www.tiantianzhibo.net Open in urlscan Pro
2606:4700:3030::6815:14de Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://tiantianzhibo.net/
Effective URL:
https://www.tiantianzhibo.net/
Submission: On October 06 via api (October 6th 2023, 6:43:39 am UTC) from TW — Scanned from DE

Summary HTTP 246 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 43 IPs in 10 countries across 32 domains to perform 246 HTTP transactions. The main IP is 2606:4700:3030::6815:14de, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.tiantianzhibo.net.
TLS certificate: Issued by GTS CA 1P5 on September 22nd 2023. Valid for: 3 months.

This is the only time www.tiantianzhibo.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	104.18.19.11 104.18.19.11	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	2606:4700:303... 2606:4700:3030::6815:14de	13335 (CLOUDFLAR...) (CLOUDFLARENET)
48	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	240d:c010:18:... 240d:c010:18:1:38::1f	139341 (ACE-AS-AP...) (ACE-AS-AP ACE)
1 18	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
2	118.178.110.57 118.178.110.57	37963 (ALIBABA-C...) (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.)
1 30	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
9 15	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
3 7	104.18.26.193 104.18.26.193	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 5	185.89.210.244 185.89.210.244	29990 (ASN-APPNEX) (ASN-APPNEX)
44	2a00:1450:400... 2a00:1450:4001:80e::2006	15169 (GOOGLE) (GOOGLE)
4	144.76.91.199 144.76.91.199	24940 (HETZNER-AS) (HETZNER-AS)
1 4	78.46.90.238 78.46.90.238	24940 (HETZNER-AS) (HETZNER-AS)
6	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
2	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1 4	23.35.237.56 23.35.237.56	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81c::200a	15169 (GOOGLE) (GOOGLE)
3	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
1	2a0b:4d07:101::1 2a0b:4d07:101::1	44239 (PROINITY ...) (PROINITY PROINITY)
1	3.71.162.119 3.71.162.119	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
1 2	3.248.134.18 3.248.134.18	16509 (AMAZON-02) (AMAZON-02)
1 3	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
2	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
1	69.192.160.219 69.192.160.219	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
1	13.43.154.56 13.43.154.56	16509 (AMAZON-02) (AMAZON-02)
1 2	142.250.185.70 142.250.185.70	15169 (GOOGLE) (GOOGLE)
1	3.75.62.37 3.75.62.37	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:21f... 2600:9000:21f3:f000:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.186.134 142.250.186.134	15169 (GOOGLE) (GOOGLE)
1	2a02:fa8:8806... 2a02:fa8:8806:13::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
2 2	52.29.154.74 52.29.154.74	16509 (AMAZON-02) (AMAZON-02)
1 1	151.101.130.49 151.101.130.49	54113 (FASTLY) (FASTLY)
1	3.72.146.157 3.72.146.157	16509 (AMAZON-02) (AMAZON-02)
2 2	213.155.156.169 213.155.156.169	1299 (TWELVE99 ...) (TWELVE99 Arelion)
1	178.250.7.11 178.250.7.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
7	2600:1f18:1ac... 2600:1f18:1aca:4280:b389:27e6:6658:a58d	14618 (AMAZON-AES) (AMAZON-AES)
1	18.66.147.98 18.66.147.98	16509 (AMAZON-02) (AMAZON-02)
1	99.86.4.36 99.86.4.36	16509 (AMAZON-02) (AMAZON-02)
2	13.43.175.127 13.43.175.127	16509 (AMAZON-02) (AMAZON-02)
246	43

2 104.18.19.11 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

tiantianzhibo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2606:4700:3030::6815:14de (United States)

ASN13335 (CLOUDFLARENET, US)

www.tiantianzhibo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

48 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 240d:c010:18:1:38::1f (Singapore)

ASN139341 (ACE-AS-AP ACE, SG)

static4style.qiumibao.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 118.178.110.57 (Hangzhou, China)

ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN)

bifen4pc.qiumibao.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 172.217.18.2 (United States) 9 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.18.26.193 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.89.210.244 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 2a00:1450:4001:80e::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 144.76.91.199 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.199.91.76.144.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 78.46.90.238 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.238.90.46.78.clients.your-server.de

hal900019.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.35.237.56 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-237-56.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 145.239.193.130 (France)

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:101::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.71.162.119 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-71-162-119.eu-central-1.compute.amazonaws.com

t23.intelliad.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.248.134.18 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-134-18.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.192.160.219 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a69-192-160-219.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.43.154.56 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-43-154-56.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.70 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f6.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.75.62.37 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:21f3:f000:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.134 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:13::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.29.154.74 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-154-74.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.72.146.157 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-72-146-157.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.169 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:1f18:1aca:4280:b389:27e6:6658:a58d (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-98.fra60.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-36.fra6.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.43.175.127 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-43-175-127.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
78	googlesyndication.com 1 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 108 tpc.googlesyndication.com — Cisco Umbrella Rank: 157	708 KB
44	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 344	739 KB
42	doubleclick.net 11 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 45 cm.g.doubleclick.net — Cisco Umbrella Rank: 255 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 443 5994599.fls.doubleclick.net — Cisco Umbrella Rank: 187732 ad.doubleclick.net — Cisco Umbrella Rank: 173	268 KB
20	tiantianzhibo.net 2 redirects tiantianzhibo.net www.tiantianzhibo.net	109 KB
12	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 1153 static.adsafeprotected.com — Cisco Umbrella Rank: 720 dt.adsafeprotected.com — Cisco Umbrella Rank: 658	102 KB
8	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 41903 hal900019.redintelligence.net — Cisco Umbrella Rank: 279754	43 KB
7	gstatic.com www.gstatic.com fonts.gstatic.com	78 KB
7	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 716	5 KB
6	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 49 ajax.googleapis.com — Cisco Umbrella Rank: 405	149 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 223	353 KB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 261	4 KB
4	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 118	2 KB
4	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1584	778 B
3	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 33897 api.webgains.io — Cisco Umbrella Rank: 91885	18 KB
3	medialead.de pv.medialead.de — Cisco Umbrella Rank: 51750	1 KB
3	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1200 www.googleadservices.com — Cisco Umbrella Rank: 153	608 B
3	qiumibao.com static4style.qiumibao.com bifen4pc.qiumibao.com	5 KB
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 5121	651 B
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 1069	2 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 56	154 KB
2	openx.net us-u.openx.net — Cisco Umbrella Rank: 547	418 B
1	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 109006	3 KB
1	criteo.com dis.criteo.com — Cisco Umbrella Rank: 648	363 B
1	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 387	146 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 782	543 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 3431	104 B
1	yahoo.com ups.analytics.yahoo.com — Cisco Umbrella Rank: 363	125 B
1	webgains.com track.webgains.com — Cisco Umbrella Rank: 59583	2 KB
1	bluekai.com tags.bluekai.com — Cisco Umbrella Rank: 734	572 B
1	intelliad.de t23.intelliad.de — Cisco Umbrella Rank: 145417	556 B
1	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 270642	931 B
0	spotxchange.com Failed sync.search.spotxchange.com Failed
246	32

	Domain	Requested by
48	pagead2.googlesyndication.com	www.tiantianzhibo.net pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net www.googletagservices.com
44	s0.2mdn.net	www.tiantianzhibo.net s0.2mdn.net googleads.g.doubleclick.net
30	tpc.googlesyndication.com	1 redirects googleads.g.doubleclick.net www.tiantianzhibo.net tpc.googlesyndication.com s0.2mdn.net pagead2.googlesyndication.com
18	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net
18	www.tiantianzhibo.net	www.tiantianzhibo.net
15	cm.g.doubleclick.net	9 redirects googleads.g.doubleclick.net
7	dt.adsafeprotected.com	googleads.g.doubleclick.net
7	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
6	googleads4.g.doubleclick.net	www.tiantianzhibo.net
6	www.googletagservices.com	googleads.g.doubleclick.net
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	www.gstatic.com	googleads.g.doubleclick.net
4	fonts.googleapis.com	googleads.g.doubleclick.net hal900019.redintelligence.net
4	sync.teads.tv	1 redirects googleads.g.doubleclick.net
4	hal900019.redintelligence.net	1 redirects googleads.g.doubleclick.net hal900019.redintelligence.net
4	hal9000.redintelligence.net	googleads.g.doubleclick.net hal900019.redintelligence.net
3	static.adsafeprotected.com	fw.adsafeprotected.com googleads.g.doubleclick.net
3	www.google.com	1 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
3	fonts.gstatic.com	fonts.googleapis.com
3	pv.medialead.de	hal900019.redintelligence.net
2	api.webgains.io	analytics.webgains.io
2	d5p.de17a.com	2 redirects
2	pm.w55c.net	2 redirects
2	5994599.fls.doubleclick.net	1 redirects googleads.g.doubleclick.net
2	www.googletagmanager.com	adv.office-partner.de www.googletagmanager.com
2	www.googleadservices.com	www.tiantianzhibo.net
2	fw.adsafeprotected.com	1 redirects www.tiantianzhibo.net
2	ajax.googleapis.com	s0.2mdn.net
2	us-u.openx.net	googleads.g.doubleclick.net
2	bifen4pc.qiumibao.com	www.tiantianzhibo.net
2	tiantianzhibo.net	2 redirects
1	cdn.track.production.webgains.team	googleads.g.doubleclick.net
1	analytics.webgains.io	track.webgains.com
1	dis.criteo.com	googleads.g.doubleclick.net
1	x.bidswitch.net	googleads.g.doubleclick.net
1	sync-tm.everesttech.net	1 redirects
1	dclk-match.dotomi.com	googleads.g.doubleclick.net
1	ad.doubleclick.net	googleads.g.doubleclick.net
1	adservice.google.com	5994599.fls.doubleclick.net
1	ups.analytics.yahoo.com	googleads.g.doubleclick.net
1	track.webgains.com	googleads.g.doubleclick.net
1	tags.bluekai.com	googleads.g.doubleclick.net
1	t23.intelliad.de	hal900019.redintelligence.net
1	adv.office-partner.de	hal900019.redintelligence.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	static4style.qiumibao.com	www.tiantianzhibo.net
0	sync.search.spotxchange.com Failed	googleads.g.doubleclick.net
246	47

This site contains links to these domains. Also see Links.

