 499 B
250 B 48ms
48ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGNOvnYICMAE&v=APEucNWwWZOwwTQ1PiffaoJAD4bvDrV_YmIV5rl4KSrVkyLBfctij5NezOErinpqshU1kp2S-yiSU8j_7fHZOxpRvi3Sc8oQLVh6TXtb9-KFHNgmiQaqZDM

Requested by

Host: 07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com
URL: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5ee2a16d4f8f9629ae75e0f94473f8601a4e0bf9527ba4467a094926e0947505

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 183
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 10:28:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 3DF7 89 KB
31 KB 65ms
64ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com
URL: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 08 Jan 2024 10:28:21 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3DF7 42 B
63 B 42ms
42ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Bfm_3-ICO3izSDlnKojjG17NLOzaBlUDC_bYkvQZOVtKym3g6rrRWOzjMa_PopY0HGsLTAlQc2rQCbT190dUwVPodLmE1DzZhQhnvFC00wBG0Rjrs

Requested by

Host: 07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com
URL: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame 3DF7 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/window_focus_fy2021.js

Requested by

Host: 07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com
URL: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 09:26:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3686
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 09:26:55 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame 3DF7 20 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com
URL: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f764c969a82705ba7838239087f5ff9b33e978b6bae2657e299b6b14c30ad7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:12:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 941
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8523
x-xss-protection: 0
server: cafe
etag: 16500369019378894752
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 22 Jan 2024 10:12:40 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3DF7 204 KB
64 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com
URL: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65775
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704286440049996"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 10:28:21 GMT

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame 9ADD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=smartstreamtv_dbm&google_cm&google_dbm&gdpr=0
https://ads.smartstream.tv/cm/?cmsrc=dcm&gdpr=0&google_gid=CAESEPXW-lsAvIatmWSS7jMzXPk&google_cver=1
https://cm.adsafety.net/?_cmsrc=dcm&testmidt=1&testdid=CAESEPXW-lsAvIatmWSS7jMzXPk&idt=0&did=0&data[stv][midt]=100&data[stv][mdid]=2910c85f382cbfecf2a90e3a69978fab&uid=2910c85f382cbfecf2a90e3a69978...
https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1&gdpr=1&gdpr_consent=

70 B
149 B

93ms
30ms

Image
image/gif

52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYl9-FgAIwAQ&v=APEucNWjlMrQG4zRxhP4rYZFsgczHbywHnUQH3uO2CHtHzPxyBidwotSTCm7u8zeE5UhTyO_8IjQyTzf_24p0VFjZKi25skjnZNnRZy2gYBQi9PoW_a01bw
Protocol: H2
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
server: Kestrel
content-length: 70
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Mon, 08 Jan 2024 10:28:21 GMT
Last-Modified: Mon, 08 Jan 2024 10:28:21 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1&gdpr=1&gdpr_consent=
Cache-Control: must-revalidate, no-cache, no-store, post-check=0, pre-check=0, private
Connection: keep-alive
Expires: Mon, 28 Jul 1997 05:00:00 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 9ADD 170 B
232 B 18ms
18ms Image
image/png 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm&gdpr=0

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYl9-FgAIwAQ&v=APEucNWjlMrQG4zRxhP4rYZFsgczHbywHnUQH3uO2CHtHzPxyBidwotSTCm7u8zeE5UhTyO_8IjQyTzf_24p0VFjZKi25skjnZNnRZy2gYBQi9PoW_a01bw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame 793C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=smartstreamtv_dbm&google_cm&google_dbm&gdpr=0
https://ads.smartstream.tv/cm/?cmsrc=dcm&gdpr=0&google_gid=CAESEPXW-lsAvIatmWSS7jMzXPk&google_cver=1
https://cm.adsafety.net/?_cmsrc=dcm&testmidt=1&testdid=CAESEPXW-lsAvIatmWSS7jMzXPk&idt=0&did=0&data[stv][midt]=100&data[stv][mdid]=2910c85f382cbfecf2a90e3a69978fab&uid=2910c85f382cbfecf2a90e3a69978...
https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1&gdpr=1&gdpr_consent=

70 B
148 B

94ms
31ms

Image
image/gif

52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMY9PijgAIwAQ&v=APEucNUZ003n2qKhYJEGfJ_pHKk00UuV2sMbeFm5rbjfaznG_NjapDdLaPeki3o6CJ4FKNOMD9-EBxPjVtUMz9I-Z9eB8o-EAqkhOL7RUVz7xFYMymF0dg4
Protocol: H2
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
server: Kestrel
content-length: 70
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Mon, 08 Jan 2024 10:28:21 GMT
Last-Modified: Mon, 08 Jan 2024 10:28:21 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1&gdpr=1&gdpr_consent=
Cache-Control: must-revalidate, no-cache, no-store, post-check=0, pre-check=0, private
Connection: keep-alive
Expires: Mon, 28 Jul 1997 05:00:00 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 793C 170 B
232 B 17ms
16ms Image
image/png 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm&gdpr=0

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMY9PijgAIwAQ&v=APEucNUZ003n2qKhYJEGfJ_pHKk00UuV2sMbeFm5rbjfaznG_NjapDdLaPeki3o6CJ4FKNOMD9-EBxPjVtUMz9I-Z9eB8o-EAqkhOL7RUVz7xFYMymF0dg4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5412 0
20 B 42ms
42ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=757353130632&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5412 0
20 B 42ms
42ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=757353130632&version=m202309260101&ct=76&x=8&cor=10304991674615843000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 5412 92 KB
38 KB 69ms
68ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CQOpF3WLi9ZwEOifFjZ_Cqa8pJdxnS_P3rQp7ri85Pe0_4NHmMOFov1R9YOiB-yfjd80qREhHv1GNTKJpLUKjcuHVOLnVEJN1c5FMKWqvEdpnX3pYaHQQi1OB2k9ffYE4INtJF2x3JEmzvridaNnsLrNYmKF0oxOpubTUSjo56qsL5dzc&dbm_d=AKAmf-CsTdN-PPCyTzK5iGridSRvQiuOh3wv_7uLmu4pfMRVLskqDLNikAHHYqQGl3Mhe9WfsWbErKzBxv9amg3EBFOewLE7EwmPMmXCX_iAU0zP2dJQXWNagJAwo8dvTDKoWdJDSrdzC_mN2h4BZVRdIbh36IELxYvUfqjvDgE3jwTcctlKCRjblZDUtMUZ9oqDjpEkBZUtMRc-gCpOM79pdqpf9FccO9IfhdqCD70xjVBY35HFHWGPC-4DsbUN2URdT1FoJrK7tFBr4e2_tIa7sSteQ5E4fDfrssDE3l9IIHBhT3uUhDsWkPi333XIN22_sqNhjNtGBqkJTHyqRk0stcTchJlB9s-13q9fLEZzCVWVA8LXDVGEnJVPiXKUHxrqxt9nFMyS3k9gpOct4mcmqSenF5dtizwlaSatZXlwU3QvBSI8J2y6pPx5ESYd9rZPkEMcyr4QivGP7Y6bvaYo-scOPGthfuZ1aPfPTTtLbR4hFhyCEw5lYGaSVZkVmaenozj6DXzq8fvTbj-T-iCjUh1Uefy9z5iat-u_lPQjHCwig43MCgp-h7hfii1lv9BVcgxPbfrVQwZtjQoA15XmwBysiOWGhwov4PowSNfWmrAVRw7FRVeWs0mHus1vToN7QV2Wt2Mq-LXs_4bEGnAzIYTsa4oGpU9oyBqQxAmBl5rAIv92FORyJqyb-LgD1dCVcvtM3YTiqemDfvex7W64WmUTosMd47OjmZowTa51onDe4KJREIGeMQMHGfxj2caTSOJLodnFzOuV3rFVmt5h-0XQ3NTPnmllRvpGUjG3d8vABcLwiTbXPZ66ZaDPnZOP3eoG8K-NlAeY7gkS3RCJPQlJ9XGIABVLPSE7DlPCzY4yw6zIbnDFdHjjxyG-8ZmKTV94kPwTmz5fT6QYC0ezN6kX1yBQ4uB1k11AYYonyOLElqYwv6R9jz4XYB-GRW98xMF586GWBYf6qkXZb41sE3UKKkreMBMGtfPtWn7-_If9GDKECgyc43Jtan3lC95NB1cllCQIAGOfRc0cAPL-dP5gWRGMV7XS9Kw3D0fSCsEvKO7KvZbHAYyR-gLrKV0m79n9clTtZb-3ZV2woUH5sN68WKDhjhZQFZDl43H-3dM_A_K4bSlLDsgIF2YDyXABOGQMbARNvEJF6dZVtIBTFSXJkevlDDUdb03WOPGTfIXBvaFDhIZ4VrdJOFgNAT8x24T6ArJDTeLY38TX2i7sf4bjOEo_ESHuHPEpb1-UdUAM1B1Ue24gRKb7sDqTaWVuoIVtVajwIHBKa61sDF1x6leCmhgJOQPPq8AU2-SiBSLqLhJrR9f1miqBGUpE9SJWIz3_8M1EOzMo3Tq36vno5LZJMsWDVjgHfGu_9x9J_A5XTQFZxdQarsTTze8M0mh-CDX4m_bOQq9N1k7nVXrQ-E9aiQ4-O-df2JVSKG3Vs8rOB9rxfHyQOBhJyHky7eqV7RCYMgT5E3sD8K5fvir0Z_CPd6x9tSPtUZEKuPnYQeYfUiSioV4f3ZOZAJSLbrlUTIRG3pkB5ZoWDn7AoVNjOfv3jJ4LRC9vhX5NgD4D7Sc3cKBqA5000cvsE9CLKdSc8I3PTQhLMnxw9AxhWQ90Op7pEXRNW3mxaQFkA--u8gbwhYkY9nV6ou8Z6YWcg-xBNj9y0W45M15tfwsHEia8nj7cew29emuIAOVF4jamKj2pDebKuxnJQ3j21XwcOPRhjQdczc5zc24TDPSa84Zb0dAvjbtz2iBDl11ljX5qfRKY5HnjSESMgfcXqKgL-qchX4vzvqLc-FP5N-iIFP40GcRhXqBkG2NB-peQkKU33Ooh6p2hD8otkdCnkSRX03N9odw36gHscvLeAZ4QjD-jt-xU_ooQjGAxs0BSt6Wts9DiSAiBBd8Boao9jeZxeRmET3l-SjY5tI9ppZDZCb46Zjta55ctMFmcy8aTVhUZkualbZmH7aLnRXwSy-hxHyd8Ss-crG2ENZQjMh6Rnjt4H3gAQIFML-gxbrk7ZeXIgSFfG2rauN3ZtfL0j6WfgcoSn9b5otzBU0fTiAalve7j2BOv5uE2caxPQl51uq23XY6uHlIN6FkUh2mxsOHJyR_LiMkV_3Oa0kb81XAqrqGyaGNUceQiFr3vlvvM2faOi4aDg46PDfRNBgJforyHsMhgsL6ao2JNHp6SXh2G7tFztJAp2LxruXRtc-KJog1J5Grw4U1g9VEUjkP5y_zE0Rhcw8s-CpghSuhFln2NeVbtDUPSnhhZQAbe11NSYcSNNRFUir-uv3xrLTwUmkY1XKo2yJ_QqlA01C3oh-Jj72K9LfJiwXnWkehzUib5xqK7D4s8AAvIbBDR342tO5EXcUpZOoriC2GZgRXqgJvpi22SDOPckPR7sT8cXXqLL7xcg35_n1Fk4UwgCNSlJukmjMiST_fyOlZhDO74FTE2NOdAgD5QsUGOnyNqh1ruL-RwLozFVS_EjQEOfJSeBjH9s5XSiKQsnEsILvMNrDF5SFMc7VjiOfffIwoo3CchNNyLocR_fqKIyD6r4zUDslZ8VAsU6eM1mIr5f-7AcanCPMOe3mcZi0G3DXfw2lqZ0OCiDvIYWeBU4NPwIZSAJAX5OCtzqxObL3rx6ogUAZfgaFlp1gkTMORY4Dbcb2ZF49RlvP6dcJZieHjUW1zd63T73hGVgi9sE4ff8kswBApbh5e3YfaRq54IxvhuLwEsawceQ5bpHivEiQPilnfnrpdvF8qVfynx0ubKTzHLhdaULPH_-EvSkOvy3Cn311r2w6l8Q7EE8C9FP4TQbWtrAGKmig9pOnKYkf8pfIFu2rRaQKOx8o4_l16Frq8vx-BvWRtAsjeV1qcf0pNHQ4gzmixN9kjwf-pZx2ywKj1MGIIjQEDfJBheQJc57qL1Y6u-vGo74xMo5FTIEBi9QcAH1PwJE75zSd8BnWF4T_X491mNzJfT0nzbCYGOujykT78OBfL4ERIby1spy8p1IWg4JutSsQUmWkRS2T1XAGuHxB8RDH5ZoV91XeTSm-AaVVd9KFAJCnOxta8DxjrXxsr36VmuFb7D4f6YtqbTb6vyUWp6Q8locJbBWAY8r6v51uO6E5XAH7XvohoY6mAMvO6YXZr8aJpLf6dcGEP_2pGS2rQii5c0HK1xecfFu8jOzI1tdCXYS8rfS3HQb2t_kxyBVFiBSm4x6jAU-59yyPP-LgyfVx155NP9qdCT3owwF0Yf_msbGySHBLdHNFihBcpVrCtMdT4KJwSESXPQ2xHYpn7d6WL5LzsJbbWModyvuWDKOQz_ToPHq6E5rl_PUOqrLySSb3hW1T3wVR_ux0dLm-39ZHie6-8yN0N-309HOqv1vlL8JrMVkmdCKXwX37x6FyVdu1PKl_gJbHU4TGIzcrv5hLLUzYR7XsoMizf0ffQD7UIUheNzE2rj5Kxx5cMVmihJn-nDoQo2z_2XBfKSNETzhR1tw7vMeC7RU7y28AO885tJKid0EPcpv0PjuLQciiR8970nFYOy3lqu&pr=8%3A44AD1D73D0860673&cid=CAQSMgAvHhf_IYx7lNuBsWuvr693ujwVZWeVAKqxEsVzV3d7MRESkOZ_Zx5teCEaV1N5u5xDGAE&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.coloring.ws%2F&ds=l&xdt=0&iif=1&cor=10304991674615843000&adk=4042653750&idt=91&cac=0&dtd=4

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8e2281470dba0dfe51de7d3fd01d0bd25cdde867a2358462ff4aea0217fc057c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39167
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 0D49 170 B
188 B 17ms
17ms Image
image/png 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm&gdpr=0

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGNOvnYICMAE&v=APEucNWwWZOwwTQ1PiffaoJAD4bvDrV_YmIV5rl4KSrVkyLBfctij5NezOErinpqshU1kp2S-yiSU8j_7fHZOxpRvi3Sc8oQLVh6TXtb9-KFHNgmiQaqZDM

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 0D49
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMwurVf_FXgxVT2gB5JKFU4&google_cver=1&gdpr=0
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMwurVf_FXgxVT2gB5JKFU4&google_cver=1&gdpr=0&C=1

43 B
338 B

20ms
19ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMwurVf_FXgxVT2gB5JKFU4&google_cver=1&gdpr=0&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGNOvnYICMAE&v=APEucNWwWZOwwTQ1PiffaoJAD4bvDrV_YmIV5rl4KSrVkyLBfctij5NezOErinpqshU1kp2S-yiSU8j_7fHZOxpRvi3Sc8oQLVh6TXtb9-KFHNgmiQaqZDM
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cMXiz9g3CpWpFwZJx1BajHMb49TtaRyAY%2F0zJXiaKfKR9GxKbFCLVren%2FaRcKntEa%2Ffz5uz5RaeqlJRVDKNCqx4jI3mJxvFp8SvzWjBOh6eol9OB8pEznwZK7RVSPMouqaThU3AmKEnwyw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8423c0d1a9629b21-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mGgxD63NXtYs97XTL%2F4vyhkQ20IbbCsizzxxVcMQf9fTD3VoQU4f1vVxt5ZTPN06%2FV6JP9pnyitg7zNPnq6GS25OiD4nmusKYDfNZoiUiBaozgLxpBBYlJsEBXrYvSe83usbMzPpkrIKFA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEMwurVf_FXgxVT2gB5JKFU4&google_cver=1&gdpr=0&C=1
cache-control: no-cache
cf-ray: 8423c0d169349b21-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 0D49
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgdpr%3D0%26google_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=0&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZvORfV4g7H5Q7OxKwWbVgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMwurVf_FXgxVT2gB5JKFU4&google_cver=1&gdpr=0

43 B
769 B

28ms
28ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMwurVf_FXgxVT2gB5JKFU4&google_cver=1&gdpr=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGNOvnYICMAE&v=APEucNWwWZOwwTQ1PiffaoJAD4bvDrV_YmIV5rl4KSrVkyLBfctij5NezOErinpqshU1kp2S-yiSU8j_7fHZOxpRvi3Sc8oQLVh6TXtb9-KFHNgmiQaqZDM
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6bpunbIXDXi2ezAI2JESDK64JIwS90QhpF%2BCzrre3JBOd1oEUno7b%2Br6ZccWFrVzK4XX9KDDNOVHvEke4VBkKt7Fdck8QHlUq2OE13glIm4oQKA1dXozNO%2F9fDOYNui48cz1w2HUnUxwNw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8423c0d21e8d35ea-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMwurVf_FXgxVT2gB5JKFU4&google_cver=1&gdpr=0
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 324
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4794 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9603329956423&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4794 0
20 B 41ms
40ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9603329956423&version=m202309260101&ct=76&x=8&cor=4088710105394046500

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 4794 101 KB
40 KB 71ms
71ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BlVyPPuNSM4liuA-OlE98868OlVoW6p06oNZugHybu47lYUzA9t0b3GZBN2a52L6DPruDF-tDhagE8YjiPiJMXb6CUV5B2ycHUPC_aIb6HN62JO745WUkBRZ9lI4iCmApI1oCEmdqtj-hjVKWQB9-PmJ9mMe2sij-F6ykDHAGPrL0Tqec&dbm_d=AKAmf-D8j3ooxsja3dMWKQeOWIZDHLSrxI1fiRx_F5u4P25HqOO7WLQoUyymRCmkyrlrdmNK45U6PsUOkCu5DwXHHpRDy_jKV-jAF4DINHi4p8SUlQ-W-Ajdudu3gHj8PrUnDE3XiejlNiyC9tOQW8x9XD3m8vpG_kALcUhqQ9KxS5yW_1lELYWY0PaQ9qcwfCSOFuuV5L-ftVfzZJjHd0CBB49cXr6HzvtTTvL53wQ3fa7f25gbJSuOO1So-EJsPdHzqihjnbSmTPJSYRrUyQPru1dzJuTaJOrfhr4fgsW1uWjJ7VHmvM_hv2NkOq-VjdjqFNvzMvi_fEHqrW3i6gp0zCCZIxorAH3QF6_Y4_2-3yopo1OpR6p7Vs4Ckf8WvCN0tbAc8AMmkoj4Vt--EUAtAFa8yNNDPMd4O3Hgji0Lcuu-cbkHbdhnd8oXO2n8IbpZrSLpalv5gmZsOwM8Madue__FDMe1u1YyHNB0r5wc5SC8dQPl3HCx6RQcc94yOUt-yRaylwQ61huq--vtrP_suw3rKOWIdQ0fdR9rz_VWNTUM6JJ_YA_X0u2TCK2YHibKSwKxMNwsEjDlezqVRGKmxFtsgJZBxP9kmh7QlSgKrX1xFr75rr87TYJ_FBSWDMC9123JJPE2wD8vByjQQFN_R3S0KWcoJjy8-O-iq8mKUdPTbKF8O6oXdB5ITEUNSimdsRpNSeT9wRTpvX6Wuh5a-pfYMBnrXkPidCKjh1HNkuqIt4kXxfWzX0DdUUaWu79tuh-IjkbVZV48xBYW9UwzfH2geXjsaQqLXPUNFueVSMg_TF3zfi8DkS8Lpc4vG-YCpLRSzcvsbDfk-1CQc085pDfkYrIvEwOcV96DfMRaE5dLq2QeKNuPZKTdcW102cxHUpxT7wtUiL8jPUEv2TMhN6_kd1ZJ3CeFiqeZScoWOrqUgyOme-6wt7JE_XEAwPEc7RW8U_ahhj978EuY03geHXF0uTspMT5RGgmcz9QG9N9bbz-S65dJ8UcE7VK-pYMrYuBXk9LKExY65Rr4ykLuqc-ggLQeP5o4fkXhYfUy2Bl3CItyxtojqPrk0zESiZhD_-EXhuf7sRcrQUQeBlQch1OJ2gjSYatiqcoiNfZwxrxyOcO0zJdbPz0lL8LDehY4gKVZM2TXllFwlbwySh4aIV9o1tPVFawMx11VBVz96fSqFg-Ovh-Ml2n61axxdhVfSQ49rsmSvq3CxBV3dslpRHqmS5j_-RwDdz57ERMbTdANzGK9mk3wegMM7ddgjHTuPNlW4JiOlqkszfYj1U65-mYIA_zyb1sa1XFc1Vs2nQYSR0ZWZwJZa_t3FWpf6Py2jPgYRzgbKZgVSgHbn9I7OULbxbJ813XmBsATY-GeQE4YCKaezRP1KDZfMeSpUsUyDKEXpqaeIxxlGjJXX_Kv4T3e9OQWHe2LxP2GqOQT3zx9KoGBaHe7oy0SFzEKTQ7GkXx8adztXgM2uQW--JVFtfh-niJEq6rKpvbCOcHI_NOb7H8SK8lIqVjXsk0bYnOudKNdsU4WC9POYunGCoeLs5JZg_1tdWvVMs1LT8ctQWuOzQj4Qrqu65eflK7e5AUpPf93HqbOKzzO6Td8HMeMDP6ZiNfh-aFsh7EKYSYW3U15Mt7XYNY0a8jFZgjGMgX49PnBrzb0k97A-5zuUm80lzAHEpirzSCH-GIVGxcEBeXR7w2tp0X7flkDLp7tqRpK4AHf2_sPoYXCP-f00g4-bZC4leTtC7dFTCB59QKL7JpMbTht--nSH1wPYXQIhsxyIM5gkUloqpdJ3x378lhEzbtJgc-HyaB2nOhwTuaU3EQcVuGrrnN-wSLBShYKHdApr28YMTm9LgRf6beoANPc7fsfB1Fq9AHZtsVjrGyd3oY0qja72ILMdKnADJKMJXcHThNYjwst4qsYGYVRVISnMva6dbTli4bm_rcBED_SGLqn_Ggm6rbKboqBbB5x-ssiIk1CemtgE00wqb3Am2NaiCiv7nVe3iS1x1h2gB4eV9LGUJec8QKF7JlBgMfBIC58qXJ8-4JUkN3lmJOm0r5XjpVaj6mH6_fdswREl-fKf1kJeYRBFISUZKso1nh3ctKb5Y2DOqYk4TIxcwnAZ7JkP6d4_ok5FKOJKz78pWO-f2ayi8hS6m6MKWxQFfmO8mOEf7oB1jcQQc0bRrGJtA-hpZchB2fhjvi1ytMnfcTT91dP_XlPOUM78PQEeZBDOugWiO50JRPLdADPJceZ8VdSR3NPV_5-_vYMLROB_khHh2CzDRU1SHbIBPB-kQ9mLSZp5NMMSc6FA_JM7F4FKdDkXBVjpYrHuNzhMHKEEfXKS9JK2l6JLQDo6VUMfikAXcgffFNIgrfxum8STuXUknqgAuviYhd_4qy-klzlTXCgdAz4SHrebnjhGzLBI4mDL5j5ZrXuzfkrfB9TA91b-EXkG7nirOX5Bd5jukhJGETJlzl4dDH9wGJUbFOjkRSSg5TwK--AipFD7ZueA2JU44GiurANbiS-8ViLmCVoUGGSbt1bz32PUb0CjRST8JMOz4duTlKcXyPPhj0h_zgtFjQoystLU9jZJPVwzPY1EdiUXwObjS117XGH5A56CbVawAtSgjyC82LHmdhM7GDGaLSX7dX3ZXqeT2p72dCVzrS79cHNMRWIieOICJy49TU4rIHn3h3Us9JVTJDd6Dh9OIkLQGSxZULdkKwazrq4Q_3KPYZ9CpLkaa6lMNLMMrVCYatK2AqJkD7FiDfcgZmmKO1dIu2QzWHvt5sGb3Fqtnt2tFakUUpOkinL5LrQhlbwTaDi8VM9YbP0HPIIqSfyGcBVQXwf4_iPebWiemJUimrM-DcDslczDzSKjMpN4EvDtOdNdvsDxL5MEYolPTcVqVMJWqGx-HYHnm2H-cKUSf7yRPlXw_W_ne5sfTT5DvcuDL1_Z6n1ytEIL1GF2ULCb45alfjd-Qpt5_WrYTdzKzsZkarg0v7RzZqRFF5uSZWWOHvxX-m0Cd4K-kWvLCQ9_htLW-Z-8VMDJhdZDTjHhVRkGob0XtyBV340NBp1FZzVPRVmUpDKiuYqoNR5aB9S0DFHPcuKXfAtLu1fN-exQGiNkM3H4UeNFVGmdK4zv40hvVVcE00xcXWtkgU1uE0UfPDolM79mYsZEN0vQD6zg8tUN9j1JffpDQ5WF5kwSZZXj0-XQFJ-SiDyMLYCxj7MBSgxq8AmF-zF0p0sqTv6X-7MNmrTSE86cIqTpA4a9kxYWzTW5f3OEYk2JPs6xZ6FptB4ge88ujdxU64tJkrY3pSR1_sLcnfD3d55sUvkgOjeGWAWBbu17y-5d1r5mcBNlm6f7f2qSt4DU0hGJWIKgDrsT9BVbzXvAX58UeIVB6XtWbqaMznW0ufQ70XU1uGjNpBmamrgYQXTi_yoIgQbYQCK-rc-hQhxNGH_rFEe6JXBkFRzDyR3ts4bPh2HlMnEht1kJh5YPztX2P5GnpL0Z_OoIA41sCaZ5VnfQou8lIZ51qki-P2UmR_ehQcH5xRValsW7UGlva1Z5TMSvqT-_UMe0Dw3Q2JxrLnV6Qn6lfIS71EKbY-EYdF4Jvj9KLnv4N-Y_gixBjZngQ&pr=8%3A00AB4CC8611D2841&cid=CAQSMgAvHhf_SmkS5JgEkvclnEpEbBNnBhQWGZWm059l89-kDMJMxql5bt6kPQ1Z3vGpL1GPGAE&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.coloring.ws%2F&ds=l&xdt=0&iif=1&cor=4088710105394046500&adk=4253294974&idt=119&cac=0&dtd=1