Domain
live.leisu.com
m.tiantianzhibo.net
seedhub.info

Subject Issuer	Validity	Valid
www.tiantianzhibo.net GTS CA 1P5	`2023-09-22` - `2023-12-21`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.qiumibao.com GlobalSign GCC R3 DV TLS CA 2020	`2023-08-21` - `2024-09-21`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
redintelligence.net R3	`2023-08-11` - `2023-11-09`	3 months	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
teads.tv R3	`2023-10-04` - `2024-01-02`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
pv.medialead.de R3	`2023-08-13` - `2023-11-11`	3 months	crt.sh
adv.office-partner.de R3	`2023-08-29` - `2023-11-27`	3 months	crt.sh
*.intelliad.de Thawte TLS RSA CA G1	`2023-07-31` - `2024-08-30`	a year	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
odc-pixel-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-08`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-08-03` - `2024-01-24`	6 months	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2023-08-15` - `2024-09-15`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2023-12-23`	3 months	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M02	`2023-05-09` - `2024-06-07`	a year	crt.sh
*.webgains.io Amazon RSA 2048 M01	`2023-07-24` - `2024-08-22`	a year	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M03	`2023-08-30` - `2024-09-27`	a year	crt.sh

This page contains 35 frames:

Primary Page: https://www.tiantianzhibo.net/
Frame ID: ABC0F8ABAD47F07388071E6D8C5C35CB
Requests: 28 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20190131/zrt_lookup.html
Frame ID: 7E55197C6586BFB0BDDDB54B8A24420B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&adk=1812271804&adf=3025194257&lmt=1696567411&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x945_l%7C260x945_r&format=0x0&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574610945&bpp=5&bdt=1982&idt=245&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3473466491471&frm=20&pv=2&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=267
Frame ID: 4ECDED00240F3A18DAA8F929575D16CD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=250&slotname=6099260218&adk=1179801399&adf=3627366729&pi=t.ma~as.6099260218&w=250&lmt=1696567411&format=250x250&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574610950&bpp=2&bdt=1987&idt=269&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=72&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=IC1xrZnxaX&p=https%3A//www.tiantianzhibo.net&dtd=274
Frame ID: C6C49E467FFD8E32C657BFB851C9327C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=255&slotname=6950575133&adk=1536346496&adf=1801062927&pi=t.ma~as.6950575133&w=300&lmt=1696567411&format=300x255&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574610952&bpp=1&bdt=1989&idt=275&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C250x250&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1070&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=Q746UBZpGo&p=https%3A//www.tiantianzhibo.net&dtd=279
Frame ID: 2B518FCB9099880D7DAD467CE900A127
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=250&slotname=8918672040&adk=3624264942&adf=1402206701&pi=t.ma~as.8918672040&w=300&lmt=1696567411&format=300x250&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574611326&bpp=1&bdt=2363&idt=1&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C250x250%2C300x255&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1860&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=EPXkxXaWoy&p=https%3A//www.tiantianzhibo.net&dtd=4
Frame ID: 3C9F02AFAD042BBED78073BCC56F6EE0
Requests: 22 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNX1O3pzXN5xRTTDqpqfUyZC6lWdypZPlwoqyGrslxZtboPuZMbozpEZQQFj2BgNrqM5t3c3iCH-2ccZmY-QL4asoiHUN9EX-icA2aAPlxNW48rPDqutptpvq__VeDBIPC1jEXzKC1koCm4U5dKFadsqveieEfcB54rIDT0QS-sma5kMZMM
Frame ID: 83540F9900EDAD445A4D2A5238BF755B
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CP3nKBCD4EIYgoey4gEwAQ&v=APEucNUDsUtEGYXwqXYCUn8lzeaIdhsEhyCNtHkuwEuNoJA08RZ1gmBV-hLN7YEMbxLEJq7n35VZ94c53Tu1Fzw213lMbb6Imdp0HsD4wSfKShCwEv3GTXP_gKtVTvRbznJYE65Om0J1FqeDeDkNiIZxTm1IBfwd2YNE_ZH5Wp4EWE3zqpnxUVU
Frame ID: 640BE99FDC00464F1AAF329FA532733A
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Frame ID: 352115AD646C11E8EAE4C63790060EBB
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: C8539C47821FD4D3491434DFAAA9D36F
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: EF46066FAC4C294A693724A9A2EDAD9D
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=50&adk=2281393541&adf=3669479829&pi=t.aa~a.409348236~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1696567412&rafmt=1&to=qs&pwprc=6902623340&format=350x50&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574612160&bpp=2&bdt=3197&idt=2&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D72146b1c207b02c9%3AT%3D1696574611%3ART%3D1696574611%3AS%3DALNI_MYQe7cXULIUNSNnRIY3DLAW1XIovA&gpic=UID%3D00000c8f7bb0a3a2%3AT%3D1696574611%3ART%3D1696574611%3AS%3DALNI_MZPrtGQ50n1XM-7Y80sdzsKA9pfrw&prev_fmts=0x0%2C250x250%2C300x255%2C300x250&nras=2&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=ByQlBYIbTM&p=https%3A//www.tiantianzhibo.net&dtd=12
Frame ID: 6F9F822355834C2EB352C6BBA024726A
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGPS2h_kBMAE&v=APEucNVjWntyf6XHiBVrMKtuCGaMXs1-J-0uerygnMS1LGTFmjaRfOsh7PdmVhOYnPa33bVZXhOi7oMg4skCio0AzwB1TTfEcCc9ZO0xeCdRNj3X4lL7aMjvNK2CbC_TBxOA1_ipWZX4BGZjiUtt-a2ybMBpoDUdbCIgcgpfrqharxbj-qSMbSE
Frame ID: 01315298E38740B59A11AC98375A9712
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: DC548ED60E6FE706959ABFAE64C10F94
Requests: 29 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/creative.html?e=69&leftOffset=0&topOffset=0&c=fQU9Qgy5vj&t=1&renderingType=2&ev=01_250
Frame ID: 4CC92D2F471F2F12AFDE02D1A104E727
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1
Frame ID: 0CC50F0FB91BF0DD1F0057F716386A42
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1
Frame ID: D8EE101D4D3F84D5EB8E2B4C33312631
Requests: 13 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=26684500025699504444554012469019&t=htlp&gdpr=1&consent=1&gdpr_consent=
Frame ID: 28D5A0365FB6C145AFCF19920519AAAC
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: A337E8CAA353A3CB1EEFCA7E2A2E24A7
Requests: 3 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500&display=swap
Frame ID: 3F91E6C0573979EBBB4AEB37C07D54EB
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 8E8F8CAEECA98CD486E8AFAA8151CAF3
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMPn2QIQm5vbAhj5v7J0MAE&v=APEucNU-q6CB7rgmLsTQbwFPTgSLHge5yYZRXXXt6e7wONoT-SaQAgWVLj0TwKfKm-x2hmCI5k65bsRMxsA96xz5Z_kMJX7-mxvaKgBv-JpTPB8Qm7-nXmHp6DukPNldtHH-7q1lU9T6OBbZp7H27zM_6yS5nKTVUCRMAv_HWM1Ft3YmuRkNeEc
Frame ID: 783FF30B220A9945879CF9AA5D2B4392
Requests: 4 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/11949286355477378158/_export/index.html?ev=01_250
Frame ID: FC0D3C1398D21FA21FB53BF0FAEA525A
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 7D8F8B568CFDE826CFC9E56A8B1825F8
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/bK4GZl0mtHPwIamiN73ahbbApyVSn2vIx_eFPB1ZZt0.js
Frame ID: 16BCB283F1C041151DBAF4A0562E5B4B
Requests: 1 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CImkkPno4IEDFbFVkQUd5HwL1Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9970179360259.533
Frame ID: 04CCAAF9F34B6963E23A40BE01334093
Requests: 2 HTTP requests in this frame

Frame: https://hal900019.redintelligence.net/request_content.php?s=26684500025699504444554012469019&a=9248d12c
Frame ID: 13AABAA3533AEE0F551747C4EF616D98
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/bK4GZl0mtHPwIamiN73ahbbApyVSn2vIx_eFPB1ZZt0.js
Frame ID: 6812AE84D3462F2C3E8C72F7BE383FB4
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: DA40AC06174C956E242320D32609976A
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js
Frame ID: C06C3886625E7BD4FB56877E3FEAF624
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/7244335152788954732/index.html?e=69&leftOffset=0&topOffset=0&c=79yfj91IHf&t=1&renderingType=2&ev=01_250
Frame ID: 4E133A3CDFF9FA05AAADA801A95853AD
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 35D272996FD3D7CED4199B699C788F4A
Requests: 3 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 1C4F1F41365DD2BDB45F83E5518AD559
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 5D07A9E1290F3FE4DACC8BCFF46A78BA
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 87A1E8E0E940E92980FB87244E5BF5EC
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

天天直播_高清网络电视直播_电视直播网_nba录像回放_nba直播

Page URL History Show full URLs

http://tiantianzhibo.net/ HTTP 301
https://tiantianzhibo.net/ HTTP 301
https://www.tiantianzhibo.net/ Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

basket.js (JavaScript Libraries) Expand

Overall confidence: 10%
Detected patterns

basket.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)/jquery-ui(?:\.min)?\.js
jquery-ui.*\.js

Page Statistics

246
Requests

92 %
HTTPS

41 %
IPv6

32
Domains

47
Subdomains

43
IPs

10
Countries

2736 kB
Transfer

7065 kB
Size

22
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://live.leisu.com/
Title: 比分直播

Search URL Search Domain Scan URL

URL: https://m.tiantianzhibo.net/
Title: 手机看直播

Search URL Search Domain Scan URL

URL: https://seedhub.info/categories/3/movies/
Title: 韩剧tv

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://tiantianzhibo.net/ HTTP 301
https://tiantianzhibo.net/ HTTP 301
https://www.tiantianzhibo.net/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 34

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-Jl3932fzY8HFGOiFk5oA&google_cver=1

Request Chain 35

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZR.sky7JfNSkx3NHt17yjgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-Jl3932fzY8HFGOiFk5oA&google_cver=1&google_hm=2

Request Chain 36

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOOJ39moFcfwW2i20fdYLTM&google_cver=1

Request Chain 37

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTA5NTQxMDQ2NjE3ODAzMjcx

Request Chain 54

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-Jl3932fzY8HFGOiFk5oA&google_cver=1

Request Chain 55

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZR.sky7JfNSkx3NHt17yjgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-Jl3932fzY8HFGOiFk5oA&google_cver=1&google_hm=2

Request Chain 56

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOOJ39moFcfwW2i20fdYLTM&google_cver=1

Request Chain 57

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTA5NTQxMDQ2NjE3ODAzMjcx

Request Chain 60

https://hal900019.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=75cde5160b&subid=&uid=cc1f26e6bedc8b68&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCiD4sk6wfZZiUF9nQ6wSbhomADKblvaBprZWcp8kP8C4QASDV585fYJXCpoKwB8gBCakC5TzTeR-xsT6oAwHIA5sEqgT_AU_Qqnx22bh959dE0yhrqtL3TbwVgbQ_Dn1DrzxSr7E3e63YEPSKhSaFKPVzrQ2SGgrq91cCzmpV1aZCEBSOa4KmQ2HmLd6J3lSYPmKYoImKEvJER-oLDbAM84coXfJuhczCYLTj5Wh8H5eqH9FH_dwu57Xf6X8St5RYcZlAgUpkywCMNZcASFLokFBwCG7Vvn-QRZYTGqQrufeeRLKqjb5nKKZBJikLqQOtFme9tsGfARN03A1yOPsPzxd41dlY3gMAN1_lrLs5mpa8WqRRcgsfTWCdJ9C2p08y-k11DCHmzf_IxPsdyYrKUBakpk1AlhkQO0WAd3RwQ_CnlAlDT8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMI2Kmv-OjggQMVWeiaCh0bQwLAEAEYASAAEgKgHvD_BwE%26num%3D1%26cid%3DCAQSSwDICaaNBOYijrDpbMYQiijikSwThsQAhnBg_2D6FnVM5PQDMgShQDAv_2QbeGWOpDCFEj6NMzQjwJ_PZudzi1QXQgZ69_0ymk1cPRgB%26sig%3DAOD64_1UtC93e3atDJ4sJz83a1z1nefsVg%26client%3Dca-pub-9501431160750931%26dbm_c%3DAKAmf-DuZgKRW7llqZDx_YW_IFb00Zk2dyIRbfREviOuDvJx1vTJ3uS5ov-40ER14f8-rHkq7UII-dDdY4Y5jb_3xg38HjGvQgtLXb26kWOba_MSKhbofsXK7AxGabDqZM-ofK4r8wWWCuoqiwvpJuxjSzdo6ED1FgmPWFRdwnaj95r2XqRp6eM%26cry%3D1%26dbm_d%3DAKAmf-BMVWtVoOIhFpIV7O-rUOtj8z8azSkckYtFMcgYvMhLVs8HLCSA7fAHPJLcV7866VS3uQXUzIsuSxfX1UbSK-nTuYA755YsA1bjSnnVwjpos_uoB6kFAkG_Xj9eidYMzurcDuGGqbpB5TWGimflrhZikDy5sK5uwhA7nrUCufOoYyVIN3_0Pg7luSF_9JsLXP3dCHH3gUARB_nSxHIE1OyDFnoegcPYPhppD6lX8TwO2VvkpYbuF9fRs33IosEGEpjdhsifiHKN-AK5i7H4Hn4QVg7rcz8pLGu6717f8EVcGTDucBQkTHtiSS1mZjA7RmUU9wVSOCWxQib018itF0RnUpyIOzPd12PisiFFxsBOyTXpauPPHsxLTxl8W9DLstlYx62lBWPq_lxn-xMNYDZ0lG76Z9rRcmgrb9QB0raLnS7hWCwtLvam_QzvGakeLkMjPGM4wJyJUozZ3nnuCMGQ2DLx1sWy-deWugb8paSKFmM4ptHe4RzBjMj-yC2k5-5oJiWA91onJTz8JZ8kSRJBY4-qhZ0D3GVbK9jU_OQntL3u-8c%26adurl%3D&documentReferer=https%3A%2F%2Fwww.tiantianzhibo.net%2F&ancestorOrigins=https%3A%2F%2Fwww.tiantianzhibo.net&random=9944865800794&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900019.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=75cde5160b&subid=&uid=cc1f26e6bedc8b68&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCiD4sk6wfZZiUF9nQ6wSbhomADKblvaBprZWcp8kP8C4QASDV585fYJXCpoKwB8gBCakC5TzTeR-xsT6oAwHIA5sEqgT_AU_Qqnx22bh959dE0yhrqtL3TbwVgbQ_Dn1DrzxSr7E3e63YEPSKhSaFKPVzrQ2SGgrq91cCzmpV1aZCEBSOa4KmQ2HmLd6J3lSYPmKYoImKEvJER-oLDbAM84coXfJuhczCYLTj5Wh8H5eqH9FH_dwu57Xf6X8St5RYcZlAgUpkywCMNZcASFLokFBwCG7Vvn-QRZYTGqQrufeeRLKqjb5nKKZBJikLqQOtFme9tsGfARN03A1yOPsPzxd41dlY3gMAN1_lrLs5mpa8WqRRcgsfTWCdJ9C2p08y-k11DCHmzf_IxPsdyYrKUBakpk1AlhkQO0WAd3RwQ_CnlAlDT8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMI2Kmv-OjggQMVWeiaCh0bQwLAEAEYASAAEgKgHvD_BwE%26num%3D1%26cid%3DCAQSSwDICaaNBOYijrDpbMYQiijikSwThsQAhnBg_2D6FnVM5PQDMgShQDAv_2QbeGWOpDCFEj6NMzQjwJ_PZudzi1QXQgZ69_0ymk1cPRgB%26sig%3DAOD64_1UtC93e3atDJ4sJz83a1z1nefsVg%26client%3Dca-pub-9501431160750931%26dbm_c%3DAKAmf-DuZgKRW7llqZDx_YW_IFb00Zk2dyIRbfREviOuDvJx1vTJ3uS5ov-40ER14f8-rHkq7UII-dDdY4Y5jb_3xg38HjGvQgtLXb26kWOba_MSKhbofsXK7AxGabDqZM-ofK4r8wWWCuoqiwvpJuxjSzdo6ED1FgmPWFRdwnaj95r2XqRp6eM%26cry%3D1%26dbm_d%3DAKAmf-BMVWtVoOIhFpIV7O-rUOtj8z8azSkckYtFMcgYvMhLVs8HLCSA7fAHPJLcV7866VS3uQXUzIsuSxfX1UbSK-nTuYA755YsA1bjSnnVwjpos_uoB6kFAkG_Xj9eidYMzurcDuGGqbpB5TWGimflrhZikDy5sK5uwhA7nrUCufOoYyVIN3_0Pg7luSF_9JsLXP3dCHH3gUARB_nSxHIE1OyDFnoegcPYPhppD6lX8TwO2VvkpYbuF9fRs33IosEGEpjdhsifiHKN-AK5i7H4Hn4QVg7rcz8pLGu6717f8EVcGTDucBQkTHtiSS1mZjA7RmUU9wVSOCWxQib018itF0RnUpyIOzPd12PisiFFxsBOyTXpauPPHsxLTxl8W9DLstlYx62lBWPq_lxn-xMNYDZ0lG76Z9rRcmgrb9QB0raLnS7hWCwtLvam_QzvGakeLkMjPGM4wJyJUozZ3nnuCMGQ2DLx1sWy-deWugb8paSKFmM4ptHe4RzBjMj-yC2k5-5oJiWA91onJTz8JZ8kSRJBY4-qhZ0D3GVbK9jU_OQntL3u-8c%26adurl%3D&documentReferer=https%3A%2F%2Fwww.tiantianzhibo.net%2F&ancestorOrigins=https%3A%2F%2Fwww.tiantianzhibo.net&random=9944865800794&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 76

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBMDCXOp5GsJEMKr0Z4rEZE&google_cver=1

Request Chain 78

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEIpG22c6ssnwMLnIUMHJCLY&google_cver=1

Request Chain 115

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDr3ZqF_gEQgAgYgAgyCFFyRh2Ouq9r HTTP 301
https://tpc.googlesyndication.com/simgad/624907996767536446

Request Chain 134

https://googleads.g.doubleclick.net/pagead/adview?ai=COS8wk6wfZZ6OEMCu78EPs7KpwAe9jaavb-fNr6y_DorRo-2-ARABINXnzl9glcKmgrAHoAGwuqHXA8gBCakC5TzTeR-xsT6oAwHIA8sEqgTZAU_QRL8v_G-nv3bSVldCKbuwKZ21F2xf_FpxWJkuTtELkAo9pQguKHPfjkT-zr81IHLV3IhoRcBDQTPOugF4GahKRPUPRUv4dqimD4yCqv_-IxWsIqxVZm3AYpzDdSxbHnKbERib5xh-9rgGptwI8uKKLhqN2D05HSfnrYscupOErCHPK-gMcr-_fR4GoVilMk-YRW5Qf8F-uCixOaql32lvaVoXinVmnwRNBB7ie5UjUOGiDV3ZfO4mr-ByZgPRrFyk4Zorrh9Yehg2tiE-KSk9pV_qVePwixHABPmcqargA4gF-MTU6DaSBQQIBBgBkgUECAUYBKAGLoAHxfetPqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB6a-G9gHAPIHBBD61g3SCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6mgk8aHR0cHM6Ly93d3cua2F5YWsuZGUvc2VtaS9nZG50ZXh0L2ZsaWdodF9nZW5lcmFsL2FueS9kZS5odG1sgAoByAsB2BMMiBQC0BUBgBcBshccChoIABIUcHViLTk1MDE0MzExNjA3NTA5MzEYAA&sigh=iMANlRPo-v4&uach_m=[UACH]&ase=2&nis=4&cid=CAQSTADICaaN7uQyi5JKljaSPWncWq6q1wPP9uFTGJ9faGtvCWmePSa7lA5MbC2FG9SXiy0eV0Lh6_mscRx-kW9IFfa_BMzplG4DUnEqGLMYAQ&template_id=494&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2212472378881030305300%22,%22debug_reporting%22:true,%22destination%22:%22https://kayak.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22988306736%22],%224%22:[%2210-06%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%227920051722387263953%22}&andc=true