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cc4ed9d2c27523b02bd3ba2451eba6c30a9f3ef8411ee7c547b4ebee07819a8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40843
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3DF7 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9850920413521&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3DF7 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9850920413521&version=m202309260101&ct=76&x=1&cor=16113745095528954000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3DF7 109 KB
41 KB 92ms
92ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BvKvT6jAMlo1rbl-Yy7Rh6Fcv6cv3VNG2D8uek_L_yYKfxbOBCLEJP7hEKNS53OqFrRjM2ZBR_tc9EF2h90mqwZi_yD7qc0ghJzna9EbmuQ20u8ZL__sLA-0WmzTEgp8vLsqazbQnI1g_MB6yumjTakyhsZN8HGG6yxvrgQsTfywusjBY&dbm_d=AKAmf-AV0CEO2somGIuHXypH_eqRpCAejkflasUfTS9jnjGz3V_zhglj0esMMH5ORpnkOojO3W6OcF_sPWvkJlj_lZ9XOa5Xve5r_j3pTaxu58kr1J8WWkHaURk1pwb42GNMW1g-0Ax5Rz3sZN1YLoc4i2MFzeHfjRAr6a-DufTGVpgRbeSrFyCqffpJz4DP2IPkVj8r7t69AiXSvpQzCCCfmnIC3Phj5MIpky6xafTkFm8vv_pzN-n98odZIJgPlMMd6FadfM4CuVbQzPl6n4NI0opPWgqv7g72EEhoY4ybEMvlmeLySRKR-Qv42UOTkUgWDjXZgD4bple52zWb4bMjQ_jljCMYVyxoosZ3ltw09IlmYwVeC4oXPcMiN9baKfjuwz1tVuh7nU_dz713lGirZERXMmUA1k6YtMYHLXWxuHDi46XEG-w5VRScmTZyz5TFfcrgr2X2zpIdR2_Um6cUP7qPUs0Var_xygSblDYIEFUUUQjMkHbq4Fa5zwiBW7iZw6H7qxqJe460U1yc_RAfkH1adAfb5ZMto8ZjHsQcTlrbex7IBZaeMJbz4fxqd8Wa2X4e9uKfgYSXYf-TlLEhf8ej7jdjHYyrIrWuEDq3GGSlpxtkRRtIDkiAa6Oc83Edk1HQ_h-uhUapDsBZpHflp-OaRAhu0PZBQ3v_TGAPLe1F3gaLxJE65r5V_qaJDcJ2tMBrCQjElsRj8Q4gd_yh8ZBqxQ7M1JesteihJMjlFze5OnkBZlNxTeORWyZt-_buBsn7gbh5-_85c2YPb9fmIA4UagDDpMem0W9PTve8B94-RYpwwf07X0z6JvX_5xoHPSWF8wpGg7lAw46HluCwWsYSrRHZgounN3pfhpFxVJi-LQp5PbxONDYYaVPf89pz4Pho_czjkptbrZC6HuGz2i1rD0mIVZxpUodL0GAXowjtEGxq7RjjVasSP_8uAjrU56BTOdBPwZ-usqlKVD0IMIJlqkxEj0nPCWnHetgJyGOsOpPKhrz2zQ8rZUasK3orZjac01O6RG90amy_OAe-l6ZHOxQa2UPbHixTyji00fbwgmRFPFhP_MX12Ve7H2QCfIqty8hkhAbwhQ2yZf6WUw19fs_sBG2GRZUEksIIZ7MRq9tcjVpeXBuXhsPPyIGwP8C5vcRhVzmgoKMcx3C-KEOo_LSUyhAPq72ocrb37NPwaSGu20dI2Dj_iqUifguiDHXo8ExOm8-lc_qwmDJUuTaeHEEG0p-boQ6gfmjPrPaumjUKMjjZPwin0ISLIjo-bPK9Gu3dgT-iizcayLKG1j9VeA0EmdULHv3VI6TjKFltXrcLdTOo1Pn9uCrGntXieEn9sFCXZVXbDRvUJ8BEaEiYI4YQ5DNC_3X6GpqGbjgy_XnkvLhYS1JOTqe44qKcIduaC-p8xx68kn8wxUha678zpBrhquueWybxKI7oT8qeBNPCULfPTeSCOPMQEM1HiBMCYecwT199tqM4n8Q7c-racSrfF4U3vR9Z6ku3fxWEfQ2R5zPqSakJQ7nzMyQfxTZTzCBYnTzaiiQTiCs24L0cEBUWNC8IZEOiylO2CwVigqcG9vDxjrUscdWXOMmKmVw_OLfJ8Qw_8Th_OxPAPK4kM3yCUErW_a2MiR842VquC9_V_sDi9BWsrqzag43ahmtZ-iYJQCImgAYZLVEwtbDaYZGpUrc9z2vWb3OlRzxlSILyJOb7X6Quk-uPQFfL144tCfInzlbqOteuew1W9sPNNzHijQ7iw42kYbyKEF4zZ1VEY7Gp3jzb5n1APTfeq3guXI0Nq4h6bYlMhwY4u6Sczir-EvbqdagpH9hhYTIh1D8l1pJ1WdrzteMQep3hRVtJEUHTeOInpqlkCMcg-85L3J6eSQZ7HSkGLLGDXzNUtuLKDl3yrZa1K5_c9cpF3ugGbpHjTTZLljYFsChIKPgE-mHMHQiL7JY6fkmpX0C_StsR7_2X-Lr0q83PqZdx7Nus6MCG4vuYfocZz0BvfSjDYWebZWULB5lxziy0Wk-uXAmaPG9dIW3r0Cfb8oCc_DzlmE-pGqTSQG0dhK6Q2sEp759EC8n4Yopmc7_LDtOwrpPwiW6V419wPSg1p0GV4X8ML_YX2K7KtbQVyA3JD5rdr_6qXnci1VSQ0nIIOI12YTToF0CHvICSyyzCCUxwNuNlv6YgQLuA1MAf8n4HU3Snx-0YN-XvudSocj6-W_merPZl2PGyunX2c-9CGEAWn6J7sjfkov3bmmRuLl-TbH0yKEl_KQafvn0xrbXzxpfQZIJrak8adOfTRz9PfDSdefVDzbbEQ9QfNgeC8qsRjfy93x7Bn4BiR1_z2_DkiwXM1ujbncOpoHHVk5uUAH3brGKdno227Xbx0PNQInnwlFGeNonsGRRK6BsKIFd-smY_Ms0SNOvsiewd_w_NKZF_bXd7li40h7MTcQ4Rmh-Ky3xO5c_St-q4TVZwRfnzYsrRmMn01Dlfxq0HFg7NuFIPwyKRZFQHqMe5-eHx_9FeT7Mn6FIwxjspGq1xisaCChDrXxu1VlDSsGSe6e6dakHf7URJc7njMk4UW4VZrf7pZaJmiZxhj1ePfHSig_VEZvSIp8_bvEkpKU-dXwU4nVUaVQKZCpu1_s-EylxvGFdY1kG3XIv5yWA361kuxXoqIXgdyDAJ1ELXga54fNI3f8ZLF8snhS2kQV0_qefj9MEVNeuZHhk4VEZYDMFE5jJJWf5NdwFqop_3YL7Y3rY7CtWGN-gAIEn4UmERq-kl_PYB_p1QFyPN0UsLl5c27-zawlhxtrvzYWYZNkDpIDuyQkrIMhVJPOrSNxmTsAxB0FqzTJlTBUOC6BW8AOhYEHpuq27LsQKzJtd2lZDMhx_seB7zuKMU2YQ1o_qE0eRKNHthM_63YZIhr6NUSip1K9sOHc64FLMD0EvNbLaqdR7jYHDXQSUac0IPe8Tuz4RtbPB5fjP_lkGp9YOFABPZPWxTJnRWnQ8Jtt2JVmOSh-JC_WhhPBe_4h9BGTTqom5StqiQFUsWEVZP-1X1rQzCL2Y3Y6vERJ9NEgBM07H2kOU5xAjoBuCXrbqO96Vvcx4JgxAy6USmPUeW9ppyeYio6AzDCPioMrG9eJ7vIoPfO6zJQiHLxUDyF40RxGETzKvAzSjTgt-_f96zWv5xVUV50r28JM8P6Lrk_ISVXyo1aeS-Sm6PoBYLE2EzMhT2tR70SmBPaW5bfBZpvDmP7Wuc1XXF8fKt7nIXZ-bVwy0KfR3z6v5GdPm-Y2tKpL65oc1WYbBK5qyXEb6Q4FGRygkYgp7MS0ne21-7xWMwLD_zF0reINZ2sxHL_NPq6gWhhfopceg_AsQllqKyvpaBPFkVEhu2YNueR21vlRGK_PZcfGEDHDWk88z3uAmfkSaEn7dvy9gjUdwFgbTY60CgtC513xt8S6ZdR7E00yyVBb_gMjdyi7txJKI8zBpbp3XpqRbxV7hQyXVUnfHil0VaFYJPVcMXGxgQO7OYbvJsV_awpjUIPqxt9qnZFo5j1KRehloiNHQDu1mB1k-YDcI8lwYBKM5s-KPslvxWPT_gpTealn07x_DQNAHrq1aYqff5ohFmUNqCWRUxYKfn5yN0uBEu1mM-AofLc9ctXVltesbZpXN8dH4fcD6HBm2P-EvJgyxiPDT0pIUWqyzWZdFNA4nf72MxiLpvGM90klTMHnyj_OX7eNzLcRnBkMQL79QBCJqNrXzgDcv6UWnwNg&cid=CAQSTgAvHhf_eGQxu_OUI6HHE9jPvW7_tYOOQqLUXa3aaS1RC9hTrcmRmSDeNR9dkcQIAL37xVanqBSKnW6ggzN_BSF9DqgRvhD70O3YLApGMRgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.coloring.ws%2F&ds=l&xdt=1&iif=1&cor=16113745095528954000&adk=943508964&idt=69&cac=0&dtd=2

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f2d8f83967bdc08c4cf7e492dacc3d612c2f1c8939422762fb3afa2a358e95ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 1604 111 KB
39 KB 60ms
7ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.coloring.ws/
Origin: https://www.coloring.ws
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 21:44:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45841
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 21:44:20 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/elements/html/ Frame 1604 11 KB
4 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/elements/html/omrhp.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 14:47:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70856
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 14415875674906819925
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 21 Jan 2024 14:47:25 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/ Frame 1604 31 KB
12 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/abg_lite.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9dfbb8e1be036059aea6dd87bdbefa7ecada3617fb3f404ba4647ebbbf8160b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 12:55:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77578
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11885
x-xss-protection: 0
server: cafe
etag: 16863283086342074828
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 21 Jan 2024 12:55:23 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 1604 41 KB
14 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 231793
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jan 2025 18:05:08 GMT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 1BC3 281 B
555 B 32ms
7ms Document
text/html 104.79.89.214
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&gdpr=0&us_privacy=1---&geo=eu&co=de
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.214 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-214.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 08 Jan 2024 10:28:21 GMT
ETag: "280525-119-60930cbd3cec0"
Last-Modified: Thu, 02 Nov 2023 19:57:23 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1604 0
0 59ms
43ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuRwdJbQRzY3fRJNN3e0uvJS8aT-x4QOycuyzvokRVys7QJwvlwa9q27QXSxiHEdLUR8tAiaDASdJrwQyfebmDaCWsuxebje9YC8W0M1ODFGIXVqaPsCULHNapHAERSaoBOfgt59XrozzBI7Y5PLA1hzWXBLyo6hXdgK1eRM7LVjR_AFAFhBJhzFFAkZ5Gty8XIuVTwleyHsXn4XQomlXdarbEQcHRGWAn9lP0dWAhe-DhKgg7j3PIjjvIKakk193q6kkjCaBt5r0b136DrTi-wWafb1417lCLXHmhFWt0ixs2ArwLWOAFtwGEpPtYA9q86xJzdtpxWXhuhvuI2RnXhk38b8jXjaIOBKdd3xUkCSibVKy2qeW1w62qy6eT1b5vn8F_loj3erUZR&sai=AMfl-YQXyNayL7x8SOqRonzneOaWT1heJ6_TgFSfJRMJoGe05eEcbYYEM9WIvaxcSOLY1C0xV2YVndetT1MoFy8MNHXm59KTa9gdtU35kAGQRdBdoMQJkSFRoGqAODZtMuACVex-2PiTUT02OkQckSg7lQs&sig=Cg0ArKJSzE_PCuur1TIYEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 08 Jan 2024 10:28:21 GMT

GET
DATA 200
OK truncated
/ Frame 1604 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f258bad908349e2869e4cca22d70a5f3a52a3c8cca2dd912dc13ccc58495fa4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 5412 111 KB
39 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.coloring.ws/
Origin: https://www.coloring.ws
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 21:44:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45841
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 21:44:20 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/elements/html/ Frame 5412 11 KB
4 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/elements/html/omrhp.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 14:47:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70856
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 14415875674906819925
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 21 Jan 2024 14:47:25 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/ Frame 5412 31 KB
12 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/abg_lite.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9dfbb8e1be036059aea6dd87bdbefa7ecada3617fb3f404ba4647ebbbf8160b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 12:55:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77578
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11885
x-xss-protection: 0
server: cafe
etag: 16863283086342074828
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 21 Jan 2024 12:55:23 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 5412 41 KB
14 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 231793
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jan 2025 18:05:08 GMT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame D0B3 281 B
555 B 8ms
8ms Document
text/html 104.79.89.214
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&gdpr=0&us_privacy=1---&geo=eu&co=de
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.214 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-214.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 08 Jan 2024 10:28:21 GMT
ETag: "280525-119-60930cbd3cec0"
Last-Modified: Thu, 02 Nov 2023 19:57:23 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5412 0
0 47ms
45ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuRqoqsHZPsgZL_04Tq38YlPaGGmgL8gEfwLnUdCCGONS5fo9BN5xBoBbJw6P_U_Q4RJvm2-qpnaeXVwodpvB9lEj_k9qdLzw1SvVltozewzuk4jSBh_KfVuegFfM0yMfNTE4m8ZsSbZrAUzHOyUe7oJMKrGtEBGFlIF1sXggWCtJjIOtzNzm9w6l732oK_KrK7EXXEyTsbPc9o5tJLF3qxZ7WWJbfnAFrgb_oe6js2rAc-S2ilPfJNIPjcCu_DAwegWbpWg7AMX0_w2m4mrOTF71XWx_8GZdKaLS8TOz5dskNI6QGkv4gAor72w_R-KBbnrBvVIBJb3Kzni84uiKhsYuixIScu-6m_X2ieUFicAL7r-6Gr7vz8xNHK3A4rAkNEN7k&sai=AMfl-YThHMQj3F5sJRCa_YdOBRm5ukYaVtMngOwDJ9mf9IAaxLY9BKZ2y_UcfaBwfPDpPgc17Qrf-cBHkcZOOfZtn4RkoX85Ej-nFSyNK6FfQ5Bf_GGC6hpAIZ2L_nAQOfN4ODO3L5v2gboRBrZj7n43i3k&sig=Cg0ArKJSzAv41JDKpOkKEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 08 Jan 2024 10:28:21 GMT

GET
DATA 200
OK truncated
/ Frame 5412 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 980f07c5822d74c124f92f01741df67ec0bbdf311a70db9ea3a9d1cbf87da23a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 1BC3 45 KB
13 KB 7ms
7ms Script
text/html 104.79.89.214
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&gdpr=0&us_privacy=1---&geo=eu&co=de
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.214 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-214.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: de6a3140e1545c802d9cea4a822e6ade2a8a238afbf64ff2fbee2f0af979180c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&gdpr=0&us_privacy=1---&geo=eu&co=de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 08 Jan 2024 10:28:21 GMT
Content-Encoding: gzip
Last-Modified: Sun, 07 Jan 2024 19:44:18 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=33338
Connection: keep-alive
Content-Length: 13173
Expires: Mon, 08 Jan 2024 19:43:59 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame D0B3 45 KB
13 KB 7ms
7ms Script
text/html 104.79.89.214
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&gdpr=0&us_privacy=1---&geo=eu&co=de
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.214 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-214.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: de6a3140e1545c802d9cea4a822e6ade2a8a238afbf64ff2fbee2f0af979180c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&gdpr=0&us_privacy=1---&geo=eu&co=de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 08 Jan 2024 10:28:21 GMT
Content-Encoding: gzip
Last-Modified: Sun, 07 Jan 2024 19:44:18 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=33338
Connection: keep-alive
Content-Length: 13173
Expires: Mon, 08 Jan 2024 19:43:59 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame A78D 38 KB
13 KB 6ms
6ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 520983
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 02 Jan 2024 09:45:18 GMT
expires: Wed, 01 Jan 2025 09:45:18 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 4794 172 KB
60 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.coloring.ws/
Origin: https://www.coloring.ws
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 23:49:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38357
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 23:49:04 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/elements/html/ Frame 4794 11 KB
4 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/elements/html/omrhp.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 14:47:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70856
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 14415875674906819925
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 21 Jan 2024 14:47:25 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/ Frame 4794 31 KB
12 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/abg_lite.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9dfbb8e1be036059aea6dd87bdbefa7ecada3617fb3f404ba4647ebbbf8160b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 12:55:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77578
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11885
x-xss-protection: 0
server: cafe
etag: 16863283086342074828
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 21 Jan 2024 12:55:23 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 4794 41 KB
14 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 231793
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jan 2025 18:05:08 GMT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 5DE3 281 B
555 B 7ms
7ms Document
text/html 104.79.89.214
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&gdpr=0&us_privacy=1---&geo=eu&co=de
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.214 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-214.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 08 Jan 2024 10:28:21 GMT
ETag: "280525-119-60930cbd3cec0"
Last-Modified: Thu, 02 Nov 2023 19:57:23 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4794 0
0 47ms
45ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstTJAiayogs39m9Dswb1Io7baE5442Ima37hrhpyRQ8rWMJm7IV8FdWjRsNWGDnzM95FzfqdGOcKrP19EhooQXbc2CQ0dbLfMqvLQEGJcvkxuB2xw4z6xh6g1s7hZOVT4M8kKiPoUd9xulH6gbRvlWEjzqYmRfoxYzI7zPckteTkmkBM8TT066YDpQwd3v3BdrGvNjk0iX0HKz5Qci0OvBxZ4mzV8YYch3ba4FzKlkzw5TZwgnXe4cxkHWs9rP5OdfoCG84fUaoVwJW53L1bDWLHuaE-YCr8QLJYGIkUIUyyz3J9LMMjZPkquBF9LKsDqkLH5ZgciAIlzJ9eppQ1LIcTIZ_TP0zUP0oHEVSqTI6kBaPJPXBcWTkkALNbQzayu8aWGI&sai=AMfl-YQ48-tKwZJL-5kt81LSN9kih6YWOtthINS9qiIwaLkvr__KC6U-0VPetPZtdcpkai8O1Wbm__zKCcWjVhxLvuQL_7RuSZ_XcyFhG7NlZpQxCSW3q5KEa6Af5dffEjsl4pJ1EDejTNYCQkb4WyKiLLQ&sig=Cg0ArKJSzIlPDkO-ab7QEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 08 Jan 2024 10:28:21 GMT

GET
DATA 200
OK truncated
/ Frame 4794 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 35f93b0c646480734f9ef78c7164f92c673d0784a4ef09ec2e81e996ea5d0436

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 44ms
43ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202401020101&jk=2537425523623960&bg=!ra6lruHNAAY3kmNgF5I7ADQBe5WfOC9gr4TiQOEMJnvA1QL3WD8mFWvQJ6r_S2sbHa7A8pYTeZgvcNXvJs_aDtpJUWEHAgAAADhSAAAAAWgBB5kCxbsdSqKrQ6OLGLdwoIyX0_oOdH29Zhf-HGwedM7xbf3P2PjemWmy-cfkLcfTyWIRUGitVqDJQjSU5-l0RKvgAyj6VR3BNm1En7GIJW-s0x5xXhsrjSkXDe9bOy1iyM75kFZwoWqPm-SS8WHabVZDA6VK8Zy0iuGeTf24IBkfmDQkj3_xE5Li8OcD7Q-Jy_6qel7qzjZfLdxME35q8BQqo6xjDshkjRLuUcU19qQuZ9bTorSGIGMwOvRR8sfUcht0xOSc4oqueOcZVLMkKgANsj0bRhk6RQzbJ9SJtqVhkTh626SGhBXixv3uIPuHuCQ2BJFEpA8DqCrRPx7Nt6Ryzkh8AWp8dq_nM4Wm5OM1J8TYZdLxdn2MokWpQ1a22_2WQMwjdCHDrsGbOWOrAXXiSTE9d5nDF79r1i77-p-mmDtIxwuAvRdrRdDUtgeNb9YnWjNdIJEWt2iEt1htNzYvXed-txecA93bY39B-QI3zTdHtDgWWkibAF_S3FWMOkPi0ppvvGesKQNBRGo-G04mphSARRjFZcXCTaa34-ph7q5b1y4lHclXrxdhQVy9xWDNycd3wZyh-Hb80zdut6F-sK_gciPAobh0eS2Z9byf7wpJyqcPAX3ThxLMqjqheNeUxCPXkGxdcKGRQqODZl-JlwWJpY7feIW44FR5J9ODbcEeDAaYlPltINbXJXAEjFOhI5msgIUMenlCqF4qzOQ0FZNovU835rQa3SJsiar532PkFUV7nf2Jta-MOmw6bHMHr7OGBt_BzuwtZS4Kuh1bWEUOnUYY8BPibArb3y_xI_n6MMhMzdnCIbJJMRPJrUIlcDZ2del0xuPLjdzDv9OsbIp7cX9w-tVa3o8nBEs8wKJn1z22cgcngFZ4qw4KyNJvCrptr2q2CaShFa93LxjAiTnlpwjhcPVzpi5GDaU7qFAVKiQVB5Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1898970/77442736/ Frame 3DF7 46 KB
12 KB 116ms
34ms Script
application/javascript 54.155.202.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1898970/77442736/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1015630378&ias_pubId=pub-4113681882311455&ias_chanId=1&ias_placementId=20903658371&bidurl=https://www.coloring.ws/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0h-UGFGziUfVXp9UxwKJly7
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.155.202.187 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-155-202-187.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: ca6e31b7a83f457effc0e9ebd0b9b6026259d73f6b4d96622ac95d74d4703e88

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 3DF7 111 KB
39 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
Origin: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 21:44:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45841
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 21:44:20 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/elements/html/ Frame 3DF7 11 KB
4 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/elements/html/omrhp.js

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 14:47:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70856
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 14415875674906819925
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 21 Jan 2024 14:47:25 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/ Frame 3DF7 31 KB
12 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/abg_lite.js

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9dfbb8e1be036059aea6dd87bdbefa7ecada3617fb3f404ba4647ebbbf8160b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 12:55:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77578
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11885
x-xss-protection: 0
server: cafe
etag: 16863283086342074828
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 21 Jan 2024 12:55:23 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 3DF7 41 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 231793
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jan 2025 18:05:08 GMT

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame 1BC3 7 B
380 B 54ms
8ms XHR
application/json 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?gdpr=0&us_privacy=1---
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://eus.rubiconproject.com
Cache-Control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 7
X-RPHost: 7d6e3b6fefbbeb4d018118d74243a2fc
Expires: 0

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 5DE3 45 KB
13 KB 12ms
12ms Script
text/html 104.79.89.214
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&gdpr=0&us_privacy=1---&geo=eu&co=de
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.214 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-214.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: de6a3140e1545c802d9cea4a822e6ade2a8a238afbf64ff2fbee2f0af979180c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&gdpr=0&us_privacy=1---&geo=eu&co=de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 08 Jan 2024 10:28:21 GMT
Content-Encoding: gzip
Last-Modified: Sun, 07 Jan 2024 19:44:18 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=33338
Connection: keep-alive
Content-Length: 13173
Expires: Mon, 08 Jan 2024 19:43:59 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1604 204 KB
64 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65775
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704286440049996"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 10:28:21 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/12881238839111139704/ Frame 577A 130 KB
23 KB 29ms
12ms Document
text/html 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12881238839111139704/index.html?ev=01_250

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eab63dc4e9a58436c8ba06abee06bedf1b8746d79580b903bcb10bfff32bba8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 524008
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 23122
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 02 Jan 2024 08:54:53 GMT
expires: Wed, 01 Jan 2025 08:54:53 GMT
last-modified: Wed, 22 Nov 2023 10:36:34 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1604 0
0 91ms
54ms Fetch
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuO8VA6FffCOw4uv6rTLQZp54dvHF0gFpVOW36FMpbTtls2QKF1sc7zErWCx-yIbXd44EiJ2rQ_GrMcQDFM6lZVaey3LUCAW8OIHlMeEn_G1aw0to531grWA5ZFwNYVyAO3vF_7yc7FHUn2XspIeuwUi81hl67KyZoQ7cVKq4NzHC9lgixQ3Y4R22x2VK5gVigFDme4H_v94oNFhFPSnJ_L6N3XxujMSrDil6GWX7W-8EzNbgDTREaLeib7qYZdnEKOtI6lSSBOnztwCtrsbRqGZVDCnDho3c32TDZtQdHOu6Tg7Xgz57im9mjTrvcc1M3VkF1JqBG_eB8-N8v_TMYkHmq4Oak-ZXWdZkXtnoBv1hUZ17H2ayPhOC02-orMZkrKAm55ctKYYQ2c2yyTmDunj_yLUQjtqXsZ9p3reYo8femKwdsw-NVKlMoVoeoloD2f5G5_DUGuzTlHrVZy-8P196Z9T7ay5BBv9TvH-vWeskPP617N_dz095hx8QhVvAnAypLFrP6c5TNNWVcEw4Mu3lDVirFdjIBUwZyMnx33zZckf9eHlKtNji1a0pW_MxVePzZyww9sU5cBbrwKvEf3a8MYhBFQ4ssKxIeP55URBK5yUX4giKdy4dO9tUItORs4CkYKBVNuBiqWUZEzJGNMspRTgscMG0NQphWStT3kzLl31UwThmytz2P8BuPnHmfAi5eZd-kRzAyAkSR3XnRomFnvfkh9bvol3zK3qU-rLlbY30E3Y3TN9eN44oBrzPpFQP7OKeHPcIlgzdOW4szxfBF6-ex5WK1zeG1vsbP9b5FE2exbIkxU6zWOr5NbbDSmr6GmgIxZjqKT6GZhE6_nTKoBrKLW55IdGNQP8y0YMF-wsASWk1bPYei8tNvl0fU3fxw5tdym7sdSQdB7uUkCcyJ3BFKgwQxpCQl1KFDSV6IwOKF-Xu-fyh0KADyQpaaKfo_JJVMynmRWVHx-VrQv2TwINcW91-2J4h5f46O0G45XSQuIFfhPS4zAEG---WS-owi8WMlLicn2IjseyFsTHj6pUdzIXkoGPPhEdTBbZNSiXLHPi3kGEBoLyO4NsYjdYl19oq1LXxW5rJ7ngSNCkwTE7CWNAOs6lS28E-XSMl8nmCXGRdY3ey0wYdsl8KNO0FPV38MzK1WR7iQrZCm9yy47HKsjxwAqZfyVvf_6azNX_E5TBTPRcsiVjwpjmXKBTLc8HScAWnofwrhew9qItnsy82m1AZ5ZpwNsERp7_ujRNut-TjaIgz6oCelvkD2MWXb1I-TiPGJ3geyc8c5ifDzmvUq_CI_bAVVJWYNrRQ&sai=AMfl-YQAcjGbmF1BkqXUTGgn2ZJQzM9GVSIXd8oO_qyUsr8IQ--8dQv_pmY3lkcU-UL_DHgS1e7yeP4fFx9KIrIz7F5DM_eHwAeAIhjseEKgLi_2iKYTywievDW4VlQKvawkUAm31akiMaK1SRp-DxEVnLx8vpieQVkXYEQuntNLMv2EM3DQ9a1Rqc-vk2Z2LRZHslBfLQpZDMRncSER4bsEDpyaDvTrWMjH_kjS3HZ3-2-npQ23w5XBzpvBpK-Z3oMkBNR8jTaIuFA8KUesyVk&sig=Cg0ArKJSzHquWI_Z8s5IEAE&uach_m=%5BUACH%5D&pr=8:E1F0C29C3320A394&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=164&cbvp=1&cstd=162&cisv=r20240103.18904&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5412 204 KB
64 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65775
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704286440049996"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 10:28:21 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/4037769011434089471/ Frame 4E56 128 KB
23 KB 22ms
8ms Document
text/html 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4037769011434089471/index.html?ev=01_250

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f207f8eee9dea15ff925238f76b261a725a693870f8a8010168f3db240623f49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 578741
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 23049
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 01 Jan 2024 17:42:40 GMT
expires: Tue, 31 Dec 2024 17:42:40 GMT
last-modified: Wed, 22 Nov 2023 10:42:25 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5412 0
0 88ms
54ms Fetch
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssSbyVes1jfH_01_DeU9innsECxo7_UiUINYJ9m3SX-gW_C6eriWsHxWz9KkUnec6h6K-Zv52KsQoiyRsSsWe856Hjt2C3tVIQFG5h8e9TLBvwcOl62zMj1pVLd4mkaL5mJa_44qmfSjaEK1yXWbD6GcyH7O4pjpy8tBGVUJWSxjPG-lDfdzgNUk9cd8mQwqLi4vnl8kGwATMWSIdNy3KPC0gxJSiLiaql9H0aLsyYUnztP--pBn8JP-gfYdn8OeK-0ws8iX4qvqUKyMZ0H-y8e9legp8OPq-IablMO0A_67pc9hDO71-MQvcXXUuaaTWPyI8viV4mMkyyRksU7UQmwhvgRAa2dVFe4K8n_3jmvfACPUh_zgaoOL9AJtILhL4O5J0_pJpEP_ns5qljs1qI8VUn2Y08GVuuC8KoaARV6f1nYWbML0N4xNIYVoMGXMc1SLhVZ4PYM13OC-uSgTLCYSIFAWaraoNDMvH6cA-TKIp9zPfJi69_EP3KDzoZecAB7oyprUdd-6aJsSOr7JukeyctwCws9bofBLnWQsJuGVWGpwA3RFpE5VtIC6r-JPl3NHHnw74MTbVRm9yUE2ur74JVj-8klOFSGE7UERGrTNutitJX9Yt-QPTQiB68k-xlUvt0wnRkrvC1Iaixbynmdw1JLK23D_AQFJiuGJcQ9ktb-mtTnZt8HJsJ7BAM0KGd1yl-1_9Tlv4AlJ0v4AhcZ8Kx05BwBIBQra2Ja3WMoJIN5MorQH3y22i7XGGCKgQ2MbOXd5421Tl6DUtvNVf1xJFbLhka8ur3xgYHFIFClIOEFBqWK15cxrnuzyj9G-5wz6Hx3RsxucRTF_6JF7d8e04n0GmONrxlUfIUZQFZYABPSDTXfDppLin36Rm2d1RRYUbfNsYWHX59LBmDwQbt3Zkvm67S40XTVYZEcbvJgkHRxp6L2f-86CDxc-4tUZos_m8BCQfqGqH68rZXhs-JFhU8LXVsdjVSIBb007qjd45M8hdWFyGFqFGQ3Cf_Tj5mBlNhgr0O96GhJZ7csuamgUPiOt5-dYLPb6dPesMtyp4l4RsTn17gnj-6Pp8SJaVc6d7sjmEOtWf9GED9FCTC2DF-E_oIWDEaBRzlMf_IZ9zR28CXYoF6WTeUqyzZ_pYJcdeSSZERj7dtW9yQ7FZcfsto9P8lImedDiaBLiAU_DjFjB-vxpdnrRk5Ha7WPt2w8orHpVFCdMrijlQgZdcZhvC3Db8n4YuzAoxZW3C1_Y1jYozzmnIU-g15k3jAFoW_1jqGaVtrxDbfGYvGAmfYc7-sffVZLAfx1R5sFxjosdmo&sai=AMfl-YR9RC2zhuOtVhWR2EjQt8XP0BmJ7fXDx6NtVOi0958kG8ajdCc4CBWJ8W8lGB3Ge7US3Jyf9NegXEWo8eZ8-T5FBLfJWtXw0xWAdQc8mK5nl30siDKaMTEFd5cXlSeYk_H4OXGNsrHI_lVEEQJx_3H6bSYr8og2v_IEhVsapjqvp1M-oBugim7Lcl8197atGItNheuLC5BE03y76K4pfUiQVve04UCBpnfT-XcUGBkoqiVfq2AE6ZTnCueoToJE6imfgAObVj11Cc3dx7w&sig=Cg0ArKJSzGO1k5EFAYpBEAE&uach_m=%5BUACH%5D&pr=8:44AD1D73D0860673&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=106&cbvp=1&cstd=105&cisv=r20240103.09932&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame D0B3 7 B
380 B 36ms
9ms XHR
application/json 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?gdpr=0&us_privacy=1---
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://eus.rubiconproject.com
Cache-Control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 7
X-RPHost: 1f4afaf10c6b5898421df1cdca3fc7f5
Expires: 0

GET
DATA 200
OK truncated
/ Frame 3DF7 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 35aa9b4d6de4a092b488d701df30be704ad09a618234cc0869be6150d722751c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 7759 38 KB
13 KB 8ms
7ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 520983
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 02 Jan 2024 09:45:18 GMT
expires: Wed, 01 Jan 2025 09:45:18 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 DcmEnabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 4E56 32 KB
11 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4037769011434089471/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4037769011434089471/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 23:49:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38352
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11558
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 23:49:09 GMT

GET
H3 200 DcmEnabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 577A 32 KB
11 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12881238839111139704/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12881238839111139704/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 23:49:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38352
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11558
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 23:49:09 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4794 204 KB
64 KB 50ms
48ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65775
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704286440049996"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Jan 2024 10:28:21 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/4797436206633363095/ Frame 9F34 1 KB
766 B 43ms
42ms Document
text/html 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4797436206633363095/index.html?e=69&leftOffset=0&topOffset=0&c=zt3bq741Ix&t=1&renderingType=2&ev=01_250

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5b788385293df1407acc0ddf9b8357262517a098c1e0af6c9e3a272bbfcb82d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 737
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 10:28:21 GMT
expires: Tue, 07 Jan 2025 10:28:21 GMT
last-modified: Thu, 27 Apr 2023 13:45:36 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4794 0
0 55ms
54ms Fetch
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssaeXO5-8kui58RSpA8QdFOqKWerjXwIE-KWSm-4OstalnwJSQNMzP12zP31MIwwUFthrvJLVl5XYZ3hiexLblny2RdP5tSEU5dBpHhUKJDkjehFzXO_CXaDzzEXg-PpVVhNjstCjm1ALkgKXjOHaq428hipSIAE5VyyIhQOvo5wVZ0K3DowF90Su6J9G5OnCt4MbURLbIJFnyNM9YueYAs6K-fxzRC5rwpFE04RPWp36IW23auusaVGYTmtMSXtk0wEvqPl9NlXdlzJ0-2pFaSpu4cSimjFauP1FjUVTdrmz1E6yJTB_WZ7X4yZorA9dPTI0dkN0V9GaNdt_EviYIyOPnPaJXsH0lXetUx_hnU6d8018S1tMhjffzMxW0aPBs1N3n85zeyJ5kaZznYJFMrjyseZvZZJeQIhUaFZIKG1_yRG9ivcf6XTDh1jWy885o0i09riZEH7wgxsgrcLUkntmjdmDb0iAuZAuIPjMEARTZKopG3Wrg6vMF10Cz87dhkuyh2nBGKflf5yQ2KGLZM7OGecm8Z0IRgXdPzLlKziyoJmKLYmgM-lS1grarRhrTqmzYMldw6ToJfo7iYstIcYeyBu0_4cn-_7twePMPU6dcxR-CKHD7Ls7VAEuXryOuuBiVUVu3mO4PuHw5LKfk0XamoLvFU0Hav_Z-vLj0Nonvw5pw39IxrX4_hy9cN3FRgiTsWjuPaec7oX18Wy2HfYcXdqhWYYcitKAc4M8ojHfUc8_6hb3-ul0OHEzCaoSx2aDQt_CYdoZJ4ztx6PW1vt-U3iqQde3e62bKnVthSAqYqdam2fF9tvwAdIN8MawQgEt4QYrAe16jxWlTrGAeZbsj_64osBs39Jxg49Nkby4GeqTn9JImt189xGGoX3_QdGLkvq6dqO7Sr3mMAoUepACaaU7aJRcYtq1p-F9rMITG7sXDnClP8Ron3fcKalsuMxYNKBGRqxS9_ZEGAXzf3L2mdX4B_yEWx0DHrCbsrq7kP-Qp9fligXSesZKNrPSnElXNot3s81It79OkgZhplbufdcewOvOLhCuDtj2Hu4kMTze2DyvTkU3roKe4W8AxCy7QMofsWhDb2IPac5Lf8zEBZ3BgNEQxSi-dGZwK-II3E96pssG5iMhxodr6VYrKSr1lVGlpR8-SSJ5Fi7-F3kHFviUjjFMJ7QupBIn1rixlArBq5TNuWX5ZRWWwQ-bmSacyu-BHgMfReVnIFgqp0NPIdrD9zTv7g88uRdec7AdUv2wMgtG0tg_By5zcnAvvoHnpZ9b5li-8BgOJckTPhb6VMcNGRYashFvxVtXfEWEVUwCMeU8igc6awDuc&sai=AMfl-YQEX-wpJjLkRNYVZKdOyyyL9_sTVNULe2b33SDs0JTHCMhP409STJ2ZY6ZBzJbSMN6b0JqOxgLF1Z3CVvOz-xtUo4PwdJxvjCoXYf5FafiHc_ji2SxU_71cpEQGW57qU7ZQEl6GeELhZP7qp8zbAmPDyxSZ032K29o0lChGT4um2B2WYSUfkvPVSS2o5uG42jJdD3ZkfiQsleouneFkt6_F-8sWztbYMCHH2t2gX5-sPN7XDOe8Lo_-OW0&sig=Cg0ArKJSzNwS-P-v2GR1EAE&uach_m=%5BUACH%5D&pr=8:00AB4CC8611D2841&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=107&cbvp=1&cstd=98&cisv=r20240103.86346&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame 4794 60 B
60 B 76ms
18ms Image
image/gif 85.14.248.72
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=63&extPu=lh-mindshare&extProvApi=lh_de&extLi=31080659&extCr=180661613&extPm=382715149&gdpr_consent=&gdpr=0

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

85.14.248.72 Neukirchen-Vluyn, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 08 Jan 2024 10:28:20 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Mo, 08 Jan 2024 10:28:21 GMT
X-ET-Code: 0
Content-Type: image/gif
Cache-Control: max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-ET-Camp: 1119
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame 5DE3 7 B
380 B 9ms
9ms XHR
application/json 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?gdpr=0&us_privacy=1---
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://eus.rubiconproject.com
Cache-Control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 7
X-RPHost: 1f4afaf10c6b5898421df1cdca3fc7f5
Expires: 0

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame A78D 39 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 09:26:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3684
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 09:26:57 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame D3E9 38 KB
13 KB 6ms
6ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 520983
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 02 Jan 2024 09:45:18 GMT
expires: Wed, 01 Jan 2025 09:45:18 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 4A85 38 KB
13 KB 9ms
9ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 520983
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 02 Jan 2024 09:45:18 GMT
expires: Wed, 01 Jan 2025 09:45:18 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3DF7 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodarir&v=44&d=1&s=1&f=0.01&bgai=BzosaRc6bZYKPGPGYjuwPgsu_4AUAAAAAOAHgBAI

Requested by

Host: 07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com
URL: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/ Frame F2DE 107 KB
22 KB 9ms
8ms Document
text/html 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/index.html?ev=01_250

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8adb9b85292100b02bcaf8e97b9080e3236a6aad2bb8dc0354bf39e2237ae8aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 516501
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 22632
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 02 Jan 2024 11:00:00 GMT
expires: Wed, 01 Jan 2025 11:00:00 GMT
last-modified: Fri, 29 Dec 2023 09:14:41 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3DF7 0
0 53ms
52ms Fetch
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvoJJfISpTNasNLIlkV0cefLfou3l883XT7BDN4RyhlaJGJbV0hpZruFfhVPNoMguNnulGrp9YMBMJJ80nTNYOgqAs6pz_zK53kxfYttjhbWNpB5mzoF6kl7tjHWGkDP-5BZJKdVZaxf73wRI4GgGYURwYdU-SHo_ruPZhLWZbAPHYJFrWmA7RPRN2mEFFfjQ8ZI80OIaidSHQS9hlr6AF9JWcthjpWR2Sp15ptdxlWEZVNP6ajxD66yGi7h4iGwBtVF5iO4hor9hjQ8QP7FONp60vnprGwLCsynUmKWY6V1P1coSQMw4nrIyxBGt-_evPgnhAbSDBrwmU5CSMtIlbaF_aeDs91OZFXEa1wyRz9k4DCSqje8KB2IsnQE8YSPmiY-AXlv84WDjQAUpVX3iy3HL_EhxGL2LV5GhPRN4oOAy5AH3rYoVkEEhPo824hoXxJcj0CdOsLZfDbn_MkxhPXXLLhQ0fPQbgGSz0A-ZKvh6_gvpmstCdkelowyhQNlbU80DfVe8dIoM8n-qmvL_Z4H1GV1V-iyv1dNKu9DidRAqv8AOy9EXflw0FMyWWDj2VnXU9p_lS626PY-IHRY74zpSULEybbKzzZldW1VKqCVxw__hkMyW6qbnhCSDT10Id1AIbCYo2VYbjxZtIO2zIoSm-7OTNVUGEl6WuoB_MzNNxwkTLM2shWeoVbgIEZ1vuoQhzav9qjk0ysTgIjONLJF6SvJDKI3pIOsojPr6trpEC_vqnJP2QrZSXVEquB4cY7IJbUTERKCreW9zB4VhiEnNT4L0vDozOXKKB5r69GiOXh7btxBG-6KX78QgzuNT3EIsSurxA-jd1sFk1Si7TmVjn4TPFIdsJmg8Xlp6a03_7-RmF2cjvMzdB0YNEgj5HiKRDfxcmA-EJQxD8HSrFfG-uK1B343FGeu1PHMIUGhutd93eZKSao7EdN93ybM_imNYqhiQNFjuPsjnsBvzyB7f8yOclo3dSgBjNlSf5bMsHhpm8xOm8Fm1VpZmh0lSZeMLUevzqUTOJaHNEh2vkDlFqappAGDK7udzdyRrdRurIVLpx65zy8YfzhIZP6B0lE2xgmRQP-RNFmzNumGs8-ZejdTOw3CzOEsjU9Ns6TtXcgxMvEnabln1CONxfMLUcnLjmo3xcRwySZyoklBN5glUh378a7KJQRF4ouSV-JTWi6MUhtJOLLeXhFDUxHkOBx4zw8EH5Cr2RyPfByGlYL1ys9U_vIGDFWqUu80yS2no6crE7F7dvMpnybxcax03QtavMm0pVX-QKrGOcFRlLCtrE4zKYTf24jVjA4ruKWQNwMT-zfWpB26TrR7EzGGWDNi82JTPsbgoCoQGqBXUNPL5YoRLHw&sai=AMfl-YRjT10qZwQ8mu1HT2J9zeZN6py-ITXKG6-s7YJn0ncGJTABNdh0IAkGNmZzsvR0dmRnJx3IgGxJUdbFZN6-YQ-ORhdbZDBsb79iiVB9rQ5hwuVHTOqboOS8mym_HBrrGFbUp9RppMlJgKqq6L3sVfl2hTRodjYzPr9f7lf4jgFWhnZbLLppP1iaboapsIulmbNV7AzuowaDKuMReJHluDa-wMdeROj3j8nXjLZkNH9S-e3zLE5sdHWn9e2mUkIPrgcx4782YZ7LrKhL_zQ-08PzisTVOq2H01zWPyXNuvDTSFCwI2YL2COkgKbYy3Q&sig=Cg0ArKJSzBqhTrHhz_YLEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=104&cbvp=1&cstd=103&cisv=r20240103.19394&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 93656
tags.bluekai.com/site/ Frame 3DF7 62 B
570 B 201ms
155ms Image
image/gif 104.76.200.221
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/93656?limit=0&phint=event%3Dimp&phint=aid%3D6531095&phint=cid%3D31200026&phint=crid%3D208226895&phint=pid%3D384394325
Requested by: Host: 07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com
URL: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.76.200.221 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-76-200-221.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date: Mon, 08 Jan 2024 10:28:21 GMT
content-length: 62
bk-server: 41a8
content-type: image/gif

GET
H3 200 tweenmax_2.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 9F34 113 KB
38 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4797436206633363095/index.html?e=69&leftOffset=0&topOffset=0&c=zt3bq741Ix&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4797436206633363095/index.html?e=69&leftOffset=0&topOffset=0&c=zt3bq741Ix&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38915
x-xss-protection: 0
last-modified: Tue, 19 Jun 2018 18:02:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 10:28:21 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 9F34 118 KB
40 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4797436206633363095/index.html?e=69&leftOffset=0&topOffset=0&c=zt3bq741Ix&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4797436206633363095/index.html?e=69&leftOffset=0&topOffset=0&c=zt3bq741Ix&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 04:12:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22548
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 09 Jan 2024 04:12:33 GMT