Request Chain 142

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9970179360259.533 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CImkkPno4IEDFbFVkQUd5HwL1Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9970179360259.533

Request Chain 150

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 153

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEKzhXH0WJ7SUn5X9MB5TIyM&google_cver=1

Request Chain 197

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEBULR4cgyt5lgm1Zc7AX-Jg&google_cver=1&google_push=AXcoOmQSHq6_nKty_kJJ3pLNQ179K_QT-_ZGKteNUvXsMXVDGXtytBg0wiR7R4NI4TDDvBIPiUfsQ6kDVSCvLr0RNFxzwUwL2EE9pF4 HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEBULR4cgyt5lgm1Zc7AX-Jg&google_cver=1&google_push=AXcoOmQSHq6_nKty_kJJ3pLNQ179K_QT-_ZGKteNUvXsMXVDGXtytBg0wiR7R4NI4TDDvBIPiUfsQ6kDVSCvLr0RNFxzwUwL2EE9pF4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=RW5WckFBY1IxUU9FeUY1&google_gid=CAESEBULR4cgyt5lgm1Zc7AX-Jg&google_cver=1&google_push=AXcoOmQSHq6_nKty_kJJ3pLNQ179K_QT-_ZGKteNUvXsMXVDGXtytBg0wiR7R4NI4TDDvBIPiUfsQ6kDVSCvLr0RNFxzwUwL2EE9pF4

Request Chain 198

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEBAPSaatBJSjILdzZn5z9As&google_cver=1&google_push=AXcoOmQrl-wpWt5ZUxV4Q7FQXpAzqbZrWdrHPiGPjsv8XfXu1OOmoMNhuvBMDif5mOGtrngWb7P3bafw18Hcpagh1IjIogOWZ_xT6g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEBAPSaatBJSjILdzZn5z9As&google_push=AXcoOmQrl-wpWt5ZUxV4Q7FQXpAzqbZrWdrHPiGPjsv8XfXu1OOmoMNhuvBMDif5mOGtrngWb7P3bafw18Hcpagh1IjIogOWZ_xT6g

Request Chain 200

https://d5p.de17a.com/cookies/google?google_gid=CAESEFQFprWGO8Vfx-fbViuGmEM&google_cver=1&google_push=AXcoOmTX6LbgmkSOVfHqXRWyf3yfAPDQdvBIcSZnrRrGO4gqMEyyB5B1xCwW46z_LRAH5qpLAlCMSNbcZVohTnzSRyo4FV_gEGM4gA HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEFQFprWGO8Vfx-fbViuGmEM&google_cver=1&google_push=AXcoOmTX6LbgmkSOVfHqXRWyf3yfAPDQdvBIcSZnrRrGO4gqMEyyB5B1xCwW46z_LRAH5qpLAlCMSNbcZVohTnzSRyo4FV_gEGM4gA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmTX6LbgmkSOVfHqXRWyf3yfAPDQdvBIcSZnrRrGO4gqMEyyB5B1xCwW46z_LRAH5qpLAlCMSNbcZVohTnzSRyo4FV_gEGM4gA

Request Chain 202

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEMLX5LDQb0n_qO8Nl3Xbid0&google_cver=1&google_push=AXcoOmQwgmjeNWBoqm20yUzQKdjWL_Mx5o_yrm0VnAY_WDALTnNLZsb5qTbCyOEdArQei8hUSiXirRwvV21kO0wlUC2gvXXkAUP5CwkR HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmQwgmjeNWBoqm20yUzQKdjWL_Mx5o_yrm0VnAY_WDALTnNLZsb5qTbCyOEdArQei8hUSiXirRwvV21kO0wlUC2gvXXkAUP5CwkR HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 205

https://fw.adsafeprotected.com/rfw/st/1686300/75378989/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1014294059&ias_pubId=pub-9501431160750931&ias_chanId=1&ias_placementId=20600109049&bidurl=https://www.tiantianzhibo.net/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0gJmoQ5YWWC90R931P9zJDy&adsafe_url=https%3A%2F%2Fwww.tiantianzhibo.net&adsafe_type=g&adsafe_url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-9501431160750931%26output%3Dhtml%26h%3D255%26slotname%3D6950575133%26adk%3D1536346496%26adf%3D1801062927%26pi%3Dt.ma~as.6950575133%26w%3D300%26lmt%3D1696567411%26format%3D300x255%26url%3Dhttps%253A%252F%252Fwww.tiantianzhibo.net%252F%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..%26dt%3D1696574610952%26bpp%3D1%26bdt%3D1989%26idt%3D275%26shv%3Dr20231004%26mjsv%3Dm202309291101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C250x250%26nras%3D1%26correlator%3D3473466491471%26frm%3D20%26pv%3D1%26ga_vid%3D230693676.1696574611%26ga_sid%3D1696574611%26ga_hid%3D1034204444%26ga_fc%3D0%26u_tz%3D120%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D925%26ady%3D1070%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759837%252C44759927%252C44759876%252C31077327%252C31078301%252C31078466%26oid%3D2%26pvsid%3D1595443399956531%26tmod%3D960840171%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CoeE%257C%26abl%3DCS%26pfx%3D0%26fu%3D0%26bc%3D31%26ifi%3D3%26uci%3Da!3%26fsb%3D1%26xpc%3DQ746UBZpGo%26p%3Dhttps%253A%2F%2Fwww.tiantianzhibo.net%26dtd%3D279&adsafe_type=bed&adsafe_jsinfo=,id:b2c0e3e3-ed9f-f872-e785-01e8466eafef,c:qfoOEW,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-797d947f74-rxpqq,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:337,mot:0,app:0,maw:0,fm:tRT0b1Z+11%7C12%7C1311%7C1312%7C13131%7C141*.1686300-75378989%7C1411%7C1412%7C14131%7C151%7C152%7C153%7C154%7C155%7C156%7C161%7C162%7C163%7C164%7C1711%7C1712%7C181,idMap:141*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:364,oid:aaca8862-6413-11ee-a0da-b25841914b64,v:19.8.439,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js?bundleId=${BUNDLE_ID}&ias_xappb=

246 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.tiantianzhibo.net/
Redirect Chain

http://tiantianzhibo.net/
https://tiantianzhibo.net/
https://www.tiantianzhibo.net/

40 KB
8 KB

852ms
735ms

Document
text/html

2606:4700:3030::6815:14de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tiantianzhibo.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:14de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.4.7

Resource Hash

87fd76d11e870aa0b08892fd9ba118013edb649845bcb8cb97566c72958a810c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 811bee258d71bbd1-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 06 Oct 2023 06:43:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TBpAywYrOR8klvmcNNhNoUmYQBsdtwxft7V%2BNqS%2BG0pkhyQW2RxmDoZzu82DyD3aRokGKmt23dEaNTMQyqjNMi5XkCb17cXetju8096Q6iiyoZED75VY0dgdAmRSxPLFLwtzw0%2BYwNNJfM%2BxJN49cSoqnVg%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: PHP/7.4.7

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 811bee20ab392bd3-FRA
content-type: text/html
date: Fri, 06 Oct 2023 06:43:28 GMT
location: https://www.tiantianzhibo.net/
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e5pqKKUYlqGyuIDtuJ%2Bk1WXdNTnfTM9%2FsYOGKKA5nRw0v3WMm0dTVPODHSVB39mDCclFjnAHiV4umGFRBItRbEAcj%2BB0KqwGri8oKdm%2BJ%2FFkTUtu5gvepzEgFRw8pzxBL9XL9g%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff

GET
H2 200 reset.css
www.tiantianzhibo.net/statics/css/nba/ 2 KB
1 KB 691ms
689ms Stylesheet
text/css 2606:4700:3030::6815:14de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tiantianzhibo.net/statics/css/nba/reset.css

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:14de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

429cecf19aa7548ea2dc394178245083a04791306fd31de16160f77505502a08

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tiantianzhibo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:29 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Tue, 25 Oct 2022 16:28:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
etag: W/"63580eb6-982"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4RSTdvLiAheWrQk3bUuLiRnvH%2Ftw%2FVSYoRR%2BswzoTUgxIg9IDws9iJhlLszRjkbjhgNavnmW24hd4y2yJNM3YfihWTbuIZS%2F%2F94BDP%2F5G7pAWjAcO9iAbqw9V1UqfxZBaockFVTZflYLJz%2BXWf7exCEBpq8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=1800
cf-ray: 811bee2a2a9bbbd1-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 common.css
www.tiantianzhibo.net/statics/css/nba/ 12 KB
3 KB 695ms
694ms Stylesheet
text/css 2606:4700:3030::6815:14de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tiantianzhibo.net/statics/css/nba/common.css?111

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:14de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6062ee42e44bc69c392b5d5b7c7cc129de45d6c74ab48bcc71370971901303c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tiantianzhibo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:29 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Tue, 25 Oct 2022 16:28:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
etag: W/"63580eb6-2f78"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=38HfG2pvF8EJIKr6rm0Ap27aYR0jpPDHxk0VuvkTCBvQXHUuoTis0gCMCJOuKDf5obc78BEr36nOLvqtGJid3iSCpRHqS0yFPIqpN1K7eER10%2BsQwjtYQaiw4mMdQQVA0aHtxOvU%2BY1hgFdpVgbXzJiloWY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=1800
cf-ray: 811bee2a2a9dbbd1-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 news.css
www.tiantianzhibo.net/statics/css/nba/ 18 KB
5 KB 989ms
988ms Stylesheet
text/css 2606:4700:3030::6815:14de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tiantianzhibo.net/statics/css/nba/news.css