GET
H3 200 DcmEnabler_01_250.js Show response
s0.2mdn.net/879366/ Frame F2DE 32 KB
11 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 07 Jan 2024 23:49:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38352
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11558
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 23:49:09 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 7759 39 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 09:26:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3684
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 09:26:57 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5412 0
0 47ms
46ms Fetch
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssSbyVes1jfH_01_DeU9innsECxo7_UiUINYJ9m3SX-gW_C6eriWsHxWz9KkUnec6h6K-Zv52KsQoiyRsSsWe856Hjt2C3tVIQFG5h8e9TLBvwcOl62zMj1pVLd4mkaL5mJa_44qmfSjaEK1yXWbD6GcyH7O4pjpy8tBGVUJWSxjPG-lDfdzgNUk9cd8mQwqLi4vnl8kGwATMWSIdNy3KPC0gxJSiLiaql9H0aLsyYUnztP--pBn8JP-gfYdn8OeK-0ws8iX4qvqUKyMZ0H-y8e9legp8OPq-IablMO0A_67pc9hDO71-MQvcXXUuaaTWPyI8viV4mMkyyRksU7UQmwhvgRAa2dVFe4K8n_3jmvfACPUh_zgaoOL9AJtILhL4O5J0_pJpEP_ns5qljs1qI8VUn2Y08GVuuC8KoaARV6f1nYWbML0N4xNIYVoMGXMc1SLhVZ4PYM13OC-uSgTLCYSIFAWaraoNDMvH6cA-TKIp9zPfJi69_EP3KDzoZecAB7oyprUdd-6aJsSOr7JukeyctwCws9bofBLnWQsJuGVWGpwA3RFpE5VtIC6r-JPl3NHHnw74MTbVRm9yUE2ur74JVj-8klOFSGE7UERGrTNutitJX9Yt-QPTQiB68k-xlUvt0wnRkrvC1Iaixbynmdw1JLK23D_AQFJiuGJcQ9ktb-mtTnZt8HJsJ7BAM0KGd1yl-1_9Tlv4AlJ0v4AhcZ8Kx05BwBIBQra2Ja3WMoJIN5MorQH3y22i7XGGCKgQ2MbOXd5421Tl6DUtvNVf1xJFbLhka8ur3xgYHFIFClIOEFBqWK15cxrnuzyj9G-5wz6Hx3RsxucRTF_6JF7d8e04n0GmONrxlUfIUZQFZYABPSDTXfDppLin36Rm2d1RRYUbfNsYWHX59LBmDwQbt3Zkvm67S40XTVYZEcbvJgkHRxp6L2f-86CDxc-4tUZos_m8BCQfqGqH68rZXhs-JFhU8LXVsdjVSIBb007qjd45M8hdWFyGFqFGQ3Cf_Tj5mBlNhgr0O96GhJZ7csuamgUPiOt5-dYLPb6dPesMtyp4l4RsTn17gnj-6Pp8SJaVc6d7sjmEOtWf9GED9FCTC2DF-E_oIWDEaBRzlMf_IZ9zR28CXYoF6WTeUqyzZ_pYJcdeSSZERj7dtW9yQ7FZcfsto9P8lImedDiaBLiAU_DjFjB-vxpdnrRk5Ha7WPt2w8orHpVFCdMrijlQgZdcZhvC3Db8n4YuzAoxZW3C1_Y1jYozzmnIU-g15k3jAFoW_1jqGaVtrxDbfGYvGAmfYc7-sffVZLAfx1R5sFxjosdmo&sai=AMfl-YR9RC2zhuOtVhWR2EjQt8XP0BmJ7fXDx6NtVOi0958kG8ajdCc4CBWJ8W8lGB3Ge7US3Jyf9NegXEWo8eZ8-T5FBLfJWtXw0xWAdQc8mK5nl30siDKaMTEFd5cXlSeYk_H4OXGNsrHI_lVEEQJx_3H6bSYr8og2v_IEhVsapjqvp1M-oBugim7Lcl8197atGItNheuLC5BE03y76K4pfUiQVve04UCBpnfT-XcUGBkoqiVfq2AE6ZTnCueoToJE6imfgAObVj11Cc3dx7w&sig=Cg0ArKJSzGO1k5EFAYpBEAE&uach_m=%5BUACH%5D&pr=8:44AD1D73D0860673&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=255&vt=11&dtpt=149&dett=3&cstd=105&cisv=r20240103.09932&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1604 0
0 45ms
44ms Fetch
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuO8VA6FffCOw4uv6rTLQZp54dvHF0gFpVOW36FMpbTtls2QKF1sc7zErWCx-yIbXd44EiJ2rQ_GrMcQDFM6lZVaey3LUCAW8OIHlMeEn_G1aw0to531grWA5ZFwNYVyAO3vF_7yc7FHUn2XspIeuwUi81hl67KyZoQ7cVKq4NzHC9lgixQ3Y4R22x2VK5gVigFDme4H_v94oNFhFPSnJ_L6N3XxujMSrDil6GWX7W-8EzNbgDTREaLeib7qYZdnEKOtI6lSSBOnztwCtrsbRqGZVDCnDho3c32TDZtQdHOu6Tg7Xgz57im9mjTrvcc1M3VkF1JqBG_eB8-N8v_TMYkHmq4Oak-ZXWdZkXtnoBv1hUZ17H2ayPhOC02-orMZkrKAm55ctKYYQ2c2yyTmDunj_yLUQjtqXsZ9p3reYo8femKwdsw-NVKlMoVoeoloD2f5G5_DUGuzTlHrVZy-8P196Z9T7ay5BBv9TvH-vWeskPP617N_dz095hx8QhVvAnAypLFrP6c5TNNWVcEw4Mu3lDVirFdjIBUwZyMnx33zZckf9eHlKtNji1a0pW_MxVePzZyww9sU5cBbrwKvEf3a8MYhBFQ4ssKxIeP55URBK5yUX4giKdy4dO9tUItORs4CkYKBVNuBiqWUZEzJGNMspRTgscMG0NQphWStT3kzLl31UwThmytz2P8BuPnHmfAi5eZd-kRzAyAkSR3XnRomFnvfkh9bvol3zK3qU-rLlbY30E3Y3TN9eN44oBrzPpFQP7OKeHPcIlgzdOW4szxfBF6-ex5WK1zeG1vsbP9b5FE2exbIkxU6zWOr5NbbDSmr6GmgIxZjqKT6GZhE6_nTKoBrKLW55IdGNQP8y0YMF-wsASWk1bPYei8tNvl0fU3fxw5tdym7sdSQdB7uUkCcyJ3BFKgwQxpCQl1KFDSV6IwOKF-Xu-fyh0KADyQpaaKfo_JJVMynmRWVHx-VrQv2TwINcW91-2J4h5f46O0G45XSQuIFfhPS4zAEG---WS-owi8WMlLicn2IjseyFsTHj6pUdzIXkoGPPhEdTBbZNSiXLHPi3kGEBoLyO4NsYjdYl19oq1LXxW5rJ7ngSNCkwTE7CWNAOs6lS28E-XSMl8nmCXGRdY3ey0wYdsl8KNO0FPV38MzK1WR7iQrZCm9yy47HKsjxwAqZfyVvf_6azNX_E5TBTPRcsiVjwpjmXKBTLc8HScAWnofwrhew9qItnsy82m1AZ5ZpwNsERp7_ujRNut-TjaIgz6oCelvkD2MWXb1I-TiPGJ3geyc8c5ifDzmvUq_CI_bAVVJWYNrRQ&sai=AMfl-YQAcjGbmF1BkqXUTGgn2ZJQzM9GVSIXd8oO_qyUsr8IQ--8dQv_pmY3lkcU-UL_DHgS1e7yeP4fFx9KIrIz7F5DM_eHwAeAIhjseEKgLi_2iKYTywievDW4VlQKvawkUAm31akiMaK1SRp-DxEVnLx8vpieQVkXYEQuntNLMv2EM3DQ9a1Rqc-vk2Z2LRZHslBfLQpZDMRncSER4bsEDpyaDvTrWMjH_kjS3HZ3-2-npQ23w5XBzpvBpK-Z3oMkBNR8jTaIuFA8KUesyVk&sig=Cg0ArKJSzHquWI_Z8s5IEAE&uach_m=%5BUACH%5D&pr=8:E1F0C29C3320A394&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=317&vt=11&dtpt=153&dett=3&cstd=162&cisv=r20240103.18904&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame D3E9 39 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 09:26:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3684
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 09:26:57 GMT

GET
H2 200 main.19.8.466.js Show response
static.adsafeprotected.com/ Frame 3DF7 213 KB
67 KB 39ms
8ms Script
application/javascript 2600:9000:223f:c800:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.466.js
Requested by: Host: www.coloring.ws
URL: https://www.coloring.ws/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:c800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8acc1f1025dcaf26f8f860f726b3a05a701b77eb685301d4f25bc8339bbf891f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 20:53:12 GMT
x-amz-version-id: xzgJjX2ySahBlQ72zDUgnxljnut_sNmJ
content-encoding: gzip
via: 1.1 7be6cb2d0156b563b6b1c8f2595ddd52.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2208909
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 13 Dec 2023 19:37:51 GMT
server: AmazonS3
etag: W/"eac384b0904b6f5677cb58a4d4e104c8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: 2qgERkbOQd2bEvYRhiNksH5Uu8phw4DvLVVhNSoluSPmstGgr5CcuQ==

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 4A85 39 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 09:26:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3684
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 09:26:57 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3DF7 0
0 44ms
44ms Fetch
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvoJJfISpTNasNLIlkV0cefLfou3l883XT7BDN4RyhlaJGJbV0hpZruFfhVPNoMguNnulGrp9YMBMJJ80nTNYOgqAs6pz_zK53kxfYttjhbWNpB5mzoF6kl7tjHWGkDP-5BZJKdVZaxf73wRI4GgGYURwYdU-SHo_ruPZhLWZbAPHYJFrWmA7RPRN2mEFFfjQ8ZI80OIaidSHQS9hlr6AF9JWcthjpWR2Sp15ptdxlWEZVNP6ajxD66yGi7h4iGwBtVF5iO4hor9hjQ8QP7FONp60vnprGwLCsynUmKWY6V1P1coSQMw4nrIyxBGt-_evPgnhAbSDBrwmU5CSMtIlbaF_aeDs91OZFXEa1wyRz9k4DCSqje8KB2IsnQE8YSPmiY-AXlv84WDjQAUpVX3iy3HL_EhxGL2LV5GhPRN4oOAy5AH3rYoVkEEhPo824hoXxJcj0CdOsLZfDbn_MkxhPXXLLhQ0fPQbgGSz0A-ZKvh6_gvpmstCdkelowyhQNlbU80DfVe8dIoM8n-qmvL_Z4H1GV1V-iyv1dNKu9DidRAqv8AOy9EXflw0FMyWWDj2VnXU9p_lS626PY-IHRY74zpSULEybbKzzZldW1VKqCVxw__hkMyW6qbnhCSDT10Id1AIbCYo2VYbjxZtIO2zIoSm-7OTNVUGEl6WuoB_MzNNxwkTLM2shWeoVbgIEZ1vuoQhzav9qjk0ysTgIjONLJF6SvJDKI3pIOsojPr6trpEC_vqnJP2QrZSXVEquB4cY7IJbUTERKCreW9zB4VhiEnNT4L0vDozOXKKB5r69GiOXh7btxBG-6KX78QgzuNT3EIsSurxA-jd1sFk1Si7TmVjn4TPFIdsJmg8Xlp6a03_7-RmF2cjvMzdB0YNEgj5HiKRDfxcmA-EJQxD8HSrFfG-uK1B343FGeu1PHMIUGhutd93eZKSao7EdN93ybM_imNYqhiQNFjuPsjnsBvzyB7f8yOclo3dSgBjNlSf5bMsHhpm8xOm8Fm1VpZmh0lSZeMLUevzqUTOJaHNEh2vkDlFqappAGDK7udzdyRrdRurIVLpx65zy8YfzhIZP6B0lE2xgmRQP-RNFmzNumGs8-ZejdTOw3CzOEsjU9Ns6TtXcgxMvEnabln1CONxfMLUcnLjmo3xcRwySZyoklBN5glUh378a7KJQRF4ouSV-JTWi6MUhtJOLLeXhFDUxHkOBx4zw8EH5Cr2RyPfByGlYL1ys9U_vIGDFWqUu80yS2no6crE7F7dvMpnybxcax03QtavMm0pVX-QKrGOcFRlLCtrE4zKYTf24jVjA4ruKWQNwMT-zfWpB26TrR7EzGGWDNi82JTPsbgoCoQGqBXUNPL5YoRLHw&sai=AMfl-YRjT10qZwQ8mu1HT2J9zeZN6py-ITXKG6-s7YJn0ncGJTABNdh0IAkGNmZzsvR0dmRnJx3IgGxJUdbFZN6-YQ-ORhdbZDBsb79iiVB9rQ5hwuVHTOqboOS8mym_HBrrGFbUp9RppMlJgKqq6L3sVfl2hTRodjYzPr9f7lf4jgFWhnZbLLppP1iaboapsIulmbNV7AzuowaDKuMReJHluDa-wMdeROj3j8nXjLZkNH9S-e3zLE5sdHWn9e2mUkIPrgcx4782YZ7LrKhL_zQ-08PzisTVOq2H01zWPyXNuvDTSFCwI2YL2COkgKbYy3Q&sig=Cg0ArKJSzBqhTrHhz_YLEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=223&vt=11&dtpt=119&dett=3&cstd=103&cisv=r20240103.19394&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4794 0
0 44ms
44ms Fetch
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssaeXO5-8kui58RSpA8QdFOqKWerjXwIE-KWSm-4OstalnwJSQNMzP12zP31MIwwUFthrvJLVl5XYZ3hiexLblny2RdP5tSEU5dBpHhUKJDkjehFzXO_CXaDzzEXg-PpVVhNjstCjm1ALkgKXjOHaq428hipSIAE5VyyIhQOvo5wVZ0K3DowF90Su6J9G5OnCt4MbURLbIJFnyNM9YueYAs6K-fxzRC5rwpFE04RPWp36IW23auusaVGYTmtMSXtk0wEvqPl9NlXdlzJ0-2pFaSpu4cSimjFauP1FjUVTdrmz1E6yJTB_WZ7X4yZorA9dPTI0dkN0V9GaNdt_EviYIyOPnPaJXsH0lXetUx_hnU6d8018S1tMhjffzMxW0aPBs1N3n85zeyJ5kaZznYJFMrjyseZvZZJeQIhUaFZIKG1_yRG9ivcf6XTDh1jWy885o0i09riZEH7wgxsgrcLUkntmjdmDb0iAuZAuIPjMEARTZKopG3Wrg6vMF10Cz87dhkuyh2nBGKflf5yQ2KGLZM7OGecm8Z0IRgXdPzLlKziyoJmKLYmgM-lS1grarRhrTqmzYMldw6ToJfo7iYstIcYeyBu0_4cn-_7twePMPU6dcxR-CKHD7Ls7VAEuXryOuuBiVUVu3mO4PuHw5LKfk0XamoLvFU0Hav_Z-vLj0Nonvw5pw39IxrX4_hy9cN3FRgiTsWjuPaec7oX18Wy2HfYcXdqhWYYcitKAc4M8ojHfUc8_6hb3-ul0OHEzCaoSx2aDQt_CYdoZJ4ztx6PW1vt-U3iqQde3e62bKnVthSAqYqdam2fF9tvwAdIN8MawQgEt4QYrAe16jxWlTrGAeZbsj_64osBs39Jxg49Nkby4GeqTn9JImt189xGGoX3_QdGLkvq6dqO7Sr3mMAoUepACaaU7aJRcYtq1p-F9rMITG7sXDnClP8Ron3fcKalsuMxYNKBGRqxS9_ZEGAXzf3L2mdX4B_yEWx0DHrCbsrq7kP-Qp9fligXSesZKNrPSnElXNot3s81It79OkgZhplbufdcewOvOLhCuDtj2Hu4kMTze2DyvTkU3roKe4W8AxCy7QMofsWhDb2IPac5Lf8zEBZ3BgNEQxSi-dGZwK-II3E96pssG5iMhxodr6VYrKSr1lVGlpR8-SSJ5Fi7-F3kHFviUjjFMJ7QupBIn1rixlArBq5TNuWX5ZRWWwQ-bmSacyu-BHgMfReVnIFgqp0NPIdrD9zTv7g88uRdec7AdUv2wMgtG0tg_By5zcnAvvoHnpZ9b5li-8BgOJckTPhb6VMcNGRYashFvxVtXfEWEVUwCMeU8igc6awDuc&sai=AMfl-YQEX-wpJjLkRNYVZKdOyyyL9_sTVNULe2b33SDs0JTHCMhP409STJ2ZY6ZBzJbSMN6b0JqOxgLF1Z3CVvOz-xtUo4PwdJxvjCoXYf5FafiHc_ji2SxU_71cpEQGW57qU7ZQEl6GeELhZP7qp8zbAmPDyxSZ032K29o0lChGT4um2B2WYSUfkvPVSS2o5uG42jJdD3ZkfiQsleouneFkt6_F-8sWztbYMCHH2t2gX5-sPN7XDOe8Lo_-OW0&sig=Cg0ArKJSzNwS-P-v2GR1EAE&uach_m=%5BUACH%5D&pr=8:00AB4CC8611D2841&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=264&vt=11&dtpt=157&dett=3&cstd=98&cisv=r20240103.86346&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 cta.svg
s0.2mdn.net/creatives/assets/5036975/ Frame 577A 6 KB
2 KB 7ms
7ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/5036975/cta.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0ef70918f6430c9312af8c9ed798349fa4f3a7f6d609be6d604dbc83ec1057c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12881238839111139704/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:13:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 866
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1990
x-xss-protection: 0
last-modified: Thu, 16 Nov 2023 07:52:16 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 10:28:55 GMT

GET
H3 200 txt_preis.svg
s0.2mdn.net/creatives/assets/5036975/ Frame 577A 1 KB
666 B 13ms
10ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/5036975/txt_preis.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

631bd0e32a5703c892e1ad077cd904660cdf66b049f647244e2ad70e95d6dd8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12881238839111139704/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:15:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 797
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 638
x-xss-protection: 0
last-modified: Thu, 16 Nov 2023 07:52:34 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 10:30:04 GMT

GET
H3 200 glow.png
s0.2mdn.net/creatives/assets/5036975/ Frame 577A 6 KB
6 KB 20ms
18ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/5036975/glow.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f7b4153158b195f6da0057679e7405138815d8b2f1e81268018b2f67e5ca5fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12881238839111139704/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:13:54 GMT
x-content-type-options: nosniff
age: 867
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5901
x-xss-protection: 0
last-modified: Thu, 16 Nov 2023 10:16:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 10:28:54 GMT

GET
H3 200 txt_1_line_2.svg
s0.2mdn.net/creatives/assets/5036975/ Frame 577A 8 KB
3 KB 18ms
16ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/5036975/txt_1_line_2.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a1007d992455627a6ea5282ce688addfd6d12050245ae03b957953886c5dbb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12881238839111139704/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:15:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2684
x-xss-protection: 0
last-modified: Thu, 16 Nov 2023 07:52:38 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 10:30:05 GMT

GET
H3 200 txt_1_line_1.svg
s0.2mdn.net/creatives/assets/5036975/ Frame 577A 8 KB
2 KB 19ms
17ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/5036975/txt_1_line_1.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a602fe080c48f594ff801ef9292be8a70eabf8d9bd0595ff85368f0bbb54174f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12881238839111139704/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:15:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2331
x-xss-protection: 0
last-modified: Thu, 16 Nov 2023 07:52:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 10:30:05 GMT

GET
H3 200 728x90_kv_tui.jpg
s0.2mdn.net/creatives/assets/5036975/ Frame 577A 41 KB
41 KB 15ms
13ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/5036975/728x90_kv_tui.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b06dcb0ba46016ac47861319e6e9cad2c71784e095c15666be50613e53c1c6f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12881238839111139704/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:15:15 GMT
x-content-type-options: nosniff
age: 786
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41631
x-xss-protection: 0
last-modified: Thu, 16 Nov 2023 13:53:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 10:30:15 GMT

GET
H3 200 728x90_kv_wish_new.jpg
s0.2mdn.net/creatives/assets/5036975/ Frame 577A 38 KB
38 KB 16ms
14ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/5036975/728x90_kv_wish_new.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4bb3a8613cd5c79fb17ee3e6c298e29a827ab8d27b08edd571977224fa6c929e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12881238839111139704/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:15:16 GMT
x-content-type-options: nosniff
age: 785
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39346
x-xss-protection: 0
last-modified: Wed, 22 Nov 2023 10:28:13 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 10:30:16 GMT

GET
DATA 200
OK truncated
/ Frame 577A 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 cta.svg
s0.2mdn.net/creatives/assets/5036975/ Frame 4E56 6 KB
2 KB 9ms
8ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/5036975/cta.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4037769011434089471/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0ef70918f6430c9312af8c9ed798349fa4f3a7f6d609be6d604dbc83ec1057c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4037769011434089471/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:13:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 866
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1990
x-xss-protection: 0
last-modified: Thu, 16 Nov 2023 07:52:16 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 10:28:55 GMT

GET
H3 200 txt_preis.svg
s0.2mdn.net/creatives/assets/5036975/ Frame 4E56 1 KB
666 B 13ms
11ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/5036975/txt_preis.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4037769011434089471/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

631bd0e32a5703c892e1ad077cd904660cdf66b049f647244e2ad70e95d6dd8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4037769011434089471/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:15:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 797
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 638
x-xss-protection: 0
last-modified: Thu, 16 Nov 2023 07:52:34 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 10:30:04 GMT

GET
H3 200 glow.png
s0.2mdn.net/creatives/assets/5036975/ Frame 4E56 6 KB
6 KB 22ms
21ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/5036975/glow.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4037769011434089471/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f7b4153158b195f6da0057679e7405138815d8b2f1e81268018b2f67e5ca5fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4037769011434089471/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:13:54 GMT
x-content-type-options: nosniff
age: 867
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5901
x-xss-protection: 0
last-modified: Thu, 16 Nov 2023 10:16:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 10:28:54 GMT

GET
H3 200 txt_1_line_2.svg
s0.2mdn.net/creatives/assets/5036975/ Frame 4E56 8 KB
3 KB 20ms
19ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/5036975/txt_1_line_2.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4037769011434089471/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a1007d992455627a6ea5282ce688addfd6d12050245ae03b957953886c5dbb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4037769011434089471/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:15:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2684
x-xss-protection: 0
last-modified: Thu, 16 Nov 2023 07:52:38 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 10:30:05 GMT

GET
H3 200 txt_1_line_1.svg
s0.2mdn.net/creatives/assets/5036975/ Frame 4E56 8 KB
2 KB 21ms
20ms Image
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/5036975/txt_1_line_1.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4037769011434089471/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a602fe080c48f594ff801ef9292be8a70eabf8d9bd0595ff85368f0bbb54174f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4037769011434089471/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:15:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2331
x-xss-protection: 0
last-modified: Thu, 16 Nov 2023 07:52:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 10:30:05 GMT

GET
DATA 200
OK truncated
/ Frame 4E56 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 160x600_kv_tui.jpg
s0.2mdn.net/creatives/assets/5036975/ Frame 4E56 61 KB
61 KB 23ms
22ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/5036975/160x600_kv_tui.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68819b304d25cf606fcef1a6a8a3c6afea88d2a84da2b7b9b02f2f65c5731d2b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4037769011434089471/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:16:16 GMT
x-content-type-options: nosniff
age: 725
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62861
x-xss-protection: 0
last-modified: Thu, 16 Nov 2023 14:47:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 10:31:16 GMT

GET
H3 200 160x600_kv_wish.jpg
s0.2mdn.net/creatives/assets/5036975/ Frame 4E56 40 KB
40 KB 24ms
23ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/5036975/160x600_kv_wish.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04bd9c3e1aeedd5c016b30d43eb423db59d7874fb4a1e97c0b651ac0122a3e47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4037769011434089471/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:16:13 GMT
x-content-type-options: nosniff
age: 728
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41249
x-xss-protection: 0
last-modified: Thu, 16 Nov 2023 14:47:58 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 10:31:13 GMT

GET
H3 200 Logo.png
s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/ Frame F2DE 5 KB
5 KB 10ms
10ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/Logo.png

Requested by

Host: 07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com
URL: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

70857504e246762877461c8aa20de02df0d734bb0ad14dde07cb0e02cff8fb91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Wed, 01 Jan 2025 11:00:00 GMT
date: Tue, 02 Jan 2024 11:00:00 GMT
x-content-type-options: nosniff
age: 516501
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5264
x-xss-protection: 0
last-modified: Fri, 29 Dec 2023 09:14:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 preis.png
s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/ Frame F2DE 2 KB
2 KB 16ms
16ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/preis.png

Requested by

Host: 07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com
URL: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

be4ec0712dc183908e0a7ee57c2d962b7e521bc740638bb357eedf0cc24efccf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Wed, 01 Jan 2025 11:00:00 GMT
date: Tue, 02 Jan 2024 11:00:00 GMT
x-content-type-options: nosniff
age: 516501
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2258
x-xss-protection: 0
last-modified: Fri, 29 Dec 2023 09:14:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 Product.png
s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/ Frame F2DE 5 KB
5 KB 15ms
15ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/Product.png

Requested by

Host: 07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com
URL: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79af0270d47ff83fe1f753870300b4a0fb3a3d88ce4bc184340187ebd5c497f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Sat, 04 Jan 2025 20:07:30 GMT
date: Fri, 05 Jan 2024 20:07:30 GMT
x-content-type-options: nosniff
age: 224451
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5283
x-xss-protection: 0
last-modified: Fri, 29 Dec 2023 09:14:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 Date.png
s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/ Frame F2DE 914 B
953 B 14ms
14ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/Date.png

Requested by

Host: 07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com
URL: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3039b83f93f42d39138d253991aaa0ed99c7d63ac80aa4ab9b00f25b43b9ec0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Wed, 01 Jan 2025 11:00:00 GMT
date: Tue, 02 Jan 2024 11:00:00 GMT
x-content-type-options: nosniff
age: 516501
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 914
x-xss-protection: 0
last-modified: Fri, 29 Dec 2023 09:14:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 HL.png
s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/ Frame F2DE 1 KB
1 KB 11ms
10ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/HL.png

Requested by

Host: 07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com
URL: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4be0f63f270ac9e5fa60b6e0560cfff6ed5a1ea06a39ffe6c0f28d098baa569f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Wed, 01 Jan 2025 11:00:00 GMT
date: Tue, 02 Jan 2024 11:00:00 GMT
x-content-type-options: nosniff
age: 516501
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1464
x-xss-protection: 0
last-modified: Fri, 29 Dec 2023 09:14:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 Visual.png
s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/ Frame F2DE 5 KB
5 KB 13ms
13ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/Visual.png

Requested by

Host: 07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com
URL: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa9264be58c8ef61d1bd2e36c7ee38974a8c79e198a8859eaee5eca85c996e10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Wed, 01 Jan 2025 11:00:00 GMT
date: Tue, 02 Jan 2024 11:00:00 GMT
x-content-type-options: nosniff
age: 516501
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5048
x-xss-protection: 0
last-modified: Fri, 29 Dec 2023 09:14:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 BG2.png
s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/ Frame F2DE 9 KB
9 KB 12ms
12ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/BG2.png

Requested by

Host: 07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com
URL: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2bcea3cd95d241d79f71ce3066c3670e8af27fdde3b26e5e21dd5c01a3bacad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11129136929417033734/728x90/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Fri, 03 Jan 2025 23:07:58 GMT
date: Thu, 04 Jan 2024 23:07:58 GMT
x-content-type-options: nosniff
age: 300023
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9404
x-xss-protection: 0
last-modified: Fri, 29 Dec 2023 09:14:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 main.js Show response
s0.2mdn.net/creatives/assets/4703545/ Frame 9F34 3 KB
1 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4703545/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4797436206633363095/index.html?e=69&leftOffset=0&topOffset=0&c=zt3bq741Ix&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1b2da575466eb30982e08c1020f55bcf2d9565f53bd64c3da87a1d774d75588

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4797436206633363095/index.html?e=69&leftOffset=0&topOffset=0&c=zt3bq741Ix&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:22:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 363
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1100
x-xss-protection: 0
last-modified: Fri, 05 May 2023 10:07:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 10:37:18 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 9F34 8 KB
6 KB 49ms
49ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2d90f6aceec07318b3ca31323aa0f8bff4031f2e5d28283ae95b71fb2227da2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5958
x-xss-protection: 0

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame 3DF7
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1898970/77442736/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1015630378&ias_pubId=pub-4113681882311455&ias_chanId=1&ias_placementId=20903658371&bi...
https://static.adsafeprotected.com/skeleton.js?ias_xappb=

17 B
465 B

7ms
6ms

Script
application/javascript

2600:9000:223f:c800:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js?ias_xappb=
Protocol: H2
Server: 2600:9000:223f:c800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 03:21:19 GMT
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via: 1.1 7be6cb2d0156b563b6b1c8f2595ddd52.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 8924823
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: P9BGlinUdH7k28kbGLv7MDbsLDbdzDI_ElS5MS_wgIjQUzfs84LODg==

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
server: nginx
x-server-name: app04.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js?ias_xappb=
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 03E2 91 KB
23 KB 7ms
6ms Script
application/javascript 2600:9000:223f:c800:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: 07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com
URL: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:c800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 00:09:11 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 7be6cb2d0156b563b6b1c8f2595ddd52.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 9454751
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: pgQn4d0wMGxO9tEKAFN-_gpQbl9xfTscbdNbRRC2QR0dtEFtrkt_yA==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 3DF7 43 B
216 B 588ms
192ms Image
image/gif 2600:1f13:800:7782:857d:d048:5cf8:98f7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1898970&asId=4bfa629a-d79b-f809-bd4e-8a585479cc85&tv=%7Bc:HIYBU,pingTime:-3,time:177,type:v,clog:%5B%7Bpiv:-1,vs:n,r:,w:728,h:90,t:139%7D,%7Bpiv:0,vs:o,r:l,t:176%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:177,n:176,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:139,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B46~1,0~0%5D,as:%5B46~728.90%5D%7D%7D,%7Bsl:o,t:176,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1~0%5D,as:%5B1~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:u0Lybff+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C191%7C192%7C1931%7C194%7C1a*.1898970-77442736%7C1a1%7C1a21%7C1a3%7C1b1%7C1b2%7C1b3%7C1b41%7C1c1%7C1c2%7C1c3%7C1c41,fm2:u0Lybff+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C191%7C192%7C1931%7C194%7C1a*.1898970-77442736%7C1a1%7C1a21%7C1a3%7C1b1%7C1b2%7C1b3%7C1b41%7C1c1%7C1c2%7C1c3%7C1c41,idMap:1a*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:140%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:857d:d048:5cf8:98f7 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:22 GMT
server: nginx
x-server-name: dt14.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 3DF7 43 B
215 B 589ms
195ms Image
image/gif 2600:1f13:800:7782:857d:d048:5cf8:98f7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1898970&asId=4bfa629a-d79b-f809-bd4e-8a585479cc85&tv=%7Bc:HIYBV,pingTime:-6,time:178,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:178,n:176,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:139,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B46~1,0~0%5D,as:%5B46~728.90%5D%7D%7D,%7Bsl:o,t:176,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B2~0%5D,as:%5B2~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:u0Lybff+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C191%7C192%7C1931%7C194%7C1a*.1898970-77442736%7C1a1%7C1a21%7C1a3%7C1b1%7C1b2%7C1b3%7C1b41%7C1c1%7C1c2%7C1c3%7C1c41,fm2:u0Lybff+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C191%7C192%7C1931%7C194%7C1a*.1898970-77442736%7C1a1%7C1a21%7C1a3%7C1b1%7C1b2%7C1b3%7C1b41%7C1c1%7C1c2%7C1c3%7C1c41,idMap:1a*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:140%7D&tpiLookup=ao:www.coloring.ws*&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:857d:d048:5cf8:98f7 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:22 GMT
server: nginx
x-server-name: dt03.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 9F34 17 KB
6 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 08 Jan 2024 10:28:21 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 3DF7 43 B
215 B 564ms
194ms Image
image/gif 2600:1f13:800:7782:857d:d048:5cf8:98f7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1898970&asId=4bfa629a-d79b-f809-bd4e-8a585479cc85&tv=%7Bc:HIYCk,pingTime:-2,time:203,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:512,beZ:513,mfA:641,cmA:641,inA:642,inZ:644,prA:644,prZ:647,si:652,poA:653,poZ:662,cmZ:662,mfZ:662,loA:689,loZ:691,ltA:715,ltZ:715,mdA:514,mdZ:561%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:true,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:728,h:90,t:139%7D,%7Bpiv:0,vs:o,r:l,t:176%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:203,n:176,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:139,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B46~1,0~0%5D,as:%5B46~728.90%5D%7D%7D,%7Bsl:o,t:176,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B27~0%5D,as:%5B27~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:u0Lybff+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C191%7C192%7C1931%7C194%7C1a*.1898970-77442736%7C1a1%7C1a21%7C1a3%7C1b1%7C1b2%7C1b3%7C1b41%7C1c1%7C1c2%7C1c3%7C1c41,fm2:u0Lybff+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C191%7C192%7C1931%7C194%7C1a*.1898970-77442736%7C1a1%7C1a21%7C1a3%7C1b1%7C1b2%7C1b3%7C1b41%7C1c1%7C1c2%7C1c3%7C1c41,idMap:1a*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:140,sinceFw:62,readyFired:true%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:857d:d048:5cf8:98f7 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:22 GMT
server: nginx
x-server-name: dt05.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A78D 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BSAJERc6bZfL2EN6RjuwP16mayAYAAAAAOAHgBAI&bg=!8fKl8r3NAAY3kmNgF5I7ADQBe5WfOGsRIEL36cNn-n9-ldMtD9DuGetMut2vGW6iCx_baVApWmUXEOW5G55_o1Q7yU9CAgAAAL9SAAAAAmgBB5kCz8NVbfHuVCFGrWGHkq60fCLNE18zJmFTkt77tnQA7EpIyxBPPMg3Y_PSvQm44WPtwGzJxlsqx5SlCYZTylwzXcKnapSktQcNQDU1pArrod1Bf7BwTa0Xd_D4xSUbXBKqO7qLUioHuRJZo6NsNVF96iCRsQPML-LUcxPqJe-5nQpQixbR7vNuhY8-Q2jVM2hgs6HVIlmmowsd9qKAlWIgcxJ8aatkdFkQpovnZdq7ekhaItGInSggw_QugOg1ZR255yvNG__3jYUoEREuNZhXGmvLf83-p4_Cb_xFygQRz6CeirzpTkkIqcCSZRboQ9TSUBv7B088SN9NxPXzxOLlWZ981CXti3oTpufM75fjVaEAOyW-7gGXlBueiIzN63GcwZjy2pI9Feh2yqUiogwSCd32VE3zwPCRyUcME9_7QosObpkGoWxOmE5dCmc7ZGZkvsBWcrqhgIw6atmaHE25IkJNld_SSRiu7FNyCrxSO2i9_2ifnol6FW-saEmp3bRc67xVE5MJVNX7I3enzM_fTghY1548zu_5fD_Sv5oDHh6KtIErGAdSGKcCVCCbZuZo7zyvXopyW0nZwJ9MSKPwqa1gKf_Nsj8OoWoAB2dSBuNmjpLhbmymO_9MuioobCbL8hJUcZWfkpvyV_-J3-b1WmxaZQ24n7PqG4XD0jmnRgsKbQ8p8hbpwZ-H_LfQG-pR3U9Tlsv29-6PA26tUd3wX0kJ71HFU0hvr8a4tAYTqXXK7bK9Ca-twhg59eUNniJVlK5gMEbAQYto6jqWM1qDJNwUEb3mqUpcPybav1leNS_irs70UwdOcatYcIj6XmWt5XYioSPE-27Rv0SKdFDBhdfqfuJPaICfSQsAhJoi0rwUpPZHaUpu_0VwDQCYuIvm1BULl2ij5pLoC0PQjcUEBQdjF_cmS6ZQ48VUq5EedPPip9DsMIJS5njns-7CWLb7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 160x600_de-de_performance.js Show response
s0.2mdn.net/creatives/assets/4703545/ Frame 9F34 79 KB
19 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/main.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8793dc3f1554428df5b578b9f13aeff227dee58d7bb6cd102a804b173d8bc751

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4797436206633363095/index.html?e=69&leftOffset=0&topOffset=0&c=zt3bq741Ix&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:25:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 162
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19234
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 14:40:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 10:40:39 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7759 0
20 B 46ms
46ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BKhU1Rc6bZayWE83UjuwPpJCsUAAAAAA4AeAEAg&bg=!KSqlKmXNAAY3kmNgF5I7ADQBe5WfOBdFn_MdbjDPmzll9dz3HlQhFE3UPXXHsQbLwkcpIBob8RMHVhESCUBv15UWRuRjAgAAALxSAAAAAWgBB5kC13ak2RKt8s1OiXs7WgxMVE3pxDQ94PPX-R1EkOAUSVE-uDsvnZOkP2d1k6ovw5m67aPA0Q_pKUrfVz7gjbZzBW4bQEve64HA2plygtvK6ocln6pdJzXmtm1tvjA2IOzH-Cj4RE56B27z6YJQYjq3E1yqmKrxF26qCZ_zFV_wA-oKkLUfwc-j1oYATBesSJhLZnx4Oyz4v2b2GeXiH8TxA2OchTuxwgdyjYGtEP3oP-74305eBYUaalCuOFTIOCaQ746nVWLVrI9gtgwngOxy_qAs9fVIR_E9P1K-JPKdMjY7C8s_e5467kqGQ9piS6iiy4bKRNIvtY-0qQbYhGsP8aJyc1VltnNhu79hG1Qdfiv7Ji5wKu3gTPiN1yHd5jOucyDWLYv96lctZqtRB8x2EBL7xNSB-kDaqSWOluINHUhweuAGMMyGDt6tpcfVSKBvdOj_zmwHlh1xkTfIknttoKRxXXjHjvBFd7rHTg6kYbLhSE48Wu_6NXVzzkyMxSwIGY5DGcknsIp-VBdPDGm3HaZ8Q9tvM32yCliesehcdbYxEWU-vhM36f4-owHrpZ5oE_Pbb26gNG0fJ7vRMKxrF_haF8_aU0-5Ds_JjDHf4tJKnadNXBr0vPffthmPdE_7l8x-ljxnMdnGjV2HWylQ0iRprjO4x4lNJ9Q8nYqDbRfa8799kjW01IIDhEGIbBsSNKfxawwtr6vmmDgiAYvwYiejJI8m90e3KTZ__PcfknILcG6RkL6uS1n2ATcqiewS3iZdLSRDUllXNZjJZLKrkXfOWbtpfS12zmJZ0yNoggQ5IKZRG-qP07SPFAOHntGVKrdk8daXEdAWSe4LZDMhZLULlNgnqU-jTpGaCxRHy3rDNMKgwPsMaTJPOTxo3tvviZU6ndtzBbbMyQLu_m9-GUyngw-O84I4QsKCay5aPNQ6dAniE2t_o_mZEMCtwRLytqzEZMopyW8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 6D57 39 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 09:26:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3684
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jan 2025 09:26:57 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D3E9 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BXBGkRc6bZanKFc3UjuwPpJCsUAAAAAA4AeAEAg&bg=!r6ylrOPNAAY3kmNgF5I7ADQBe5WfOEeFlhtBMQgYYBCsQdM-JjvD2pgZOMq12YAcdyIpDAR07QF-voqkQgvDohX55DI7AgAAAK5SAAAAAmgBB5kC7969Hwf1LTlL5cDQcVnLV_WkvwT5YtFJ-yjn8eHMLNwUMSjd7OdSbXQLApZPK2ZtRtQD3eCCJVzPsBEN4diqfS73J0mbMdsWaaA6EpExjh9mFQKDL_n_1s2bkkhnRjzIy3leWrlwNJtRulI-C7nyB40ywyFR6OVNNO7lycAxfFbVJHlgkpWV2kaIDNC-AQHF_MjSmTagvMgENDfnQgKA7whHnWpkE9oaw0qMc1CCRICstoDtWcXl3LGH6Oh9Dy5PaGnZFKrd595vjLY31fXAcq8FBc4LbrWo0VjhTSHgus84p-iZ464YHAdFGRuH4Gy0lZr21Z3npWOqEIli-odDMSZeUADpl4djZdhs2bITWL3eP47QQ0X2nHwuJgORtkArCqfUr6YkdsduLSWOER9SfuWN6lYtn1HygkP-KoQo_co_jRM_cMHxlKQqalcvedSg3L7JouGFmAqiagvK0rzfAaeCohucQ-gpdN9kGi9JwByGS2eVXUwpvuxbMM-jAbW6IMOJAi2KDNzt7X-pZDA3MSQtEDD-lmSWY4XSfESutCclcfnC_f2frrRP5ACz9sTBaCCAjcAhdafax--rFKdS7rRrtwpQqTgEwm81zQj-PDdzIwX5nQBHGXfXkqeMazpeeATWai_qTw3c5QyI3CMODR2uGEq5yCSbBvn6Kek5YsyyS2C_L7mZblDRjmA1SmHWoJf8fsOtdp1fHeZMnHtu_tl8IasGLg33GohgJXbOFpuP2oFOkfHbbyjBujZEuWCbSGM6gh7_1VeCJ2BWXGMo2eWjmxbvVKEdXVSr6bhbxrKrJWjCdee0ibuUqj5cpx58EfFou8iQQs90K8TX9HPid8g5ip5BTpYaNL3MJ-FGUM-00fst-W97EI8Y0x69_ouOU1vSnVsy04eY66opjv21ADJSbEFRE2vQZGaAoomdfrbanxXHF73zndflCL-g_SLfQhurKHd9f57vfm_n-ydK9lPJoX92z7ONxH_EH20Z8tw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4A85 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BzosaRc6bZYKPGPGYjuwPgsu_4AUAAAAAOAHgBAI&bg=!ra6lruHNAAY3kmNgF5I7ADQBe5WfOECFaeLUTuyWQyM7rghHljEfXJ2IKg57UyZ4vVQVM68kDFr8iJ_YokbMhoniVa59AgAAAKhSAAAAAWgBBwoAX-Qv52C4iEVwhuWWbvZxYHcuwvigtCVxkj0Fewi-mO3v5lpfDtPBftU9xaH98o6fMtG1YZ_5-j8EI1eKlSG1Bv4DuAFFduYXbQ2VtVvtdJ3LWW1hbGymI-760AwBVcMOmQMJvLmJVP3vOyB6ELm0nmbEhFLAD5QX4nT8ZKKX5GdtJ3tJYReSsJdtLLe0oMBDBDhwIWGZeuysuC_JIHwuqzFkQhX-JVdSh7Q3_4ddWLf2h-EckjCEY5sCoO-BRZvLdUfUKiQmVEJMS9z5-iDGtIkYRn_rZG7lfp6s4jUUq_Kp9JAJrsSgv_H8P_cNAZl64_YjnbNXJ88Ij1VJmXXJ-OUff8vh_LvYD8jeGX0-ZHPZYkHmGzAgwSpOJ9EMlDwPuTQAZa1-g-l3XgNhePg4rKAriCZGc-6P8NPj83Yh28ElAz8g_xah16BTMUr27XYKNnQqanWrT3F0cJPUbt5RfoQ4XlQA4Kxlc2fjyIRQaMbwvBRvF6GDplcvpaBJf8p_osotjENHuCmWt6ZyaSpJ1R1hX1pJcUtJT7VD7mBF3oy4XFtYByvQ7GiSnRB7uP1ZAWwzdahRRB1JuqDUrU2FVqhqA-4EPbQhFcf8eelaB1U9I0imSa6R4ZL3QNi2sqln1gUDXbTTyhY7FjoEINxIIPbFEwN0WF2enw958hl0JgIbm684SzRRwZH7qFKmb62Mri3SnxOYV8zk3NjPix7dPtpMcIuQS0w8GkMfUliqCOPA686KL7bwQc9DeC73veYqBYPsVQDJJapDqSrbDSys1-4ZamjQTpF14V6lbhZPvMi4J-TwEN1nYu3mxDb4U2nPYNC7Xxf4R61RlkvGjr76lwOF_Wm22pMPZn0Z109NrT1eqHrbEUII3ldkK5qHoYvzKeiMpnuiEbyw9nM-Mo9L_WGN8p_y1NIHaxKQ872BtiKwPGvfCewirYe3dxTionWT_SIfw6EJQrsA92PozV8DL2TGmne2sFhd-5An99tI-I4H022C0tb6M1WWLw4HUufhGYhh7vUdh8EqUvf096i3jrJ1wfvIsaFjIFclUIumkT-cX26FvmTBtfIIER4LMasFSZswnH_zU-Ovk7L6guAcN1hNDJME-w2yU3fwTZ2phTwBsVXFcfV8seovfcCtKcsMg_Um7qHnV0yuo2Ky

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 star_alliance.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 9F34 6 KB
2 KB 9ms
8ms Fetch
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/star_alliance.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

563d8b655debf02dc76ee9cad7e2114692c770d009bfc9ed1f9153eb384593d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4797436206633363095/index.html?e=69&leftOffset=0&topOffset=0&c=zt3bq741Ix&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:27:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2334
x-xss-protection: 0
last-modified: Thu, 29 Jun 2023 11:06:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 10:42:49 GMT

GET
H3 200 lh_logotype_single.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 9F34 5 KB
2 KB 10ms
10ms Fetch
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/lh_logotype_single.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7502e785bdc8f7184cab7e278053c49be4458393085eb2fbddabf35b895c310

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4797436206633363095/index.html?e=69&leftOffset=0&topOffset=0&c=zt3bq741Ix&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:14:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 814
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2151
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 09:41:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 10:29:47 GMT

GET
H3 200 lh_crane.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 9F34 2 KB
1 KB 11ms
11ms Fetch
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/lh_crane.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d2067d4b9b5b9d3003ffa4dc17b44616dc00a543f59eea17df555e959f20b53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4797436206633363095/index.html?e=69&leftOffset=0&topOffset=0&c=zt3bq741Ix&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:16:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 732
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1311
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 09:41:55 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 10:31:09 GMT

GET
H3 200 NH_D_WD_Affinity-Fashion-Mannequin_160x600.jpg
s0.2mdn.net/creatives/assets/4703548/ Frame 9F34 60 KB
60 KB 12ms
12ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4703548/NH_D_WD_Affinity-Fashion-Mannequin_160x600.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e9caff1016efab3fd2217c89bea4a99eec0f236b05d145335838b99efbccceb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4797436206633363095/index.html?e=69&leftOffset=0&topOffset=0&c=zt3bq741Ix&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:20:32 GMT
x-content-type-options: nosniff
age: 469
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61488
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 16:55:38 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 10:35:32 GMT

GET
H3 200 LufthansaHeadWeb-Bold.woff2
s0.2mdn.net/creatives/assets/4714589/ Frame 9F34 50 KB
50 KB 14ms
14ms Font
font/woff2 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4714589/LufthansaHeadWeb-Bold.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a43c20863b324fe2bec355b5ebdc6566861742f92018f12be1b38fa2c8b7767