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:14de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ebbc5a058e3ad1b69f390cd69c67ebb5f2ad1227c71bd4982e73268612eff91c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tiantianzhibo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:29 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Wed, 12 Apr 2023 03:03:05 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
etag: W/"64361f69-47c1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AcewO2T1FJAWuUyy52dpY3fW7jQaxnksJUpeb7pZZzM7bYvgE7yqwvGHhr23NKOU6XkyLbnaD0y6ZYVdncpEJxXwiW7KtqFCnq0ENHtvcC90uIPody8ETaLwzxOEZlSOTSU2I8wQ4URkEnZIRzepngC3Qvg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=1800
cf-ray: 811bee2a2a9ebbd1-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 jquery.min.js Show response
www.tiantianzhibo.net/statics/js/public/ 91 KB
34 KB 699ms
699ms Script
application/javascript 2606:4700:3030::6815:14de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tiantianzhibo.net/statics/js/public/jquery.min.js

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:14de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tiantianzhibo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:29 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Tue, 25 Oct 2022 16:28:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
etag: W/"63580eb6-16dc4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PxoQwKfxyxE2HdQfvtwFiQfdEugUNo17kBjkny76nyE9P%2FiuP%2BY6lSdcf1UGLEnwBTgDnPgaPbihKiGm0ETjliAZ3j5WUz5kXMgqt%2BRu3Hi2NKieu512vQFZJtm55nXVwKU%2FQmSlwo3L8VLzdtV2AV3LUJE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 811bee2a2aa0bbd1-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 148 KB
50 KB 228ms
139ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47c34c3cc8f3ba7d8726a9d479775908e31ad71aa4020cc51eba34375379b0ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tiantianzhibo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50999
x-xss-protection: 0
server: cafe
etag: 15937859382197350903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 06 Oct 2023 06:43:30 GMT

GET
H3 200 logo_o3x_02.png
www.tiantianzhibo.net/statics/images/ 36 KB
37 KB 1008ms
1007ms Image
image/png 2606:4700:3030::6815:14de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tiantianzhibo.net/statics/images/logo_o3x_02.png?111

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:14de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ea5ba483cc58c2ec804f0e6c814c0610a4f0c9da9619667712f1437302d70a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tiantianzhibo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:31 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 37250
last-modified: Tue, 25 Oct 2022 16:28:38 GMT
server: cloudflare
etag: "63580eb6-9182"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2lhLOlt94L9bfyT4YylR77ntKdFLr4Pu6X8coi5De9XeWCRgkCcj0J8snxnzp0kIP7MhZVWdoGV7IYMv%2FvIGuX8qn2aFfBYhA1DZbivavfaJmjvNECYlxtYRDC3puSwhpqOIN4OUBNWwyvzVR2bs2qai1mw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 811bee349ff45b50-FRA

GET
H3 200 250-250.js Show response
www.tiantianzhibo.net/adjs/ 395 B
721 B 979ms
979ms Script
application/javascript 2606:4700:3030::6815:14de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tiantianzhibo.net/adjs/250-250.js?1

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:14de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0008342dfdfb4978fd4cd8055aab6f753efb07673e13e1030e1c50de403065b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tiantianzhibo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:30 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Tue, 25 Oct 2022 16:28:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
etag: W/"63580eb6-18b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N07ktRQUFEa%2BTWv%2FuFrDvYTmAL6GLQxUmslvO6yIH1kuH40mdKIL8a9KQIIXRGiuz3L%2FzHh9Wx63gt2X7uAJT2CNdlAzkfRoNtUpXjTGlzMVpjWLwDJkHQjXPI3fqNXbSN%2B3xUB8iI6SStnGhYlCaJasoY8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 811bee2e8d865b50-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 right1.js Show response
www.tiantianzhibo.net/adjs/ 411 B
744 B 695ms
695ms Script
application/javascript 2606:4700:3030::6815:14de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tiantianzhibo.net/adjs/right1.js?1

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:14de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2937b1eff43b5494767cfff2fb7f26ea4f4568ff57ecdd70a661c3c7b1b77f86

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tiantianzhibo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:30 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Tue, 25 Oct 2022 16:28:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
etag: W/"63580eb6-19b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jHibICuUGL4YGLOrkV7y%2B4xKlgIfKqh4U4%2BQGSVewEUhSQqoTtW3OBCkE7EPESGP60dGkV7Aj3798Z4Q8ACZ21OCdVR1VANHG6h%2Bsgxx7Z2y9BW9Xb75MAoTHE3z8sMeg6dpbljJAZosh7GFsLsCyyntQO0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 811bee305e315b50-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 right2.js Show response
www.tiantianzhibo.net/adjs/ 404 B
747 B 681ms
680ms Script
application/javascript 2606:4700:3030::6815:14de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tiantianzhibo.net/adjs/right2.js?1111

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:14de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

818cc940e4ef782c114f286b087fac335543bc859f96c8b300061e600a06eedf

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tiantianzhibo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:31 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Tue, 25 Oct 2022 16:28:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
etag: W/"63580eb6-194"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zqkPMpHm%2BcO4JTNMJQ1xrnBBfNv4qsA3qZ4Ufv8Qq1FzL98sbaiJols1PWHWil9eQsx9dC7mnLbKXVtAxtzPtL1EojQ%2BXpOWfMmXnKRaLMDBXnn1DbJCs5FOY%2BLHr10NUyfQ2V4KgN%2F99ATaT3aexxPNOT4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 811bee349fef5b50-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 index_main.js Show response
www.tiantianzhibo.net/statics/js/nba/ 11 KB
4 KB 641ms
641ms Script
application/javascript 2606:4700:3030::6815:14de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tiantianzhibo.net/statics/js/nba/index_main.js?2222

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:14de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5ca67c177b85e4d178c4ce564adf6e483f4950a15838ca3d80d93def7ff3986

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tiantianzhibo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:31 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Tue, 25 Oct 2022 16:28:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
etag: W/"63580eb6-2df3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yOmVUUYM1LxFsD3yt%2By2u8sk8x9wFb%2F8wL%2BTCKw%2FYAP4mhR7SZHO8DpVK8P3jYRCWs0TZwjsJYlVby0beVOaTDaaGZW7OSSAm6vhYKqP05ssTCn0mAbEfcGQn%2FnHYo2IYZ%2BdZiE5EucjBJfnERKRBsU2jls%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 811bee349ff05b50-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 common.js Show response
www.tiantianzhibo.net/statics/js/nba/ 319 B
602 B 348ms
347ms Script
application/javascript 2606:4700:3030::6815:14de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tiantianzhibo.net/statics/js/nba/common.js

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:14de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a60ac4292585b85fdd66956dab66e3996c19b8d207e8e0a98449777de49c11c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tiantianzhibo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:30 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Tue, 25 Oct 2022 16:28:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
etag: W/"63580eb6-13f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ajbsd5KbzlmVIeWblQLqPQRIY6gzS6zCitdOCCKP28qhrioZwKyPIwD5RhO3H80cyVHUhTwQzJnflDJJJuRi4aCWh%2BYRM%2FjqyQv6fdqzVprisT7COj1sbNufEAHqUumHHi3cDqkJqw93elT%2F7ZRX9wgh7ps%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 811bee349ff15b50-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 bf4.js Show response
www.tiantianzhibo.net/statics/js/nba/ 12 KB
4 KB 653ms
652ms Script
application/javascript 2606:4700:3030::6815:14de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tiantianzhibo.net/statics/js/nba/bf4.js

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:14de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

832f288dad7df3bc002b8909cac5542228fee7d1c2ce702bd954f62c3ae55e57

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tiantianzhibo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:31 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Tue, 25 Oct 2022 16:28:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
etag: W/"63580eb6-3002"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V9DIlr6ULhB7rRv0oVUqb%2BSBfFnkM0OUJFOjSZGlyiI0v1ej1QuLYqdc%2B3aLiYovtR9BFp%2FhxE3nc76m8vC%2BmtTKpCW%2FutmfMnqUYpmeh5zKQhkBLJ3iscTgZ39x63FVz5MJLpdRImEiDZbIj1OOs5me194%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 811bee349ff35b50-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 uaredirect.js Show response
www.tiantianzhibo.net/statics/js/public/ 3 KB
1 KB 665ms
665ms Script
application/javascript 2606:4700:3030::6815:14de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tiantianzhibo.net/statics/js/public/uaredirect.js?v=0.43752120203473277

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:14de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8d919ff39876f94ebbf5a8d688058e1eff3cb0bb8ceff60c8762f2abb669cd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tiantianzhibo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:30 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Sun, 01 Oct 2023 07:34:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
etag: W/"651920f1-c4d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UwdG9dAwl5sAEdGwIgRdha6R4ELro6P6adrZHGKGrPXT82x0JZqcdd%2FpE%2B4guXUtRapykagDo9Wyu6m1xpVtb5hSWQ3xTH%2BcB6r3Ff1%2BcnaHF3Ntgp%2FEKFvnNff4BU2uGgMI8jaw2CU7g2osjSochRwy8hM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 811bee307e3e5b50-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 football_ico.png
www.tiantianzhibo.net/statics/images/ 1 KB
2 KB 680ms
680ms Image
image/png 2606:4700:3030::6815:14de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tiantianzhibo.net/statics/images/football_ico.png

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/statics/css/nba/common.css?111

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:14de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8d101f3121dd9449ff5d53776dd97854206fa04d6348c8d2d29234954ee0d95

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tiantianzhibo.net/statics/css/nba/common.css?111
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:31 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 1219
last-modified: Tue, 25 Oct 2022 16:28:38 GMT
server: cloudflare
etag: "63580eb6-4c3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BcY%2FXArj5RUBoct6Q9Q6etMguePygMJsocUcBJInkmwJOrLZ8mpoQQgZzh5Jj9Ev6NzBJffLciFIalbkXHxv1Bx5vflOnuJtxSbKYMD9mtaXAXQ8%2BfTHgwX2ynyOW77FE6BfvD4sksCoeYm4yMAChTxLxSg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 811bee349ff65b50-FRA

GET
H3 200 video_ico.png
www.tiantianzhibo.net/statics/images/ 1 KB
2 KB 656ms
656ms Image
image/png 2606:4700:3030::6815:14de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tiantianzhibo.net/statics/images/video_ico.png

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/statics/css/nba/common.css?111

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:14de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