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/4797436206633363095/index.html?e=69&leftOffset=0&topOffset=0&c=zt3bq741Ix&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:21:45 GMT
x-content-type-options: nosniff
age: 396
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51548
x-xss-protection: 0
last-modified: Fri, 18 Nov 2022 11:46:13 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 08 Jan 2024 10:36:45 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 3DF7 43 B
215 B 278ms
193ms Image
image/gif 2600:1f13:800:7782:857d:d048:5cf8:98f7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1898970&asId=4bfa629a-d79b-f809-bd4e-8a585479cc85&tv=%7Bc:HIYGT,pingTime:-10,time:486,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjAuMC42MDk5LjEyOSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1704709702179%7C%7Cf840a3640ab404d8ac6cf7a8b6269920%7C%7C746ded226cc656dc46dc973a01bf1b48%7C%7Cc0548f82561a2a0528311cc8160d797a%7C%7C23cb40e555fd29afbdc6194d7058e2a6%7C%7C697c06d493235a73f78e5c31e78cd6ea%7C%7C3a9662988cf948456a52b32bc396f347%7C%7C5254b9567c1bceb028169f488d2a058d%7C%7C1663701684%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:857d:d048:5cf8:98f7 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:22 GMT
server: nginx
x-server-name: dt04.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1604 42 B
64 B 46ms
46ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssFczZRpKcP5yWewdK7kt8_nsZZ6blx_jgGHq5h8TqByl_FrDGxSrHJXOo35bmjzkJtJxesIWKdhnMl5rj4SjjYiZU0mTXu5GfqBAJAADylgasf9MHKJUv1XRkPIBkBHV4xsKkMlWp1-y6wL9_ozuVIX766&sig=Cg0ArKJSzOZpczfZbXePEAE&id=lidar2&mcvt=1000&p=8,436,98,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240103&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=858445642&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1704709701115&rpt=264&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5412 42 B
64 B 45ms
45ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstpuW29HvLbFl11fXw4pspQ8zwlM1hv4lEEi5t7GlR4RfC-AVztbSEeS5XvnE2d1B52N2wuRLTEMFxQyzZCr0NPwv75hnV2LgoqarnxMSaoNlSLlOmV0bTrcQAtXzRdcZmkyDe2sV_tGE8hRPkF8JXGGZf3&sig=Cg0ArKJSzGI3iTBIGjbuEAE&id=lidar2&mcvt=1000&p=472,1472,512,1513&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240103&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=1931930176&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1704709701187&rpt=241&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3DF7 42 B
64 B 45ms
45ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuyd2lNEWz9Ewi-43jTHPwwLPJkzyRAPAXAPa8pvYHoEK7YpivQVdcOjz9i2oOSaa43vqCccZky4Q_wz30H2cgoJaizN4SAckHp2zSrZM1-3jDcVAE0RI4MPD-5C-a9fOtxGkuYqWuTTBNp_iUl3KPa8GMp&sai=AMfl-YQXOjVJK1rd9g0FNHoM6CgXMNDKu5HWO7JUOitLnUUDnkMb3LySaAUK2fokjqMvZAjxQxFqHXXW-qTVuXVfovOtCDUY7VNGFZHK7_OLD5e6fUHuxrjsTlLr-00Y8-4DcHnH49vPLEYK2rUTVIN7&sig=Cg0ArKJSzAIp6uuYJdIsEAE&cid=CAQSTgAvHhf_eGQxu_OUI6HHE9jPvW7_tYOOQqLUXa3aaS1RC9hTrcmRmSDeNR9dkcQIAL37xVanqBSKnW6ggzN_BSF9DqgRvhD70O3YLApGMRgB&id=lidar2&mcvt=1002&p=1107,437,1197,1165&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20240103&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=552655637&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1704709701181&rpt=358&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1604 42 B
64 B 44ms
44ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv3ZTUdhPKOi8EcQ6arIBV4aPfOSpVPZ2YzrUxEqTYWZBvmnQ5hqk0v8MiYmqI4UPvERKeNkWiaLA0xvxdKnZ27EhLqEPkuYGibPXUnKRK2DVKDSijsAZQvjYyXfQA&sig=Cg0ArKJSzGsjC_gMTiUbEAE&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240103&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=34&adk=0&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1704709701115&rpt=505&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5412 42 B
64 B 44ms
44ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstBRTg-ysCAq0iup7U0rMR1nr181V-hOKYzfQC7AqgEcQS1S5S8SHtdkmGklwATIlnsXyMEH_ZnmciwiQq8nBpgBM8az4ObFS6OT1nNwYbAap6jht33NSUJFqq6Y-s&sig=Cg0ArKJSzIHy1WvzytMSEAE&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240103&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=34&adk=0&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1704709701187&rpt=461&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.coloring.ws
URL: https://www.coloring.ws/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5412 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=757353130632&version=m202309260101&ct=76&x=8&cor=10304991674615843000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1604 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=985879970905&version=m202309260101&ct=76&x=8&cor=14245063285934735000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4794 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9603329956423&version=m202309260101&ct=76&x=8&cor=4088710105394046500

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3DF7 0
20 B 42ms
41ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9850920413521&version=m202309260101&ct=76&x=1&cor=16113745095528954000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 3DF7 43 B
215 B 193ms
193ms Image
image/gif 2600:1f13:800:7782:857d:d048:5cf8:98f7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1898970&asId=4bfa629a-d79b-f809-bd4e-8a585479cc85&tv=%7Bc:HIYSv,pingTime:1,time:1206,type:p,clog:%5B%7Bpiv:-1,vs:n,r:,w:728,h:90,t:139%7D,%7Bpiv:0,vs:o,r:l,t:176%7D,%7Bpiv:100,vs:i,r:,t:205%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:205,n:176,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:139,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B46~1,0~0%5D,as:%5B46~728.90%5D%7D%7D,%7Bsl:o,t:176,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B29~0%5D,as:%5B29~728.90%5D%7D%7D,%7Bsl:i,t:205,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:593,fm:u0Lybff+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C191%7C192%7C1931%7C194%7C1a*.1898970-77442736%7C1a1%7C1a21%7C1a3%7C1b1%7C1b2%7C1b3%7C1b41%7C1c1%7C1c2%7C1c3%7C1c41,fm2:u0Lybff+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C191%7C192%7C1931%7C194%7C1a*.1898970-77442736%7C1a1%7C1a21%7C1a3%7C1b1%7C1b2%7C1b3%7C1b41%7C1c1%7C1c2%7C1c3%7C1c41,idMap:1a*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:140,sis:243%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:857d:d048:5cf8:98f7 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:22 GMT
server: nginx
x-server-name: dt01.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 3DF7 43 B
215 B 192ms
192ms Image
image/gif 2600:1f13:800:7782:857d:d048:5cf8:98f7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1898970&asId=4bfa629a-d79b-f809-bd4e-8a585479cc85&tv=%7Bc:HIYSv,pingTime:1,time:1206,type:pf,clog:%5B%7Bpiv:-1,vs:n,r:,w:728,h:90,t:139%7D,%7Bpiv:0,vs:o,r:l,t:176%7D,%7Bpiv:100,vs:i,r:,t:205%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:205,n:176,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:139,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B46~1,0~0%5D,as:%5B46~728.90%5D%7D%7D,%7Bsl:o,t:176,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B29~0%5D,as:%5B29~728.90%5D%7D%7D,%7Bsl:i,t:205,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:593,fm:u0Lybff+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C191%7C192%7C1931%7C194%7C1a*.1898970-77442736%7C1a1%7C1a21%7C1a3%7C1b1%7C1b2%7C1b3%7C1b41%7C1c1%7C1c2%7C1c3%7C1c41,fm2:u0Lybff+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C191%7C192%7C1931%7C194%7C1a*.1898970-77442736%7C1a1%7C1a21%7C1a3%7C1b1%7C1b2%7C1b3%7C1b41%7C1c1%7C1c2%7C1c3%7C1c41,idMap:1a*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:140,sis:243%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:857d:d048:5cf8:98f7 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:22 GMT
server: nginx
x-server-name: dt02.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 ixmatch.html Show response
js-sec.indexww.com/um/ Frame 8100 3 KB
2 KB 131ms
14ms Document
text/html 172.64.149.180

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.149.180 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 494
cache-control: public, max-age=14400
cf-cache-status: HIT
cf-ray: 8423c0ec29399b83-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 08 Jan 2024 10:28:25 GMT
expires: Mon, 08 Jan 2024 14:28:25 GMT
last-modified: Mon, 25 Jul 2022 19:18:26 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server: cloudflare
vary: Accept-Encoding

GET
H2

200

pd
teachingaids-d.openx.net/w/1.0/ Frame 4D77
Redirect Chain

https://teachingaids-d.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=&us_privacy=1---
https://teachingaids-d.openx.net/w/1.0/pd?cc=1&gdpr=0&gdpr_consent=&us_privacy=1---

784 B
808 B

21ms
20ms

Document
text/html

34.98.64.218

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/w/1.0/pd?cc=1&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 -, , ASN (),
Reverse DNS
Software: OXGW/0.0.0 /
Resource Hash

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 483
content-type: text/html
date: Mon, 08 Jan 2024 10:28:25 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Mon, 08 Jan 2024 10:28:25 GMT
location: https://teachingaids-d.openx.net/w/1.0/pd?cc=1&gdpr=0&gdpr_consent=&us_privacy=1---
p3p: CP="CUR ADM OUR NOR STA NID"
server: OXGW/0.0.0
via: 1.1 google

GET
H2 200 sync.html
public.servenobid.com/ Frame 5A86 9 KB
4 KB 46ms
6ms Document
text/html 13.32.27.7

General

Check archive.org

Show headers Download Go to

Full URL: https://public.servenobid.com/sync.html?usp_consent=1---
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.7 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 9571
cache-control: max-age=86400
content-encoding: br
content-type: text/html
date: Mon, 08 Jan 2024 07:48:55 GMT
etag: W/"ea81456e0a6e1fca0e7a864b1d3121aa"
last-modified: Mon, 02 Oct 2023 23:54:30 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 e6959f77d21557f69683da8f0cd5578a.cloudfront.net (CloudFront)
x-amz-cf-id: fI_74Cza8cLsKYZ23Ien3DvsBpsSPXSjeNiLLDxM37GYf8DVfeMj4A==
x-amz-cf-pop: FRA56-C2
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:us-east-1:559734745816:build/adserver-public-prod:58584356-ee8f-4de0-abcc-b50f847fba2c
x-amz-meta-codebuild-content-md5: d3f9c0952d74faa30fada14e06b377b0
x-amz-meta-codebuild-content-sha256: 8aa4841af9e8588faa6f0e126d94acab1f39eb0115dfa16eac2daccf149690d0
x-amz-server-side-encryption: AES256
x-amz-version-id: null
x-cache: Hit from cloudfront

GET
H2 200 cs.html Show response
cs.seedtag.com/ Frame A638 51 KB
16 KB 40ms
16ms Document
text/html 104.18.127.252

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.seedtag.com/cs.html?pt=6686-0994-01&pc=US&cmp=true&us=1---
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.127.252 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: ac2397fbe331fb7cc8c5325752c4af7d6c5cb9204a1f810b89fc93c372cbdd37

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 521
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=86400
cf-cache-status: HIT
cf-ray: 8423c0ec3b7737e4-FRA
content-encoding: br
content-type: text/html
date: Mon, 08 Jan 2024 10:28:25 GMT
etag: W/"e1932830098c932fee98b7cc79857ecc"
expires: Tue, 09 Jan 2024 10:28:25 GMT
last-modified: Wed, 13 Dec 2023 15:57:21 GMT
server: cloudflare
vary: Accept-Encoding
x-goog-generation: 1702483041418398
x-goog-hash: crc32c=eQLC6w== md5=4ZMoMAmMky/umLfMeYV+zA==
x-goog-metageneration: 2
x-goog-storage-class: REGIONAL
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 15379
x-guploader-uploadid: ABPtcPqAJUxZLbbmU6okT2RBQYZKjNZ-LNK-4UP2bXeQQz-WnItOz7aLwnVExb3QdnUosZkv4jskqnHEdw

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 2344 52 KB
17 KB 41ms
12ms Document
text/html 151.101.65.108

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 18130
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Mon, 08 Jan 2024 10:28:25 GMT
ETag: W/"623de86a-cf34"
Expires: Fri, 05 Jan 2024 05:26:09 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 281, 139615
X-Served-By: cache-lga13626-LGA, cache-fra-etou8220035-FRA
X-Timer: S1704709706.647039,VS0,VE0

GET
H2 204 isyn
prebid.a-mo.net/ Frame 0CC0 0
0 13ms
13ms Document
text/plain 145.40.97.67
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/isyn?gdpr_consent=&gdpr=0&us_privacy=1---&gpp=&gpp_sid=
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.97.67 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=0, private, must-revalidate
date: Mon, 08 Jan 2024 10:28:25 GMT
server: envoy
vary: Accept-Encoding
x-envoy-upstream-service-time: 0

GET
H2 200 sync Show response
eb2.3lift.com/ Frame 23D3 37 B
140 B 29ms
7ms Document
image/gif 76.223.111.18

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?us_privacy=1---&
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 76.223.111.18 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif
date: Mon, 08 Jan 2024 10:28:25 GMT

GET
H2 200 2000891.html
sync.serverbid.com/ss/ Frame 1210 5 KB
2 KB 60ms
13ms Document
text/html 2600:9000:2447:3400:1b:fdeb:7440:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.serverbid.com/ss/2000891.html
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2447:3400:1b:fdeb:7440:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 82337
content-encoding: gzip
content-type: text/html
date: Sun, 07 Jan 2024 11:36:09 GMT
etag: W/"e3980f93156a3a26afc34d0acdc0bf4a"
last-modified: Fri, 29 Dec 2023 15:48:38 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 416dae0837568c2bb7cea7ae5c6bba22.cloudfront.net (CloudFront)
x-amz-cf-id: phihYL9bmxzRRzZZp1lsCiaphtM32sLx2reYoPQ8vscYRqkQWpVZ5A==
x-amz-cf-pop: AMS58-P5
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 6C14 16 KB
6 KB 29ms
7ms Document
text/html 23.218.208.200

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156858&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.200 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: 8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=170711
content-encoding: gzip
content-length: 5622
content-type: text/html
date: Mon, 08 Jan 2024 10:28:25 GMT
expires: Wed, 10 Jan 2024 09:53:36 GMT
last-modified: Thu, 16 Nov 2023 09:11:44 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET isync
visitor.omnitagjs.com/visitor/ Frame E3AE 0
0

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame C2B2 281 B
555 B 7ms
6ms Document
text/html 104.79.89.214
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?gdpr=0&us_privacy=1---
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/droiw9gfb309t/script.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.214 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-214.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://www.coloring.ws/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 08 Jan 2024 10:28:25 GMT
ETag: "280525-119-60930cbd3cec0"
Last-Modified: Thu, 02 Nov 2023 19:57:23 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 9.gif
id5-sync.com/s/441/ 43 B
920 B 7ms
7ms Image
image/gif 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/s/441/9.gif?puid=&gdpr=1&gdpr_consent=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.coloring.ws/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Mon, 08 Jan 2024 10:28:25 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame C2B2 45 KB
13 KB 7ms
7ms Script
text/html 104.79.89.214
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=0&us_privacy=1---
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.214 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-214.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: de6a3140e1545c802d9cea4a822e6ade2a8a238afbf64ff2fbee2f0af979180c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?gdpr=0&us_privacy=1---
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 08 Jan 2024 10:28:25 GMT
Content-Encoding: gzip
Last-Modified: Sun, 07 Jan 2024 19:44:18 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=33334
Connection: keep-alive
Content-Length: 13173
Expires: Mon, 08 Jan 2024 19:43:59 GMT

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame C2B2 7 B
380 B 10ms
10ms XHR
application/json 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?gdpr=0&us_privacy=1---
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://eus.rubiconproject.com
Cache-Control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 7
X-RPHost: 1f4afaf10c6b5898421df1cdca3fc7f5
Expires: 0

GET

bounce
ib.adnxs.com/ Frame 2344
Redirect Chain

https://ib.adnxs.com/async_usersync?cbfn=queuePixels
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

0
0

GET
H/1.1

200
OK

usync.html
eus.rubiconproject.com/ Frame E7C6
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=seedtag&endpoint=eu
https://eus.rubiconproject.com/usync.html?p=seedtag&endpoint=eu

281 B
0

9ms
7ms

Document
text/html

104.79.89.214
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=seedtag&endpoint=eu
Requested by: Host: cs.seedtag.com
URL: https://cs.seedtag.com/cs.html?pt=6686-0994-01&pc=US&cmp=true&us=1---
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.214 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-214.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Referer: https://cs.seedtag.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 08 Jan 2024 10:28:25 GMT
ETag: "280525-119-60930cbd3cec0"
Last-Modified: Thu, 02 Nov 2023 19:57:23 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Mon, 08 Jan 2024 10:28:25 GMT
location: https://eus.rubiconproject.com/usync.html?p=seedtag&endpoint=eu
server: AkamaiGHost

GET
H/1.1 200
OK CookieSync.html
csync.smartadserver.com/rtb/csync/ Frame 8AEA 435 B
0 56ms
6ms Document
text/html 2a02:26f0:3500:4::b818:4d9e

General

Check archive.org

Show headers Download Go to

Full URL: https://csync.smartadserver.com/rtb/csync/CookieSync.html?nwid=3050&dcid=3
Requested by: Host: cs.seedtag.com
URL: https://cs.seedtag.com/cs.html?pt=6686-0994-01&pc=US&cmp=true&us=1---
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:4::b818:4d9e -, , ASN (),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash

Request headers

Referer: https://cs.seedtag.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=3600
Connection: keep-alive
Content-Length: 435
Content-Type: text/html
Date: Mon, 08 Jan 2024 10:28:25 GMT
ETag: "4b81e967df07d41c24270ccf669f7336:1645524912.090457"
Last-Modified: Tue, 22 Feb 2022 09:59:55 GMT
Server: AkamaiNetStorage

GET
H2 200 user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 3DBC 16 KB
6 KB 6ms
6ms Document
text/html 23.218.208.200

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=157743&gdpr=0&gdpr_consent=&us_privacy=1---&predirect=https%3A%2F%2Fs.seedtag.com%2Fcs%2Fcookiesync%2Fpubmatic%3Fchanneluid%3D
Requested by: Host: cs.seedtag.com
URL: https://cs.seedtag.com/cs.html?pt=6686-0994-01&pc=US&cmp=true&us=1---
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.200 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://cs.seedtag.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=170711
content-encoding: gzip
content-length: 5622
content-type: text/html
date: Mon, 08 Jan 2024 10:28:25 GMT
expires: Wed, 10 Jan 2024 09:53:36 GMT
last-modified: Thu, 16 Nov 2023 09:11:44 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET /
sync.richaudience.com/dcf3528a0b8aa83634892d50e91c306e/ Frame F3E1 0
0

GET /
ssc-cms.33across.com/ps/ Frame 0F77 0
0

GET isync
visitor.omnitagjs.com/visitor/ Frame CBBE 0
0

GET
H2 204 /
onetag-sys.com/usync/ Frame FB34 0
0 36ms
8ms Document
text/plain 51.89.9.252

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=75601b04186d260

Requested by

Host: cs.seedtag.com
URL: https://cs.seedtag.com/cs.html?pt=6686-0994-01&pc=US&cmp=true&us=1---

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://cs.seedtag.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control: no-store
strict-transport-security: max-age=15552000

GET v1
match.sharethrough.com/universal/ Frame 19E1 0
0

GET rtset
bh.contextweb.com/bh/ Frame 17EA 0
0

GET
H2 204 s
s.seedtag.com/cs/st/ Frame A638 0
149 B 24ms
22ms Image
text/plain 34.149.50.64
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.seedtag.com/cs/st/s
Requested by: Host: cs.seedtag.com
URL: https://cs.seedtag.com/cs.html?pt=6686-0994-01&pc=US&cmp=true&us=1---
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.50.64 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 64.50.149.34.bc.googleusercontent.com
Software: openresty /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.seedtag.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:25 GMT
via: 1.1 google
access-control-allow-credentials: true
server: openresty
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, HEAD

GET
H3

204

appnexus
s.seedtag.com/cs/cookiesync/ Frame A638
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fs.seedtag.com%2Fcs%2Fcookiesync%2Fappnexus%3Fchanneluid%3D%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.seedtag.com%252Fcs%252Fcookiesync%252Fappnexus%253Fchanneluid%253D%2524UID
https://s.seedtag.com/cs/cookiesync/appnexus?channeluid=1252075283688378295

0
15 B

34ms
31ms

Image
text/plain

34.149.50.64
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.seedtag.com/cs/cookiesync/appnexus?channeluid=1252075283688378295
Requested by: Host: cs.seedtag.com
URL: https://cs.seedtag.com/cs.html?pt=6686-0994-01&pc=US&cmp=true&us=1---
Protocol: H3
Server: 34.149.50.64 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 64.50.149.34.bc.googleusercontent.com
Software: openresty /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.seedtag.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:25 GMT
via: 1.1 google
access-control-allow-credentials: true
server: openresty
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, HEAD

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:25 GMT
an-x-request-uuid: 89565dab-f93e-4667-847c-bf07eb1ba7b0
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://s.seedtag.com/cs/cookiesync/appnexus?channeluid=1252075283688378295
x-proxy-origin: 138.199.38.134; 138.199.38.134; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET getuid
sync.smartadserver.com/ Frame A638 0
0

GET seedtag
b1sync.zemanta.com/usersync/ Frame A638 0
0

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame A638 70 B
148 B 32ms
31ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=5jrh0rv&ttd_tpi=1&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: cs.seedtag.com
URL: https://cs.seedtag.com/cs.html?pt=6686-0994-01&pc=US&cmp=true&us=1---
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.seedtag.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:25 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET

sync
x.bidswitch.net/ul_cb/ Frame A638
Redirect Chain

https://x.bidswitch.net/sync?ssp=seedtag&user_id=&gdpr=0&gdpr_consent=&us_privacy=1---
https://x.bidswitch.net/ul_cb/sync?ssp=seedtag&user_id=&gdpr=0&gdpr_consent=&us_privacy=1---

0
0

GET /
sync.richaudience.com/f7872c90c5d3791e2b51f7edce1a0a5d/ Frame A638 0
0

GET server_match
ad.360yield.com/ Frame A638 0
0

GET
H3

204

indexexchange
s.seedtag.com/cs/cookiesync/ Frame A638
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=191730&cb=https%3A%2F%2Fs.seedtag.com%2Fcs%2Fcookiesync%2Findexexchange%3Fchanneluid%3D
https://s.seedtag.com/cs/cookiesync/indexexchange?channeluid=ZZvORfV4g7H5Q7OxKwWbVgAA%262183

0
15 B

19ms
18ms

Image
text/plain

34.149.50.64
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.seedtag.com/cs/cookiesync/indexexchange?channeluid=ZZvORfV4g7H5Q7OxKwWbVgAA%262183
Requested by: Host: cs.seedtag.com
URL: https://cs.seedtag.com/cs.html?pt=6686-0994-01&pc=US&cmp=true&us=1---
Protocol: H3
Server: 34.149.50.64 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 64.50.149.34.bc.googleusercontent.com
Software: openresty /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.seedtag.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:25 GMT
via: 1.1 google
access-control-allow-credentials: true
server: openresty
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, HEAD

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:25 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KGi1i%2BeNM52nyxpwFAbJZwqaWt0cBoZirkfNZRZakZ7%2F95QGpczd2GOtUc7iYkz1dA39bdWaJ77AtfEs0G%2BV%2FpzQF62sqwAAKWtvENFYMKqZJieDm4z%2FEwCwarx%2B6jjmdTZNssBjDujsDg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://s.seedtag.com/cs/cookiesync/indexexchange?channeluid=ZZvORfV4g7H5Q7OxKwWbVgAA%262183
cache-control: no-cache
cf-ray: 8423c0ec9bbe9b21-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET occ
ups.analytics.yahoo.com/ups/58427/ Frame A638 0
0

GET cookie
cm.adform.net/ Frame A638 0
0

GET pixel
ap.lijit.com/ Frame A638 0
0

GET cm
u.openx.net/w/1.0/ Frame A638 0
0

GET seedtag
event.clientgear.com/cookie/ Frame A638 0
0

GET cm-notify
creativecdn.com/ Frame A638 0
0

GET sync
t.adx.opera.com/pub/ Frame A638 0
0

GET
H2 200 13926
g2.gumgum.com/usync/ Frame 0B48 3 KB
0 30ms
30ms Document
text/html 52.208.7.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html?usp_consent=1---
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.208.7.68 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-208-7-68.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Mon, 08 Jan 2024 10:28:25 GMT
etag: W/"0027d1235d8066fc89d59ec8d65cf5254"
server: nginx
timing-allow-origin: *