63d8b8c99fcaa3e93b596101e95cecff151d7751e190fb4a34a0ad148ad93867

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tiantianzhibo.net/statics/css/nba/common.css?111
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:31 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 1117
last-modified: Tue, 25 Oct 2022 16:28:38 GMT
server: cloudflare
etag: "63580eb6-45d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BUr76FWWC0a%2BzcRbMF2K27jjcGPQfgJKB%2BUGjqEtpHjAC5f7Wos4X1UGcoWqo5tVBVVguDDlpE1iqROKno8DYI5lOJfp0Y3ThmTv1ibotMd5MyAzwYQgxUwwUGXXFgkrrhs2PZX2FaKxdeRwo%2B%2BIocIgmVg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 811bee349ff75b50-FRA

GET
H3 200 news_ico.png
www.tiantianzhibo.net/statics/images/ 1 KB
2 KB 681ms
681ms Image
image/png 2606:4700:3030::6815:14de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tiantianzhibo.net/statics/images/news_ico.png

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/statics/css/nba/common.css?111

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:14de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dce7b450d83eab011fc1e663e1fe7a9e002740cb6c0fb92abb4b1e61c07fb71b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tiantianzhibo.net/statics/css/nba/common.css?111
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:31 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 1251
last-modified: Tue, 25 Oct 2022 16:28:38 GMT
server: cloudflare
etag: "63580eb6-4e3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TmXUVPPKvVUtK7keBM%2BucGoLQYLCh8gyI8Q%2BiEf9lpWg%2F0Co0r3rh8zFJxlOuDY2zjgdTxuIKc0lPHiphuLqrWdtcSSYtHUq129qpaxcwHs%2FrhScI%2Fz%2B6H%2BlywRdVG4u4TT216%2Fuq0OuvJ1j1ipRv9LZAIo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 811bee349ff95b50-FRA

GET
H3 200 basketball_ico.png
www.tiantianzhibo.net/statics/images/ 1 KB
2 KB 657ms
657ms Image
image/png 2606:4700:3030::6815:14de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tiantianzhibo.net/statics/images/basketball_ico.png

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/statics/css/nba/common.css?111

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:14de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

85b6d784099d05cd2ffc14602e160cffcadfb3730dbdfcc483035e033fd6b961

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tiantianzhibo.net/statics/css/nba/common.css?111
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:31 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 1196
last-modified: Tue, 25 Oct 2022 16:28:38 GMT
server: cloudflare
etag: "63580eb6-4ac"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2FPJUwO%2BNDZRFr5WA4NAyX%2BXa1u0pSs%2BEA6JuEq87AHC%2BrTM3r%2BZAI3a5B279fcAZFrozxrpX%2FlxFPJbK%2FpfJg74JxuAJ0%2BBxfoiPbDyJHGK%2FfM%2FARlC9dUh%2F7ytPkPhvwYFB3kpLv7WGvig7YhtJ2AdsBs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 811bee349ffa5b50-FRA

GET
H/1.1 200
OK news_ico.png
static4style.qiumibao.com//common/img/ 1 KB
2 KB 2033ms
289ms Image
image/png 240d:c010:18:1:38::1f
ACE-AS-AP ACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static4style.qiumibao.com//common/img/news_ico.png
Requested by: Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/statics/css/nba/common.css?111
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 240d:c010:18:1:38::1f , Singapore, ASN139341 (ACE-AS-AP ACE, SG),
Reverse DNS
Software: AliyunOSS /
Resource Hash: dce7b450d83eab011fc1e663e1fe7a9e002740cb6c0fb92abb4b1e61c07fb71b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tiantianzhibo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Tue, 18 Jul 2023 08:27:41 GMT
x-oss-request-id: 64B64CFDA701303934DE4E96
X-Cache-Lookup: Cache Hit
Content-MD5: mRmEaNHFuyS9nXrpI7oiaw==
Connection: keep-alive
Content-Length: 1251
x-oss-object-type: Normal
Last-Modified: Thu, 22 Oct 2015 07:51:29 GMT
Server: AliyunOSS
Etag: "99198468D1C5BB24BD9D7AE923BA226B"
Content-Type: image/png
x-oss-storage-class: Standard
X-NWS-LOG-UUID: 1089604679033823297
Accept-Ranges: bytes
x-oss-hash-crc64ecma: 12072275491274263829
x-oss-server-time: 27

GET
H3 404 tub.png
www.tiantianzhibo.net/statics/css/images/ 1 KB
1 KB 655ms
655ms Image
text/html 2606:4700:3030::6815:14de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tiantianzhibo.net/statics/css/images/tub.png

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/statics/css/nba/common.css?111

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:14de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.4.7

Resource Hash

868b089a28f353b2400d575b15c32d069775c99dca12e1202df34de355a6a272

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tiantianzhibo.net/statics/css/nba/common.css?111
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:31 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
x-powered-by: PHP/7.4.7
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5nNTaLrm1cbbXGbN74cKK19TsSHkQS0ABKTDiuBTrovOkK%2BX2fm2peKJN7t7eO7n%2B5fDyVOi6h0JAFjnqTTq8AQmzONaFwNDB9FmytvJowIK8lEXpl8aSOjdIAdUodzxD0x3UUt0tW12B1JpIkULUhTw8RU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: max-age=1800
cf-ray: 811bee34c8065b50-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/ 380 KB
129 KB 137ms
136ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9501431160750931&plah=www.tiantianzhibo.net&bust=31078466

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a61cd464213e709de1f3b0141359d24399e6c82302a34e4c558eca29aebe5ac7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tiantianzhibo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 131790
x-xss-protection: 0
server: cafe
etag: 3408873530635259290
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 06 Oct 2023 06:43:30 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231004/r20190131/ Frame 7E55 10 KB
5 KB 127ms
39ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231004/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tiantianzhibo.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 60413
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 13:56:38 GMT
etag: 2603938475786422795
expires: Thu, 19 Oct 2023 13:56:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 401 B
608 B 138ms
50ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.tiantianzhibo.net&callback=_gfp_s_&client=ca-pub-9501431160750931

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9501431160750931&plah=www.tiantianzhibo.net&bust=31078466

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d74d05591b5e2ba15ca43b6355158d8743b0b5db53011f29bc79fe4230659fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tiantianzhibo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 256
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4ECD 360 KB
80 KB 848ms
847ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&adk=1812271804&adf=3025194257&lmt=1696567411&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x945_l%7C260x945_r&format=0x0&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574610945&bpp=5&bdt=1982&idt=245&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3473466491471&frm=20&pv=2&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=267

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0328ba17530dce26036b567b64a776c895302f166e2333795a62979da08f173a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tiantianzhibo.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 81871
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 06:43:32 GMT
expires: Fri, 06 Oct 2023 06:43:32 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C6C4 174 KB
47 KB 655ms
654ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=250&slotname=6099260218&adk=1179801399&adf=3627366729&pi=t.ma~as.6099260218&w=250&lmt=1696567411&format=250x250&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574610950&bpp=2&bdt=1987&idt=269&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=72&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=IC1xrZnxaX&p=https%3A//www.tiantianzhibo.net&dtd=274

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef85ad42cd1a8321c8b6cdbe58f7dd39624f7bfd5fc191911294e8f85804f94b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tiantianzhibo.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 47506
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 06:43:31 GMT
expires: Fri, 06 Oct 2023 06:43:31 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2B51 25 KB
10 KB 889ms
887ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=255&slotname=6950575133&adk=1536346496&adf=1801062927&pi=t.ma~as.6950575133&w=300&lmt=1696567411&format=300x255&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574610952&bpp=1&bdt=1989&idt=275&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C250x250&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1070&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=Q746UBZpGo&p=https%3A//www.tiantianzhibo.net&dtd=279

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d6bf421fd12026d6c703b38414565985f8a4815139d48533f6e26e31a97f214f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tiantianzhibo.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 10404
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 06:43:32 GMT
expires: Fri, 06 Oct 2023 06:43:32 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3C9F 24 KB
11 KB 375ms
374ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=250&slotname=8918672040&adk=3624264942&adf=1402206701&pi=t.ma~as.8918672040&w=300&lmt=1696567411&format=300x250&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574611326&bpp=1&bdt=2363&idt=1&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C250x250%2C300x255&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1860&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=EPXkxXaWoy&p=https%3A//www.tiantianzhibo.net&dtd=4

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

92b477fc91ed2a27598ca42009b3c27b178b88cd12037280cc402ce7dd8738be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tiantianzhibo.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 10961
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 06:43:31 GMT
expires: Fri, 06 Oct 2023 06:43:31 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 list_code.htm Show response
bifen4pc.qiumibao.com/json/ 46 B
274 B 894ms
280ms XHR
text/html 118.178.110.57
ALIBABA-CN-NET Ha...

General

Check archive.org

Show headers Download Go to

Full URL: https://bifen4pc.qiumibao.com/json/list_code.htm?84917
Requested by: Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/statics/js/public/jquery.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 118.178.110.57 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software: /
Resource Hash: 9885b190d6f056f14f6bf44a00726a486be992c20fb99df59aa67af416d0173c

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.tiantianzhibo.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:32 GMT
last-modified: Fri, 06 Oct 2023 06:43:30 GMT
etag: "651fac92-2e"
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/html
access-control-allow-origin: *
accept-ranges: bytes
access-control-allow-headers: X-Requested-With
content-length: 46

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3C9F 42 B
63 B 74ms
73ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DfmejWB5SUpPtVM-8AQgYM4Vnds79LXeEwb-SrnGFycZE6EJrHZY0IuSHbU8r01Q2N3Zytlwa24fGcs05vzbcvZhDqhX-pLE9hIzDHnsKfB_j5MhY

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=250&slotname=8918672040&adk=3624264942&adf=1402206701&pi=t.ma~as.8918672040&w=300&lmt=1696567411&format=300x250&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574611326&bpp=1&bdt=2363&idt=1&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C250x250%2C300x255&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1860&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=EPXkxXaWoy&p=https%3A//www.tiantianzhibo.net&dtd=4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3C9F 0
20 B 75ms
74ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=11501952871119521308&x=1&ct=77

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 3C9F 89 KB
31 KB 96ms
95ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 06 Oct 2023 06:43:31 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame 3C9F 3 KB
1 KB 131ms
43ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 19:18:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41090
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 19:18:41 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame 3C9F 20 KB
9 KB 127ms
39ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:33:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61791
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:33:40 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3C9F 187 KB
59 KB 141ms
49ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Oct 2023 06:43:31 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 8354 624 B
246 B 80ms
80ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNX1O3pzXN5xRTTDqpqfUyZC6lWdypZPlwoqyGrslxZtboPuZMbozpEZQQFj2BgNrqM5t3c3iCH-2ccZmY-QL4asoiHUN9EX-icA2aAPlxNW48rPDqutptpvq__VeDBIPC1jEXzKC1koCm4U5dKFadsqveieEfcB54rIDT0QS-sma5kMZMM

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=250&slotname=8918672040&adk=3624264942&adf=1402206701&pi=t.ma~as.8918672040&w=300&lmt=1696567411&format=300x250&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574611326&bpp=1&bdt=2363&idt=1&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C250x250%2C300x255&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1860&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=EPXkxXaWoy&p=https%3A//www.tiantianzhibo.net&dtd=4
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 06:43:31 GMT
expires: Fri, 06 Oct 2023 06:43:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 8354
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-Jl3932fzY8HFGOiFk5oA&google_cver=1

43 B
562 B

68ms
67ms

Image
image/gif

104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-Jl3932fzY8HFGOiFk5oA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNX1O3pzXN5xRTTDqpqfUyZC6lWdypZPlwoqyGrslxZtboPuZMbozpEZQQFj2BgNrqM5t3c3iCH-2ccZmY-QL4asoiHUN9EX-icA2aAPlxNW48rPDqutptpvq__VeDBIPC1jEXzKC1koCm4U5dKFadsqveieEfcB54rIDT0QS-sma5kMZMM
Protocol: H2
Server: 104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PqVICLET%2BKVsiSf%2F2mFjBMl%2FEY2B3pPPi46iueL4Fhn3nQrYjDICKjXSi0G3MZjSKwO1Ll5p9GqVKQ9Mnf1yKEfamVmRLnlvoZ%2BDwZINaR8yeHkMn8HEb%2BtutWF1TOYHBqewoqQpLjQGQA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 811bee3cd8cf5d39-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-Jl3932fzY8HFGOiFk5oA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 8354
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZR.sky7JfNSkx3NHt17yjgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-Jl3932fzY8HFGOiFk5oA&google_cver=1&google_hm=2

43 B
730 B

72ms
71ms

Image
image/gif

104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-Jl3932fzY8HFGOiFk5oA&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNX1O3pzXN5xRTTDqpqfUyZC6lWdypZPlwoqyGrslxZtboPuZMbozpEZQQFj2BgNrqM5t3c3iCH-2ccZmY-QL4asoiHUN9EX-icA2aAPlxNW48rPDqutptpvq__VeDBIPC1jEXzKC1koCm4U5dKFadsqveieEfcB54rIDT0QS-sma5kMZMM
Protocol: H3
Server: 104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rTBMCS0J4jnKSeUwOE%2FRTAcnHiIHbVYqsR3PHkoPVAjY4BtXfJY0r4LBlHM2Vf2FnyybgGIhaEv4Hj0Kkuz9PAUaEbvhhoj87zyyUUq3lqnjoyGqJAjkwi5W2r8WgrwyyZBcKVqGCtD88A%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 811bee3dab52bbaf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-Jl3932fzY8HFGOiFk5oA&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 8354
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOOJ39moFcfwW2i20fdYLTM&google_cver=1

43 B
840 B

48ms
47ms

Image
image/gif

185.89.210.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEOOJ39moFcfwW2i20fdYLTM&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNX1O3pzXN5xRTTDqpqfUyZC6lWdypZPlwoqyGrslxZtboPuZMbozpEZQQFj2BgNrqM5t3c3iCH-2ccZmY-QL4asoiHUN9EX-icA2aAPlxNW48rPDqutptpvq__VeDBIPC1jEXzKC1koCm4U5dKFadsqveieEfcB54rIDT0QS-sma5kMZMM

Protocol

Server

185.89.210.244 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:31 GMT
an-x-request-uuid: c5d34d5f-9b70-470b-9aaf-ac45ffd453e5
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 80.255.7.109; 80.255.7.109; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEOOJ39moFcfwW2i20fdYLTM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 8354
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTA5NTQxMDQ2NjE3ODAzMjcx

170 B
243 B

51ms
51ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTA5NTQxMDQ2NjE3ODAzMjcx

Requested by

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:31 GMT
an-x-request-uuid: 1fa17c95-b06d-496e-b435-4fb6d579df0d
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTA5NTQxMDQ2NjE3ODAzMjcx
x-proxy-origin: 80.255.7.109; 80.255.7.109; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3C9F 0
20 B 74ms
73ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2240063934045&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3C9F 0
20 B 74ms
74ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2240063934045&version=m202309260101&ct=77&x=1&cor=11501952871119522000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3C9F 16 KB
12 KB 79ms
79ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BTHa_sNxLNsLlC_O84Vz7yY95aI1hfsiYhBMFj6elj7aEDIuL7kUN1Ti17UVE1exnYbLadoZEAixPyXCiHGD8zyg_ETsNRezw2bjrS6sBys0FQB3QEZ_T6mj6TC--p4B3uEwbqlDjV9ilRfepiy2nXhONZJwUILaok7c-7-bCIxCw0Rzg&cry=1&dbm_d=AKAmf-Da-S6EAPiiP4YZxfpydBI1L6Sj9lzaKq1WmvQbAXATv4I_GSoaydlDMHUbUu7M4UobrCO6aamM3jiwQww5O5hyuXE0BQWkxdAChVu7_TZpP53mas7IcgCx0Y2mshz_y6VQ4mRZj15xxm4n8QXRl0NnjU1MvDtLy3p2ar5WCamcbPJFEoEMa15jwfVy_8h_eQPH9SAI2Z64KGIK_0PvCtD0gywlDTVVTrMXt2wpEh2dFCXahLLgHUaVDrjeioBMm8rs7f1a8KhAM7QO7W6mJ2c9hINdTFq9T8bQ6Z8aePaTqEuJwnesHCUPWVgQy29TAbEn-IEdejUfgtqvPXDjbWevVljGAwnpFcfxDmaWT77REsBvKUQY0AAi4jgvAtUy1p9lrCRRhHR-IKGCxDZAT8qQD8qD0U3VrBOgxgfm80IMBeT6BD4ZH78YeAHVXIxOLMQ1aoeQUmyiPvuC9HilUghezU7RfcJFJVVchv7cBVB2OVPXJjVdlXkaKBwWFGDC4-pwcN6COV5DEve7JFoQ4qa9lZn3iF-4k3P8jNfU7cTPhQKVA_94_VTHC4_U6MSxYxR1P6UHHzGmciqu_GU5TqfUovcDsnBBU3GZrFlLmby3XEWegaZPR5ua72mgYZFZ7AvqzDFQJ1vwWyZBBPPr-_E92OETQ8cbCKWC8AXrLp9Rz-VbAffHhWahSzbHb08y8r67mK6XGA7QOW2Z5r5xHh7KheMnbcEqNZgtJICJAmetNgPiCZOm1JABo6ypidZLy0mlkdsG10K9hz6Ph7utDcFMurEjV7wtcN_3ukLSuWliZYqFH7dhnutteGtcgjMqVvl5o5bvKcJfXcJqwhJqDwo5m179hqwCabujyUAO8j4rxi8Y2B4hy7yVIJQdSINOgKs_auGtrLjZNHxnYmnvnrd3WIwBikogoKvyBPg7ddz71zmmjAO7Jmv1bVUt6i-bOvH6KK7nxR8MkPsl8nNicGRdTDQIqP35ivd-rkXquyEnxEIEKWdlQykCCXZOxdrEFzhi3pb85MJ2G54pZmVVBPyPGEFYEVT-P4Cd_4neATxhuoGPt5FULFZfAkE-PPpjjPdqfZdjvHkCLeYZu0Zd2pbJLuUf3v27JwSl9yQ8wpgQi0jfJpe-EiZxJXKYkyMZzgWY1GXpHZm-2LHMkcu2jsf-LKlEyDuTxlZJkq2MXnUtqD-DSqvpIOofatMY_VOrXCKQhi9n9aXD2s1YVh1YBZJ9LOp-HbjqvE1N2Qb-79uyi4O911A5HsDn7NWg5WPjN9p2LaMah4Imxq1q6HAJjD5vExg5aaUj03bXHXLEvNJ1-fPnkojPvkiN8Ct_I_CXx4Ovg7qfKTGTABEEpoS8kEsFhkSbYMRyOvVXh73rZPlstRZygjeCm4Ikm3zdxt6DziNYzI1jcJr_HY5TyeyUeS6qoZ1MIOpB35KdPM4X9UjVOdDOwXz5T_H8N5jP-01pQjlWSiP_UkCld7O7H_reTz_VJiFGq8MYZZ4K0FU6g_u7GF8GbQPSLB9PHIqHL1JcwZ8Bp9vJRyVCdCOHZs7i3rhZ1FDhWFPxi69qfhkQckD5F9isqeQEAm7Jys8MjseyFInRjvG6JuKEPh34VpVRmgqiqpoMyHMudvT3ZvQPQa-WfmALMpBFKEmkSy9RWIIjO4QHgaonu3J5bSVBqTj3awdB7WMj0m8_hBUvaRXenRxumweyuHhvTlYcRKeMHCeX5aSO0YhcjkaGor__YcRdTAHM9UzFFxGmW2aYNnr3_lA3tbYPqOUoV9scrNbdMbhY77D3WHuFYBYLAQbOhP6u_BEaEGp9_zPBk4-4Gw-6eRPONydRndAiv1XEUVkZ2BnkSkYP_PvzYq-yvLT7QoxFlKMrt-PiE9mz5_n5IDeyJQh9ZPnUae13HSWCY9gznpqgLsYBR7IvW1DDqi7i7KvLsSlvxkT-lgbOEwMaMP68jJZZQJpphFXLYXIDKHSvbAgLEjAWlNgMaBy1YmjqXBbU005SRtKdbGlvxa-7Kz_hRS6Qk2Z1Bp11u1yFp_4PhImA-O1XKpN0QjMGzvgxqhVcItP3Ch3O3ileugl2StynNnnm-2fdAe-CrsgZf1HmSjWDUIlEZymammQBJINYilV3Vz54-Lxe9Nzu-DYOm75oSR308xkgOXQWthj2gVX2jFRI20SYa9NVJ_lCKV3M2qGozuSyuC5IZn1tWEpSJGzWFWGQ1rwKrV9WoCcEqG0jcGuPUOgy-5tCF7X2RfKq5zXsFPuEmKdPvEK7vmh3O4I35kz1go40Cp41tHM3pd7kmr7UQe4kc_ppFSav_uv2W2DZfcQMI9umjmagmtCjLpWkhktsv4r8oyg4z50X3Kbkfu38jNXqkHNCcUqYEaaAMOUlf1Hw1uPsxVr1q5RqsUyByG4s3XsVTN5-EPiSc08s6xcLp5QHR_uVi3sp1JbbdbqlMbSC-DzBIRLPIV7BOzkCIvdqJVTzn-sAMKf5_PdrB0j4SnDgOirJgWhMqyBWhKOhuIcMbLe9nywCHGS1qioeFU0syd7m9i-9TPwHa7rG6BOvbNNUfzQK_2BTT7LOI-ODfqAWrohHJtgDPnqDjcWqV4wUXOigau04VJfmx4K1Z56lKMkeWLawFVh2SIhmVl-6JxYeKjIjmuZ-kCN-ewOSqRothL31DLFFI-hH0wN6XIpyEzbhZg_D_gEtyDO-D7c2OBgxoU8fGpruKLyNALTV-qYbljAVpm-Xaq2WlEMHVRYITx5Xv5KmZ4pioTLyQ3vKsA2ceyIhjBlyiJy7pRjaMlMjCh6jFywWTTqIcBdVNR5UlFoaf_sSxwbDS4SHHph2pdfgXhBqxccX5qJzoqVppAuew_4F4oK86Z5oa1zb4xZ1B_FjHMOvOdJdbbKmYQMWQE8cgIkpiSYFKlvUmdM-TPekNIFrr8YcqVD2A-gdkUOotuemFQq6hB1Hk7dAjhl9_Ly4Kzgavkcva-PlKpUGK_8zEShi0iz3qrRmxPeDt6dvagrH0_RYP-pqW5Zol7hx49OaCB_jN7iKHQqj9UUYsp5HhTCY_3z5oyxEJ1qGQuqINyDqBt3kYzjUMxe26jtE1uZMe-9fKbCdxqP90Kd-WvX3yW71pj4BQ7L6GN0_KvPXlMvAgp66usJdtNwn1vmzCZh9LwHObJnRJnrT4_Jw1FnQ-CTuk0CSxEWZuZxqEbucaDYVWgnAwz8zJG8I4xGG7xK1Vo6n4uY-1ECRCKWKD3Pu7oDsYE9zkzEySOFFwGQSrTaeek0Pj-bVf5SdjBk8A92CFHcZHmTkWIQF0QV3bfg78kF8GrOTkQAVt_3CI1uimPxuYj7CVV5IiCBSqTY4LIWBzef21nXudKhTk0ni3Zm_8_Ua67LFNk4C7TGQSXVLO41UHGjFGLJiDC9cfv9yJXp5-J_8cXWg956VuFNahabnPiAsTWYXnlGiO2TnarnRNfz0omziWeoLCExRWPWZ_5OH6wp0H-sf8mrc0TnFoXfcooKo1dHCxL9YhE0DyILlXf5Irg-2NVNDBI7ap_eqVKk1w02g-1ZxAK8zXbTvLuzVQql_gD4vpeaupZzLEavJe9NbGewe-Ut1oP8NMw7GQ7g9U9KqyotruWRQs541VG5AsD0M507lqonE1r0S4k84TSN07_g_fbAWZB-UnT6mc0w8t1B4ucf8hwlP72VFpt1TnBygt9KPJ8dZAJhJ2VyIKkc3Zp7xHVfB5poFVhACp6tV_Y8hdXafDVPfMZPe1qh0hOaKW0eA2hTxiE12faxY-NghS0e3c1CBfHNV2W0A9IlGF10JzUf1-7aylx4InMTba5mJYwFLrX3CbwZPGj-NVL0_AnSg&cid=CAQSSwDICaaNBOYijrDpbMYQiijikSwThsQAhnBg_2D6FnVM5PQDMgShQDAv_2QbeGWOpDCFEj6NMzQjwJ_PZudzi1QXQgZ69_0ymk1cPRgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.tiantianzhibo.net%2F&ds=l&xdt=1&iif=1&cor=11501952871119522000&adk=1964084972&idt=130&cac=0&dtd=22