GET
H2 204 /
onetag-sys.com/usync/ Frame 2B72 0
0 27ms
9ms Document
text/plain 51.89.9.252

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html?usp_consent=1---

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control: no-store
strict-transport-security: max-age=15552000

GET sync
ssbsync.smartadserver.com/api/ Frame 4916 0
0

GET
H2 200 usermatch
ssum-sec.casalemedia.com/ Frame D8BD 2 KB
0 24ms
24ms Document
text/html 172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html?usp_consent=1---
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 8423c0ec9bc19b21-FRA
content-encoding: br
content-type: text/html
date: Mon, 08 Jan 2024 10:28:25 GMT
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gqla88yl4QTChX5msoimdRfQav6htEInV61X2Fm8f6I%2FFkI4j6guYe9%2FdIGM%2BfVRECrh9M%2FAbov04DlZZniNeUqQOfzaNDC1ZcSJhejgVX8TJbY%2Bj9Z9VXkwr6IhYYuj%2FTcKK4je6WwjyA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H/1.1

200
OK

usync.html
eus.rubiconproject.com/ Frame 3580
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=duration_media&endpoint=us-east
https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east

0
0

26ms
9ms

Document
text/html

104.79.89.214
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html?usp_consent=1---
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.79.89.214 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-89-214.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 08 Jan 2024 10:28:25 GMT
ETag: "280525-119-60930cbd3cec0"
Last-Modified: Thu, 02 Nov 2023 19:57:23 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Mon, 08 Jan 2024 10:28:25 GMT
location: https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east
server: AkamaiGHost

GET
H2 200 user_sync.html
ads.pubmatic.com/AdServer/js/ Frame AE92 16 KB
6 KB 10ms
6ms Document
text/html 23.218.208.200

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1---&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html?usp_consent=1---
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.200 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=170711
content-encoding: gzip
content-length: 5622
content-type: text/html
date: Mon, 08 Jan 2024 10:28:25 GMT
expires: Wed, 10 Jan 2024 09:53:36 GMT
last-modified: Thu, 16 Nov 2023 09:11:44 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET sync-iframe
cs-rtb.minutemedia-prebid.com/ Frame AEFA 0
0

GET user-sync
sync.adkernel.com/ Frame 6DE2 0
0

GET sync-iframe
cs-server-s2s.yellowblue.io/ Frame 5865 0
0

GET
H2

200

sync
ads.servenobid.com/ Frame 5A86
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
https://ads.servenobid.com/sync?pid=312&uid=1252075283688378295

0
344 B

30ms
29ms

Image
image/avif

52.17.111.107
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=312&uid=1252075283688378295
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html?usp_consent=1---
Protocol: H2
Server: 52.17.111.107 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-111-107.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:25 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

pragma: no-cache
date: Mon, 08 Jan 2024 10:28:25 GMT
an-x-request-uuid: 6b7f906c-646a-4642-a701-d2ae4def06d3
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://ads.servenobid.com/sync?pid=312&uid=1252075283688378295
x-proxy-origin: 138.199.38.134; 138.199.38.134; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET merge
ce.lijit.com/ Frame 5A86 0
0

GET pixel
ap.lijit.com/ Frame 5A86 0
0

GET rmpssp
sync.1rx.io/usersync2/ Frame 5A86 0
0

GET cm
p.rfihub.com/ Frame 5A86 0
0

GET usa
sync.go.sonobi.com/ Frame 5A86 0
0

GET
H2

200

sync
ads.servenobid.com/ Frame 5A86
Redirect Chain

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1---&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D
https://ads.servenobid.com/sync?pid=327&uid=&us_privacy=1---&gdpr=0

0
252 B

29ms
29ms

Image
image/avif

52.17.111.107
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=327&uid=&us_privacy=1---&gdpr=0
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html?usp_consent=1---
Protocol: H2
Server: 52.17.111.107 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-111-107.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:28:25 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=327&uid=&us_privacy=1---&gdpr=0
date: Mon, 08 Jan 2024 10:28:25 GMT
cache-control: max-age=0, private, must-revalidate
x-envoy-upstream-service-time: 0
server: envoy
content-length: 0

GET occ
ups.analytics.yahoo.com/ups/58559/ Frame 5A86 0
0

GET redirectuser
ssp.disqus.com/ Frame 5A86 0
0

GET occ
ups.analytics.yahoo.com/ups/58632/ Frame 5A86 0
0

GET v1
match.sharethrough.com/universal/ Frame 5A86 0
0

GET cksync.php
hbx.media.net/ Frame 5A86 0
0

GET register2.php
synchrobox.adswizz.com/ Frame 1210 0
0

GET SynchroClient2.js
cdn.adswizz.com/adswizz/js/ Frame 1210 0
0

GET
H2 200 user_sync.html
ads.pubmatic.com/AdServer/js/ Frame B55D 16 KB
0 9ms
7ms Document
text/html 23.218.208.200

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=&gdpr_consent=&us_privacy=&p=156319&predirect=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D3%26src%3D2%26cspi%3D0%26cn%3D3%26spui%3D%26dpui%3D
Requested by: Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.200 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://sync.serverbid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=170711
content-encoding: gzip
content-length: 5622
content-type: text/html
date: Mon, 08 Jan 2024 10:28:25 GMT
expires: Wed, 10 Jan 2024 09:53:36 GMT
last-modified: Thu, 16 Nov 2023 09:11:44 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 204 /
onetag-sys.com/usync/ Frame 7649 0
0 9ms
9ms Document
text/plain 51.89.9.252

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=6c68086c0c61793&gdpr=&gdpr_consent=&us_privacy=

Requested by

Host: sync.serverbid.com
URL: https://sync.serverbid.com/ss/2000891.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://sync.serverbid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control: no-store
strict-transport-security: max-age=15552000

GET rid
match.adsrvr.org/track/ Frame 1210 0
0

GET pbs.gif
sync.colossusssp.com/ Frame 1210 0
0

GET pixel
ap.lijit.com/ Frame 1210 0
0

GET rtset
bh.contextweb.com/bh/ Frame 1210 0
0

GET

usersync
x.serverbid.com/ Frame 1210
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=185073&gdpr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&cb=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5528%26spui%...
https://x.serverbid.com/usersync?gpp=&gpp_sid=&ttt=1&src=2&cspi=0&cn=5528&spui=&dpui=ZZvORfV4g7H5Q7OxKwWbVgAA%262183

0
0

GET

usersync
x.serverbid.com/ Frame 1210
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5551%26spui%3D%26dpui%3D%24UID
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5551&spui=&dpui=1252075283688378295

0
0

GET

usersync
x.serverbid.com/ Frame 1210
Redirect Chain

https://prebid.a-mo.net/cchain/0?gdpr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&cb=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D6294%26spui%3D%26dpui%3D
https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=6294&spui=&dpui=

0
0

GET usa
sync.go.sonobi.com/ Frame 1210 0
0

GET pbsync
ads.yieldmo.com/ Frame 1210 0
0

GET p-25CIknq_eSg16.gif
cms.quantserve.com/pixel/ Frame 4D77 0
0

GET match
c1.adform.net/serving/cookie/ Frame 4D77 0
0

GET dcm
aax-eu.amazon-adsystem.com/s/ Frame 4D77 0
0

GET openx
match.adsrvr.org/track/cmf/ Frame 4D77 0
0

GET pixel
cm.g.doubleclick.net/ Frame 4D77 0
0

GET dcm
s.amazon-adsystem.com/ Frame D8BD 0
0

GET 31327
i.liadm.com/s/ Frame D8BD 0
0

GET pixel
cm.g.doubleclick.net/ Frame D8BD 0
0

GET casale
match.adsrvr.org/track/cmf/ Frame D8BD 0
0

GET index
ids.ad.gt/api/v1/ Frame D8BD 0
0

GET ZMAwryCI
sync-tm.everesttech.net/upi/pid/ Frame D8BD 0
0

GET ie
match.prod.bidr.io/cookie-sync/ Frame D8BD 0
0

GET pixelSync
pixel-sync.sitescout.com/dmp/ Frame D8BD 0
0

GET sync
ads.servenobid.com/ Frame D8BD 0
0

GET getuid
secure.adnxs.com/ Frame 0B48 0
0

GET sync
x.bidswitch.net/ Frame 0B48 0
0

GET cm
us-u.openx.net/w/1.0/ Frame 0B48 0
0

GET sync
sync.srv.stackadapt.com/ Frame 0B48 0
0

GET gumgum
pr-bh.ybp.yahoo.com/sync/ Frame 0B48 0
0

GET generic
sync.ipredictive.com/d/sync/cookie/ Frame 0B48 0
0

GET 142
match.deepintent.com/usersync/ Frame 0B48 0
0

GET /
b1sync.zemanta.com/usersync/gumgum/ Frame 0B48 0
0

GET rtset
bh.contextweb.com/bh/ Frame 0B48 0
0

GET sync
ssbsync.smartadserver.com/api/ Frame 0B48 0
0

GET sync
ads.servenobid.com/ Frame 0B48 0
0

GET usync.js
eus.rubiconproject.com/ Frame E7C6 0
0

GET cmp.js
ced-ns.sascdn.com/diff/js/modules/ Frame 8AEA 0
0

GET CookieSync.min.js
csync.smartadserver.com/rtb/csync/ Frame 8AEA 0
0

GET TemplatePool.min.js
csync.smartadserver.com/rtb/csync/ Frame 8AEA 0
0

GET match
c1.adform.net/serving/cookie/ Frame 81E4 0
0

GET pixel
cm.g.doubleclick.net/ Frame 6B37 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: visitor.omnitagjs.com
URL: https://visitor.omnitagjs.com/visitor/isync?uid=19340f4f097d16f41f34fc0274981ca4&gdpr=0&gdpr_consent=&us_privacy=1---

Domain: ib.adnxs.com
URL: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Domain: sync.richaudience.com
URL: https://sync.richaudience.com/dcf3528a0b8aa83634892d50e91c306e/?ord=1704709705678&pubconsent=&euconsent=&hasConsent=1

Domain: ssc-cms.33across.com
URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0010b00002MptHCAAZ&ru=https%3A%2F%2Fs.seedtag.com%2Fcs%2Fcookiesync%2F33across%3Fchanneluid%3D33XUSERID33X

Domain: visitor.omnitagjs.com
URL: https://visitor.omnitagjs.com/visitor/isync?uid=513c4e190506981c315d38ccadf488f2&name=SEEDTAG&visitor=&gdpr=0&gdpr_consent_string=&us_privacy=1---

Domain: match.sharethrough.com
URL: https://match.sharethrough.com/universal/v1?supply_id=2TwkgUpM&gdpr=0&gdpr_consent=&us_privacy=1---

Domain: bh.contextweb.com
URL: https://bh.contextweb.com/bh/rtset?pid=562983&ev=1&us_privacy=1---&rurl=https%3A%2F%2Fs.seedtag.com%2Fcs%2Fcookiesync%2Fpulsepoint%3Fchanneluid%3D%25%25VGUID%25%25

Domain: sync.smartadserver.com
URL: https://sync.smartadserver.com/getuid?gdpr_consent=&us_privacy=1---&nwid=3050&url=https%3A%2F%2Fs.seedtag.com%2Fcs%2Fcookiesync%2Fsmart%3Fchanneluid%3D%5Bsas_uid%5D

Domain: b1sync.zemanta.com
URL: https://b1sync.zemanta.com/usersync/seedtag?puid=&gdpr=0&gdpr_consent=&us_privacy=1---&cb=https%3A%2F%2Fs.seedtag.com%2Fcs%2Fcookiesync%2Foutbrain%3Fchanneluid%3D__ZUID__

Domain: x.bidswitch.net
URL: https://x.bidswitch.net/ul_cb/sync?ssp=seedtag&user_id=&gdpr=0&gdpr_consent=&us_privacy=1---

Domain: sync.richaudience.com
URL: https://sync.richaudience.com/f7872c90c5d3791e2b51f7edce1a0a5d/?p=ns9qrKJLKD&consentString=&r=https%3A%2F%2Fs.seedtag.com%2Fcs%2Fcookiesync%2Frichaudience%3Fchanneluid%3D%5BPDID%5D

Domain: ad.360yield.com
URL: https://ad.360yield.com/server_match?partner_id=1680&r=https%3A%2F%2Fs.seedtag.com%2Fcs%2Fcookiesync%2Fimprovedigital%3Fchanneluid%3D%7BPUB_USER_ID%7D

Domain: ups.analytics.yahoo.com
URL: https://ups.analytics.yahoo.com/ups/58427/occ

Domain: cm.adform.net
URL: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fs.seedtag.com%2Fcs%2Fcookiesync%2Fadform%3Fchanneluid%3D%24UID

Domain: ap.lijit.com
URL: https://ap.lijit.com/pixel?gdpr=0&gdpr_consent=&us_privacy=1---&redir=https%3A%2F%2Fs.seedtag.com%2Fcs%2Fcookiesync%2Fsovrn%3Fchanneluid%3D%24UID

Domain: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=e297ef35-c932-4587-9b44-3838020a33e7&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fs.seedtag.com%2Fcs%2Fcookiesync%2Fopenx%3Fchanneluid%3D%7BOPENX_ID%7D

Domain: event.clientgear.com
URL: https://event.clientgear.com/cookie/seedtag?partner=seedtag&cookieid=

Domain: creativecdn.com
URL: https://creativecdn.com/cm-notify?pi=seedtag

Domain: t.adx.opera.com
URL: https://t.adx.opera.com/pub/sync?pubid=pub9283744565120

Domain: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1---&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID

Domain: cs-rtb.minutemedia-prebid.com
URL: https://cs-rtb.minutemedia-prebid.com/sync-iframe?gdpr=0&gdpr_consent=&us_privacy=1---&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D348%26uid%3D%7BpartnerId%7D

Domain: sync.adkernel.com
URL: https://sync.adkernel.com/user-sync?zone=181225&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D152%26uid%3D%7BUID%7D&gdpr=0&gdpr_consent=&us_privacy=1---&

Domain: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=0&gdpr_consent=&us_privacy=1---&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D352%26uid%3D%7BpartnerId%7D

Domain: ce.lijit.com
URL: https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1---&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D

Domain: ap.lijit.com
URL: https://ap.lijit.com/pixel?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1---&&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID

Domain: sync.1rx.io
URL: https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D

Domain: p.rfihub.com
URL: https://p.rfihub.com/cm?pub=44007&in=1

Domain: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D332%26uid%3D

Domain: ups.analytics.yahoo.com
URL: https://ups.analytics.yahoo.com/ups/58559/occ

Domain: ssp.disqus.com
URL: https://ssp.disqus.com/redirectuser?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D346%26uid%3DBUYERUID

Domain: ups.analytics.yahoo.com
URL: https://ups.analytics.yahoo.com/ups/58632/occ

Domain: match.sharethrough.com
URL: https://match.sharethrough.com/universal/v1?supply_id=KW3eSFMR&gdpr=0&gdpr_consent=&us_privacy=1---&

Domain: hbx.media.net
URL: https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=&us_privacy=1---&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D353%26uid%3D%3Cvsid%3E

Domain: synchrobox.adswizz.com
URL: https://synchrobox.adswizz.com/register2.php

Domain: cdn.adswizz.com
URL: https://cdn.adswizz.com/adswizz/js/SynchroClient2.js

Domain: match.adsrvr.org
URL: https://match.adsrvr.org/track/rid?ttd_pid=prebid&fmt=json

Domain: sync.colossusssp.com
URL: https://sync.colossusssp.com/pbs.gif?gdpr=&gdpr_consent=&us_privacy=&redir=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5974%26spui%3D%26dpui%3D%5BUID%5D

Domain: ap.lijit.com
URL: https://ap.lijit.com/pixel?gdpr=&gdpr_consent=&us_privacy=&redir=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D4%26spui%3D%26dpui%3D%24UID

Domain: bh.contextweb.com
URL: https://bh.contextweb.com/bh/rtset?pid=562763&ev=1&rurl=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5548%26spui%3D%26dpui%3D%25%25VGUID%25%25

Domain: x.serverbid.com
URL: https://x.serverbid.com/usersync?gpp=&gpp_sid=&ttt=1&src=2&cspi=0&cn=5528&spui=&dpui=ZZvORfV4g7H5Q7OxKwWbVgAA%262183

Domain: x.serverbid.com
URL: https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=5551&spui=&dpui=1252075283688378295

Domain: x.serverbid.com
URL: https://x.serverbid.com/usersync?ttt=1&src=2&cspi=0&cn=6294&spui=&dpui=

Domain: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D5444%26spui%3D%26dpui%3D

Domain: ads.yieldmo.com
URL: https://ads.yieldmo.com/pbsync?gdpr=&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fx.serverbid.com%2Fusersync%3Fttt%3D1%26src%3D2%26cspi%3D0%26cn%3D6985%26spui%3D%26dpui%3D%24UID

Domain: cms.quantserve.com
URL: https://cms.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0

Domain: c1.adform.net
URL: https://c1.adform.net/serving/cookie/match?party=22

Domain: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=c7f7614e-bd8d-8a75-b271-5dcc3bafbb9d

Domain: match.adsrvr.org
URL: https://match.adsrvr.org/track/cmf/openx?oxid=9f211d33-a127-318f-727f-df5b539c707d&gdpr=0

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YjM0ZWNlZjktNjg1MC02ZjJiLTY3OWYtODVlMjk5N2ViZTFk

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc

Domain: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZZvORfV4g7H5Q7OxKwWbVgAACIcAAAIB&gpp=&gpp_sid=

Domain: i.liadm.com
URL: https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZZvORfV4g7H5Q7OxKwWbVgAA%262183&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZZvORfV4g7H5Q7OxKwWbVgAACIcAAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=

Domain: match.adsrvr.org
URL: https://match.adsrvr.org/track/cmf/casale

Domain: ids.ad.gt
URL: https://ids.ad.gt/api/v1/index?cb=https%3A%2F%2Fssum-sec.casalemedia.com%2Fium%3Fsourceid%3D15%26uid%3D

Domain: sync-tm.everesttech.net
URL: https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D

Domain: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-sync/ie

Domain: pixel-sync.sitescout.com
URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48

Domain: ads.servenobid.com
URL: https://ads.servenobid.com/sync?pid=333&uid=ZZvORfV4g7H5Q7OxKwWbVgAACIcAAAIB

Domain: secure.adnxs.com
URL: https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID

Domain: x.bidswitch.net
URL: https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_1f5dd663-df78-4f71-b905-d877471553d5&gdpr=0&gdpr_consent=&us_privacy=1---

Domain: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D

Domain: sync.srv.stackadapt.com
URL: https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=

Domain: pr-bh.ybp.yahoo.com
URL: https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=

Domain: sync.ipredictive.com
URL: https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D

Domain: match.deepintent.com
URL: https://match.deepintent.com/usersync/142?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D

Domain: b1sync.zemanta.com
URL: https://b1sync.zemanta.com/usersync/gumgum/?puid=e_1f5dd663-df78-4f71-b905-d877471553d5&gdpr=0&gdpr_consent=&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__

Domain: bh.contextweb.com
URL: https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&us_privacy=${us_privacy}&gpp=$&gpp_sid=$&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25

Domain: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=

Domain: ads.servenobid.com
URL: https://ads.servenobid.com/sync?pid=309&uid=e_1f5dd663-df78-4f71-b905-d877471553d5

Domain: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js

Domain: ced-ns.sascdn.com
URL: https://ced-ns.sascdn.com/diff/js/modules/cmp.js

Domain: csync.smartadserver.com
URL: https://csync.smartadserver.com/rtb/csync/CookieSync.min.js

Domain: csync.smartadserver.com
URL: https://csync.smartadserver.com/rtb/csync/TemplatePool.min.js

Domain: c1.adform.net
URL: https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent=

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8xZjVkZDY2My1kZjc4LTRmNzEtYjkwNS1kODc3NDcxNTUzZDU=&gdpr=0&gdpr_consent=&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv

Verdicts & Comments Add Verdict or Comment

282 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

37 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.coloring.ws/	1970-01-20 17:33:16	Name: _gid Value: GA1.2.220610332.1704709700
.coloring.ws/	1970-01-20 17:31:49	Name: _gat_gtag_UA_52971111_8 Value: 1
www.coloring.ws/	1970-01-20 17:41:54	Name: amp_pieog Value: ==Qfi4WasJXZC9SZw9mc1VkI6Iie0JCLi4Wah1EMyUSbhBjMlQnc1Z2auFmcGJiOikHdpNmIsISRIJiOiUGZvNkbvl2ZlJnIsISZzNXZIJiOi42bpdWZyJCLiUERiojI5JHduV3bjJCLiMTMzAjNiojIlR2bDxWY0N3bwJCLiADO4ETMuATNiojI0FGbiwiIwMDN4YjL4IiOicmbvxmIsICMyUWY6YjN4EmOjJmZyoTMxATM6AjOiFzNjpDMhVmN6IDMhJjI6ICcpJCLxojI2Jye
.coloring.ws/	1970-01-21 03:07:49	Name: _ga_KMSJ26XVV5 Value: GS1.1.1704709699.1.0.1704709699.0.0.0
.coloring.ws/	1970-01-21 03:07:49	Name: _ga Value: GA1.1.717232590.1704709700
.coloring.ws/	1970-01-20 18:15:01	Name: _sharedID Value: b3f31c17-3d93-43ac-9824-9bddf816a5f0
.coloring.ws/	1970-01-20 18:15:01	Name: _sharedID_cst Value: TyylLI8srA%3D%3D
www.coloring.ws/	1970-01-21 02:17:25	Name: usprivacy Value: 1---
.3lift.com/	1970-01-20 19:41:25	Name: tluid Value: 4265049570054054502820
.gumgum.com/	1970-01-21 02:17:25	Name: cs Value: true
prebid.a-mo.net/	1970-01-20 17:31:50	Name: _Amc_b Value: 0
.prebid.a-mo.net/	1970-01-21 02:17:25	Name: __amc Value: 1_1704709700_1704709700
.rubiconproject.com/	1970-01-21 02:17:25	Name: khaos Value: LR4S52XJ-E-7QQ6
.rubiconproject.com/	1970-01-21 02:17:25	Name: audit Value: 1\|naVuGyos1qqoSEDPO0Y2Cnjc0/aJelRdbjRFtGIHH0vVMmsjGYmt+tXLLUKHUFA18pIK51HRY3VaEsm2hMoEkyYbB5SW5XQ3LcvV/+X2Ecwijy0RC4Zd8Ri5j99IjSR+
.serverbid.com/	1970-01-20 17:53:25	Name: CONSUMABLEID Value: 2592858b78e64aea92858b78e62aea39
.seedtag.com/	1970-01-21 02:17:25	Name: st_uid Value: 41b2e909-d56a-43df-b810-789116ed7d40
.seedtag.com/	1970-01-20 18:15:01	Name: st_ssp Value: Y291bnRyeV9uYW1lPUdlcm1hbnkmY291bnRyeV9pc28yPURFJmNvdW50cnlfaXNvMz1ERVUmcmVnaW9uX25hbWU9SGVzc2UmcmVnaW9uX2lzbzI9SEUmY2l0eV9uYW1lPUZyYW5rZnVydCBhbSBNYWluJmxvbmdpdHVkZT04LjY4NDMmbGF0aXR1ZGU9NTAuMTE4OCZ6aXA9NjAzMTM=
.openx.net/	1970-01-21 02:17:25	Name: receive-cookie-deprecation Value: 1
.coloring.ws/	1970-01-21 02:53:25	Name: __gads Value: ID=22bf5071379e8479:T=1704709700:RT=1704709700:S=ALNI_MZHAKdzBQldek0wBtBckjee6ptFGA
.coloring.ws/	1970-01-21 02:53:25	Name: __gpi Value: UID=00000d3c50ba4309:T=1704709700:RT=1704709700:S=ALNI_MaiuOpfDGt_y7OQmbMUIHkZc92Pow
.doubleclick.net/	1970-01-21 02:53:25	Name: IDE Value: AHWqTUmFTl1elENMt4nAyBMrLbMeOtLc-hLRUdyr67qoZKWSO0L1xneC4-F-i3IS
ads.smartstream.tv/	1970-01-21 02:17:25	Name: DID Value: 2910c85f382cbfecf2a90e3a69978fab
ads.smartstream.tv/	1970-01-21 02:17:25	Name: idt Value: 100
ads.smartstream.tv/	1970-01-21 02:17:25	Name: permanent Value: 1
.doubleclick.net/	1970-01-20 21:51:01	Name: APC Value: AfxxVi7tCbpMjgF7UdcmgcuLNFkNUTqiKy43zsn46ryX_kRfpWQBNQ
.casalemedia.com/	1970-01-21 02:17:25	Name: CMID Value: ZZvORfV4g7H5Q7OxKwWbVgAA
.casalemedia.com/	1970-01-20 19:41:25	Name: CMPS Value: 2183
.casalemedia.com/	1970-01-20 19:41:25	Name: CMPRO Value: 2183
cm.adsafety.net/	1970-01-21 02:17:25	Name: UID Value: CM120240108102911a4993827ce94782
.adsafety.net/	1970-01-21 02:17:25	Name: cm_uid Value: CM120240108102911a4993827ce94782
cm.adsafety.net/	1970-01-21 02:17:25	Name: cache0 Value: L2UzeGVJMkNTL0pzMlRFUXR5b1cvdkdOYXdjbU52QllYdFRYNktGbmk4VGtzVkd0NUFyOU1jQ2xMbWhvNUVxbU1HYXhENFJLekRPRThPdzFBNjJNWVBJeTFPOEg0R0pOUC9hbGZicjYyR3hpalgyRGdkNTRvcXY0dVh6cUI1LzVKbGlUQ0ZIOUx4MWJ2Z3ZPTnN6am1UMEpkTDVpeEdlZkRPaFFsdjV1N3REcDgrb21QSzFyVTJGL2RpaE1CWldyVHllTkZjWTQyc3dDMzJDNGMvZWVicWJkWFdCNTRXV2JhOHhSTVdsUDhUbEJTU04vS3EydGd3TkdKdUtlejZJRFRlaE84cWROdU00SURLb2F2cnhVMWZvVVlJemkxSWUwOG5zdVByS1dlWSs4cTBUT0VFTlBPaUlzYkFxSVJBZjZoQm5xUlpnSVRyNW80SjVVK0M5aUpnPT0%3D
m.exactag.com/	1970-01-20 19:41:25	Name: exactag_new_gk Value: 24db96bf6bc448da9f0001498363978d%7C08.03.2024%2010%3A28%3A21
m.exactag.com/	1970-01-20 21:51:01	Name: exactag_new_uk Value: 0be91ccb7fbd40edb565f8be739e00dd%7C
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: 6a4f03171e324070b8cb1bfd
.bluekai.com/	1970-01-20 21:51:01	Name: bkdc Value: phx
.bluekai.com/	1970-01-20 21:51:01	Name: bkpa Value: KJy20AWvQY9xxBcENnjhHQ55uJLrWiD6AY/k7qXySdA44pikC1WHsh8liP/X2cZEPc0TxiG5EHJpAN7Vo2Zx9ZKSn5P//x9Q4lCDHqY/qwXlFbdP8euCrxaQwiEo
.bluekai.com/	1970-01-20 21:51:01	Name: bku Value: ts6O9WUmZtDI+qDG

13 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://qd.admetricspro.com/js/dltk/coloringws/coloringws.PNG Message: Failed to load resource: the server responded with a status of 404 ()
security	warning	URL: https://cadmus.script.ac/droiw9gfb309t/script.js Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	URL: https://cadmus.script.ac/droiw9gfb309t/script.js Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	URL: https://cadmus.script.ac/droiw9gfb309t/script.js Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	URL: https://cadmus.script.ac/droiw9gfb309t/script.js Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	error	URL: https://qd.admetricspro.com/js/dltk/coloringws/uspcmp.js(Line 6) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.coloring.ws') does not match the recipient window's origin ('https://07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com').
security	error	URL: https://qd.admetricspro.com/js/dltk/coloringws/uspcmp.js(Line 6) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.coloring.ws') does not match the recipient window's origin ('https://js-sec.indexww.com').
security	error	URL: https://qd.admetricspro.com/js/dltk/coloringws/uspcmp.js(Line 6) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.coloring.ws') does not match the recipient window's origin ('https://ads.pubmatic.com').
security	error	URL: https://qd.admetricspro.com/js/dltk/coloringws/uspcmp.js(Line 6) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.coloring.ws') does not match the recipient window's origin ('https://ads.pubmatic.com').
security	error	URL: https://qd.admetricspro.com/js/dltk/coloringws/uspcmp.js(Line 6) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.coloring.ws') does not match the recipient window's origin ('https://ads.pubmatic.com').
network	error	URL: https://sync.richaudience.com/f7872c90c5d3791e2b51f7edce1a0a5d/?p=ns9qrKJLKD&consentString=&r=https%3A%2F%2Fs.seedtag.com%2Fcs%2Fcookiesync%2Frichaudience%3Fchanneluid%3D%5BPDID%5D Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://sync.richaudience.com/dcf3528a0b8aa83634892d50e91c306e/?ord=1704709705678&pubconsent=&euconsent=&hasConsent=1 Message: Failed to load resource: the server responded with a status of 400 ()
security	error	URL: https://qd.admetricspro.com/js/dltk/coloringws/uspcmp.js(Line 6) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.coloring.ws') does not match the recipient window's origin ('https://ads.pubmatic.com').

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

07e7c4982e17b996e0f56260b1bbedb8.safeframe.googlesyndication.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.360yield.com
ads.pubmatic.com
ads.servenobid.com
ads.smartstream.tv
ads.yieldmo.com
ap.lijit.com
b1sync.zemanta.com
beacon-ams3.rubiconproject.com
bh.contextweb.com
btlr.sharethrough.com
c1.adform.net
cadmus.script.ac
cdn.adswizz.com
ce.lijit.com
ced-ns.sascdn.com
clients1.google.com
cm.adform.net
cm.adsafety.net
cm.g.doubleclick.net
cms.quantserve.com
creativecdn.com
cs-rtb.minutemedia-prebid.com
cs-server-s2s.yellowblue.io
cs.seedtag.com
cse.google.com
csync.smartadserver.com
d15kdpgjg3unno.cloudfront.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
dyv1bugovvq1g.cloudfront.net
e.serverbid.com
eb2.3lift.com
eus.rubiconproject.com
event.clientgear.com
fastlane.rubiconproject.com
fundingchoicesmessages.google.com
fw.adsafeprotected.com
g2.gumgum.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hb-api.omnitagjs.com
hb.yellowblue.io
hbopenbid.pubmatic.com
hbx.media.net
htlb.casalemedia.com
i.clean.gg
i.liadm.com
ib.adnxs.com
id5-sync.com
ids.ad.gt
js-sec.indexww.com
lb.eu-1-id5-sync.com
m.exactag.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
match.sharethrough.com
mp.4dex.io
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
pioeg.admetricspro.workers.dev
pixel-sync.sitescout.com
pr-bh.ybp.yahoo.com
prebid.a-mo.net
public.servenobid.com
qd.admetricspro.com
region1.google-analytics.com
rtb.openx.net
s.amazon-adsystem.com
s.seedtag.com
s0.2mdn.net
script.4dex.io
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
sqs.us-east-1.amazonaws.com
ssbsync.smartadserver.com
ssc-cms.33across.com
ssp.disqus.com
ssum-sec.casalemedia.com
static.adsafeprotected.com
sync-tm.everesttech.net
sync.1rx.io
sync.adkernel.com
sync.colossusssp.com
sync.go.sonobi.com
sync.ipredictive.com
sync.richaudience.com
sync.serverbid.com
sync.smartadserver.com
sync.srv.stackadapt.com
synchrobox.adswizz.com
t.adx.opera.com
tags.bluekai.com
targeting.unrulymedia.com
teachingaids-d.openx.net
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
u.openx.net
ups.analytics.yahoo.com
us-u.openx.net
visitor.omnitagjs.com
web.hb.ad.cpe.dotomi.com
www.coloring.ws
www.dltk-holidays.com
www.dltk-kids.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.kidzone.ws
x.bidswitch.net
x.serverbid.com
aax-eu.amazon-adsystem.com
ad.360yield.com
ads.servenobid.com
ads.yieldmo.com
ap.lijit.com
b1sync.zemanta.com
bh.contextweb.com
c1.adform.net
cdn.adswizz.com
ce.lijit.com
ced-ns.sascdn.com
cm.adform.net
cm.g.doubleclick.net
cms.quantserve.com
creativecdn.com
cs-rtb.minutemedia-prebid.com
cs-server-s2s.yellowblue.io
csync.smartadserver.com
eus.rubiconproject.com
event.clientgear.com
hbx.media.net
i.liadm.com
ib.adnxs.com
ids.ad.gt
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
match.sharethrough.com
p.rfihub.com
pixel-sync.sitescout.com
pr-bh.ybp.yahoo.com
s.amazon-adsystem.com
secure.adnxs.com
ssbsync.smartadserver.com
ssc-cms.33across.com
ssp.disqus.com
sync-tm.everesttech.net
sync.1rx.io
sync.adkernel.com
sync.colossusssp.com
sync.go.sonobi.com
sync.ipredictive.com
sync.richaudience.com
sync.smartadserver.com
sync.srv.stackadapt.com
synchrobox.adswizz.com
t.adx.opera.com
u.openx.net
ups.analytics.yahoo.com
us-u.openx.net
visitor.omnitagjs.com
x.bidswitch.net
x.serverbid.com
104.18.127.252
104.18.36.155
104.76.200.221
104.79.89.214
13.32.27.7
141.95.33.120
142.250.185.98
145.40.97.67
151.101.65.108
159.89.246.130
162.19.138.119
172.64.149.180
172.64.151.101
18.196.19.149
18.245.86.119
185.64.189.112
193.135.9.124
2001:4860:4802:34::36
216.58.206.34
217.79.187.54
23.201.255.110
23.218.208.200
2600:1f13:800:7782:857d:d048:5cf8:98f7
2600:9000:206f:aa00:11:b309:9100:21
2600:9000:223e:3c00:5:82fd:2500:21
2600:9000:223f:c800:8:48e:53c0:93a1
2600:9000:2447:3400:1b:fdeb:7440:93a1
2602:803:c003:200::37
2602:803:c003:200::44
2606:4700:20::681a:7da
2606:4700:20::ac43:4bf1
2606:4700:3035::6815:815
2606:4700:4400::6812:22b2
2606:4700::6812:1691
2a00:1450:4001:801::2002
2a00:1450:4001:808::2006
2a00:1450:4001:808::200e
2a00:1450:4001:810::2004
2a00:1450:4001:812::2002
2a00:1450:4001:812::200e
2a00:1450:4001:81c::2001
2a00:1450:4001:827::2002
2a00:1450:4001:827::2008
2a00:1450:4001:829::2002
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::200e
2a02:26f0:3500:4::b818:4d9e
2a02:fa8:8806:12::1460
3.221.232.156
3.239.232.31
34.149.50.64
34.95.69.49
34.98.64.218
35.157.214.172
35.227.252.103
37.252.173.215
46.228.174.115
51.89.9.252
52.17.111.107
52.208.7.68
52.223.40.198
54.155.202.187
54.228.30.154
54.82.38.167
69.173.144.139
76.223.111.18
85.14.248.72
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
03945ce270fb1b8d694c3eebfe0f235fb54929973283c38c0e3e6c75127061ea
04bd9c3e1aeedd5c016b30d43eb423db59d7874fb4a1e97c0b651ac0122a3e47
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
0902bb736591ab3e13e835e90111282390ea8b3a8c70a197c3ea214988a90e68
0a43c20863b324fe2bec355b5ebdc6566861742f92018f12be1b38fa2c8b7767
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0de2733b6af0d185adaaab30a1fcd0591e717e5740264deca38d8f7056f6168e
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
0ef70918f6430c9312af8c9ed798349fa4f3a7f6d609be6d604dbc83ec1057c6
0f82f9539be1f7801783c1747738132dec04198e7594d5be7ae2ab4cb6196b88
13dfb26087f1e49487d02b5d5a7cb50b9a33db44f7a65e96af48bcb77cd138c5
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
17b92f7ef160798a4203c8079d5ddff99f1b2be5bf332c84458d9893e6fdd116
1ae436455d6df2cf89da5cfb00bf81a4b516fa40e088c24dd054163748b41d09
1b9ae91a96163ea6e16c39dbfa77e1e8533019847224f6fdb41507cadafbc516
1d4c5703902944ea75ac163adc07091e3fe2202b5ad1428a5d305363fa560f1f
1f258bad908349e2869e4cca22d70a5f3a52a3c8cca2dd912dc13ccc58495fa4
1f7b4153158b195f6da0057679e7405138815d8b2f1e81268018b2f67e5ca5fe
26305a08644b4f51b55812cf0ecf879c22da303a365b3d2769baa1b54c028c4d
2d90f6aceec07318b3ca31323aa0f8bff4031f2e5d28283ae95b71fb2227da2e
2f764c969a82705ba7838239087f5ff9b33e978b6bae2657e299b6b14c30ad7f
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd
35aa9b4d6de4a092b488d701df30be704ad09a618234cc0869be6150d722751c
35f93b0c646480734f9ef78c7164f92c673d0784a4ef09ec2e81e996ea5d0436
36df88557f5d9520a8518f1c63c31203a81e8ca3936296cd7fedce2da7fb622c
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
3978f43fce998a79d918e4749b3963f915c2ba8267b9c45952de90c64130b031
3a1007d992455627a6ea5282ce688addfd6d12050245ae03b957953886c5dbb6
3d2067d4b9b5b9d3003ffa4dc17b44616dc00a543f59eea17df555e959f20b53
3d61769c819dc5399bf535c6eb2650b81a1e48ff2625cd0e4299e06ea1edc3d7
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40c5a0a89a842d74badaf242727e0b8bf6714a646f763fbefde91807ae44da10
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47ce70ec38840c3c32ddabe877bc9c6f25bcde77bf60e908e9d85452a71e0d59
4b120dd7c9d775e0f4c68cb58ed0f274a60a28323d0ce5949f73219086bdf678
4bb3a8613cd5c79fb17ee3e6c298e29a827ab8d27b08edd571977224fa6c929e
4be0f63f270ac9e5fa60b6e0560cfff6ed5a1ea06a39ffe6c0f28d098baa569f
4d7273a8aaee10127e8a79ae70d0599a322b5a80e5f4c51d210292b34c81060c
4f72226ff362d27bc5940a15a3a92ad1310e960e8b9515dc8cef8e44dc38a3d6
501efd26e0adb1b58e4e630bed3978be00907c298ebb68c6b3c12ba0ca435a0c
50200e9b822674ca4901570d058b6f561e11384c6db21caabb08091db0716e30
550cd8038e49962f3fe059f4f397729bd9a920a4ab35d3391f34b4fdba5851d1
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
563d8b655debf02dc76ee9cad7e2114692c770d009bfc9ed1f9153eb384593d1
57a34c3474baff8258cd8ba4d98816c71f91da2feafd60c3c4c3d8a14bb84fa3
5a2dfd23f7527a813460e45072fde6327ef77ffc619023cfcd9296e3d605ae0f
5c43cbab759a11f2518e2855e74fc14f99afa2467a788087a59c757ae0c5f02d
5ee2a16d4f8f9629ae75e0f94473f8601a4e0bf9527ba4467a094926e0947505
5ef624ec962415bd378947e5207227907e499957a465bcf20238dc938a7dbfb0
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b
631bd0e32a5703c892e1ad077cd904660cdf66b049f647244e2ad70e95d6dd8a
68819b304d25cf606fcef1a6a8a3c6afea88d2a84da2b7b9b02f2f65c5731d2b
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
70857504e246762877461c8aa20de02df0d734bb0ad14dde07cb0e02cff8fb91
712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca
74ec4aad03326e63ff346f594c37f2cb10f580200b8996367f52e883f68d7ce7
77b47b7a038f38916adbe760bc262fe2aa75e9f2a0d67621d19ad74e41acdb39
79af0270d47ff83fe1f753870300b4a0fb3a3d88ce4bc184340187ebd5c497f0
7a9cfd1cc02be60c437282e3721f51789e1bdb955b444c5eea992e153a0f3e07
7df0df8b3df8c42634ecc71d7ab35e197c61777eb5b41a3e14239322b5804f7b
7e4d6cd2b52689db7a318865603977da52b2c758f9f9f70aa4b92199102cd55f
7e9caff1016efab3fd2217c89bea4a99eec0f236b05d145335838b99efbccceb
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb
846949c5a40e3ffbb702473e54dfac0646541aa624a844369b6e24e51ddaf96b
849b03abc9aa6f3f3857fb93a7b23f5c3a38e830063964a309c560d171ceda6f
84d25e034f6f18ea31ad0b21b1226522b88c4c2ea7712492da8677389051bc68
8538fa1e11fa1334100b86b0c251b8ffa0b51f5db3e732c23963053686a93dc7
86f9d97ff713e39f28306edb61d2c123f0214ef232debcaab0d1417a4f65199f
8793dc3f1554428df5b578b9f13aeff227dee58d7bb6cd102a804b173d8bc751
8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603
8a90077950eaf8b209bcc2219fa2cd0a1e487cae8d896087e57d367d7f084f66
8acc1f1025dcaf26f8f860f726b3a05a701b77eb685301d4f25bc8339bbf891f
8adb9b85292100b02bcaf8e97b9080e3236a6aad2bb8dc0354bf39e2237ae8aa
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e2281470dba0dfe51de7d3fd01d0bd25cdde867a2358462ff4aea0217fc057c
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652
903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c
915e54b3676f0e3ec8655aef48abcedf5a14ca29cba51fd687bb86bd5568d201
91d3a3c66bb9c38ee5e3a55eb0fe150741369ee4bd2885d3eae13e1f57e99349
926de1f885912e37248baa7ca510a456297cf3203cab643d6ec821734f343026
953950792fdff6cb144dd1220a26088651920a98b80da68d6da586696a919b1a
96fe096e13a57e700af2ea95d16a12cc4b2f3b8323b9bbe4d678bd4226563633
980f07c5822d74c124f92f01741df67ec0bbdf311a70db9ea3a9d1cbf87da23a
9dcc940693579116fcc113245b4942716046e3ccc9dd4e724bea7aa82196d366
9dfbb8e1be036059aea6dd87bdbefa7ecada3617fb3f404ba4647ebbbf8160b1
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0f95dcad4811c2b85289326687f5e63764a1a24b5f8bd2d4ad59da3858f7992
a33e7c6510c770a0ba9a95f99c1a6adf96e97e4162921555c36b67c37e86ca01
a53364f0bd9b487734692ef955e3582341e36cf713e1faf6f14525cbd45cdd5c
a5402de70228d4bf5379b518225b702918f6ae277e9293f9d16334c2b1fa31e3
a5b788385293df1407acc0ddf9b8357262517a098c1e0af6c9e3a272bbfcb82d
a602fe080c48f594ff801ef9292be8a70eabf8d9bd0595ff85368f0bbb54174f
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
aa9264be58c8ef61d1bd2e36c7ee38974a8c79e198a8859eaee5eca85c996e10
ac137e692578953440c86d2c72215e8f5ef3063c4d2e980f7e5a0d3dee90c9ab
ac2397fbe331fb7cc8c5325752c4af7d6c5cb9204a1f810b89fc93c372cbdd37
b06dcb0ba46016ac47861319e6e9cad2c71784e095c15666be50613e53c1c6f7
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1d283eff364ef75d7232990c33774054a899c834a5f606f780e46c865d5ec75
b288f979958f7a898b87b88f6eb370148873da78ebe77828df2fb1df9e24f6b2
b3509c31bf7f044fdf5623e12bbbea6ff65942b1e748ebe4a0f69faca5a2d5e1
b904594d00e2dded3350917b2edaad4bc7d80b51c9d461c85864a8cf1d536590
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bd362f4e6ebce8ac52397d018782ec0dd387292b6edd2d33809f0eec847ad114
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
be4ec0712dc183908e0a7ee57c2d962b7e521bc740638bb357eedf0cc24efccf
c1b2da575466eb30982e08c1020f55bcf2d9565f53bd64c3da87a1d774d75588
c1fdbc8ec64d4cf587414ada354a2fa827f9cee7932c5f83e3f615e7c577d951
c5f3aec2d59bba0c34f14a954d0cd4e48215534b03192ece400d901492a20007
c626c74b119080bad5c162f1b1e5014a90ff0f5c869335473afffe308cf93ab1
ca6d8a36ed040d8dec31c94c8d219bb4ceffd8aba7b21336970dcf970e224c7d
ca6e31b7a83f457effc0e9ebd0b9b6026259d73f6b4d96622ac95d74d4703e88
cc4ed9d2c27523b02bd3ba2451eba6c30a9f3ef8411ee7c547b4ebee07819a8e
ce5089e737c07d9f0dcb91ebe804e28b5592fd2480cbcc74f6df7da2c7025e10
d2bcea3cd95d241d79f71ce3066c3670e8af27fdde3b26e5e21dd5c01a3bacad
d3850cb9e6ac49e29e7ff04a93342a9029ae623a6669694fb75f6273ec574e15
d393b0b154d991cc9f2830a16cfa985e158d2f821517cdc2bea0a5b74c138358
d3bacf66f54201f46a47e40e3877611178355a9b7573cf92bfae54f99bfb2509
d4a0a9fa76029b71b47e0af45db320ee458fec1f26cf62990c9019902dafa783
d7502e785bdc8f7184cab7e278053c49be4458393085eb2fbddabf35b895c310
d79267bb3777b4be52f4c637b3da249ddfffbfaf7451984ccbdd81923aa654a5
d9112ea034e317b4ccce74c0276726528f4602f441a9965eeb619cfbccbdf865
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de6a3140e1545c802d9cea4a822e6ade2a8a238afbf64ff2fbee2f0af979180c
e0b84c9c86ff8c6282031b41e5ca2526e45e5e9c1a3956579f5320c25fb40360
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3039b83f93f42d39138d253991aaa0ed99c7d63ac80aa4ab9b00f25b43b9ec0
e326ba8216613abc95ffdfe43c0b4434277d6f012e46e5f62553df2332a269e5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e411488cb198b2e4a668590a09bb3125daae4cae3491886c3107a4e9a1abe5ca
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
e915f1a27c9e8375871017249f5ce3e23923ef0f8bcfa53a2e5eaa53720b2cb3
ea9381e585ee2baa1e55490a0a89867e7d9ff85c8dc31ea6ba52a11319faeefd
eab63dc4e9a58436c8ba06abee06bedf1b8746d79580b903bcb10bfff32bba8a
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
eb7312d166df2490d073b83707b37de90f48f3bdf2a62581c939a13eeb21f510
ec53bd429b8d41c4284486ffdbab99d72f0e4a550587c5884cba8a811ddea419
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f070099aa71c8004b74f1e003712b3029025c6b4775a7ef9b3255808b02277a8
f207f8eee9dea15ff925238f76b261a725a693870f8a8010168f3db240623f49
f2d8f83967bdc08c4cf7e492dacc3d612c2f1c8939422762fb3afa2a358e95ea
f43fa0c6fbe53e743cc30977c6c79562747170917001cb8c229df3101ebaba9b
f5d2aee10ef029810d37cde6bd0060bf100ffc38c78b3099b5f347ea3e2cc0a5
fb5e8f7da6f106389d935a224ec3be69f15e81ac2bf050732641dc081d21f84a
fc8deae28b64ae4499971481a402af6c85873da8a14f86b1d0eb45d0cc860763
fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1

www.coloring.ws Open in urlscan Pro 54.82.38.167 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

374 Requests

77 %HTTPS

40 %IPv6

78 Domains

118 Subdomains

65 IPs

7 Countries

4073 kBTransfer

10672 kBSize

37 Cookies

21 Outgoing links

Redirected requests

374 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.coloring.ws Open in urlscan Pro
54.82.38.167 Public Scan

Screenshot
Live screenshot

Full Image

374
Requests

77 %
HTTPS

40 %
IPv6

78
Domains

118
Subdomains

65
IPs

7
Countries

4073 kB
Transfer

10672 kB
Size

37
Cookies

374 HTTP transactions
6 data transactions