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4fbd1b523cf0619b4ffcfa228c48f7fb07154b01a6b23ba418ac7bc3ec1ac51e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=250&slotname=8918672040&adk=3624264942&adf=1402206701&pi=t.ma~as.8918672040&w=300&lmt=1696567411&format=300x250&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574611326&bpp=1&bdt=2363&idt=1&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C250x250%2C300x255&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1860&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=EPXkxXaWoy&p=https%3A//www.tiantianzhibo.net&dtd=4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12448
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 640B 624 B
245 B 82ms
80ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CP3nKBCD4EIYgoey4gEwAQ&v=APEucNUDsUtEGYXwqXYCUn8lzeaIdhsEhyCNtHkuwEuNoJA08RZ1gmBV-hLN7YEMbxLEJq7n35VZ94c53Tu1Fzw213lMbb6Imdp0HsD4wSfKShCwEv3GTXP_gKtVTvRbznJYE65Om0J1FqeDeDkNiIZxTm1IBfwd2YNE_ZH5Wp4EWE3zqpnxUVU

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=250&slotname=6099260218&adk=1179801399&adf=3627366729&pi=t.ma~as.6099260218&w=250&lmt=1696567411&format=250x250&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574610950&bpp=2&bdt=1987&idt=269&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=72&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=IC1xrZnxaX&p=https%3A//www.tiantianzhibo.net&dtd=274

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=250&slotname=6099260218&adk=1179801399&adf=3627366729&pi=t.ma~as.6099260218&w=250&lmt=1696567411&format=250x250&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574610950&bpp=2&bdt=1987&idt=269&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=72&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=IC1xrZnxaX&p=https%3A//www.tiantianzhibo.net&dtd=274
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 06:43:31 GMT
expires: Fri, 06 Oct 2023 06:43:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 3521 172 KB
61 KB 158ms
39ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 12:29:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 65661
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 06 Oct 2023 12:29:11 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231004/r20110914/elements/html/ Frame 3521 7 KB
3 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231004/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:45:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61099
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:45:12 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231004/r20110914/ Frame 3521 23 KB
9 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231004/r20110914/abg_lite_fy2021.js

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e0309fd597700b89310de557575438fb73dbee569cf734340057c0884ce91c20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:41:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61297
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9151
x-xss-protection: 0
server: cafe
etag: 7930219084593097114
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:41:54 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 3521 41 KB
14 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 23:31:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 112314
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 03 Oct 2024 23:31:37 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame 3521 3 KB
1 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 19:18:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41090
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 19:18:41 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame 3521 20 KB
8 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:33:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61791
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:33:40 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3521 187 KB
59 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Oct 2023 06:43:31 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3521 42 B
63 B 73ms
73ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BSAFynHA4hn2Yq0Ptrgk2-GW3uCpjWFwrEBs-B3AISvBovIayGHEv1u0b3IDEgAU2GDsvnhHHw5UVO8JWmUw9WE42A40ae6jhRcC1DtjFAcohVZ_Q

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 3C9F 41 KB
13 KB 53ms
52ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BTHa_sNxLNsLlC_O84Vz7yY95aI1hfsiYhBMFj6elj7aEDIuL7kUN1Ti17UVE1exnYbLadoZEAixPyXCiHGD8zyg_ETsNRezw2bjrS6sBys0FQB3QEZ_T6mj6TC--p4B3uEwbqlDjV9ilRfepiy2nXhONZJwUILaok7c-7-bCIxCw0Rzg&cry=1&dbm_d=AKAmf-Da-S6EAPiiP4YZxfpydBI1L6Sj9lzaKq1WmvQbAXATv4I_GSoaydlDMHUbUu7M4UobrCO6aamM3jiwQww5O5hyuXE0BQWkxdAChVu7_TZpP53mas7IcgCx0Y2mshz_y6VQ4mRZj15xxm4n8QXRl0NnjU1MvDtLy3p2ar5WCamcbPJFEoEMa15jwfVy_8h_eQPH9SAI2Z64KGIK_0PvCtD0gywlDTVVTrMXt2wpEh2dFCXahLLgHUaVDrjeioBMm8rs7f1a8KhAM7QO7W6mJ2c9hINdTFq9T8bQ6Z8aePaTqEuJwnesHCUPWVgQy29TAbEn-IEdejUfgtqvPXDjbWevVljGAwnpFcfxDmaWT77REsBvKUQY0AAi4jgvAtUy1p9lrCRRhHR-IKGCxDZAT8qQD8qD0U3VrBOgxgfm80IMBeT6BD4ZH78YeAHVXIxOLMQ1aoeQUmyiPvuC9HilUghezU7RfcJFJVVchv7cBVB2OVPXJjVdlXkaKBwWFGDC4-pwcN6COV5DEve7JFoQ4qa9lZn3iF-4k3P8jNfU7cTPhQKVA_94_VTHC4_U6MSxYxR1P6UHHzGmciqu_GU5TqfUovcDsnBBU3GZrFlLmby3XEWegaZPR5ua72mgYZFZ7AvqzDFQJ1vwWyZBBPPr-_E92OETQ8cbCKWC8AXrLp9Rz-VbAffHhWahSzbHb08y8r67mK6XGA7QOW2Z5r5xHh7KheMnbcEqNZgtJICJAmetNgPiCZOm1JABo6ypidZLy0mlkdsG10K9hz6Ph7utDcFMurEjV7wtcN_3ukLSuWliZYqFH7dhnutteGtcgjMqVvl5o5bvKcJfXcJqwhJqDwo5m179hqwCabujyUAO8j4rxi8Y2B4hy7yVIJQdSINOgKs_auGtrLjZNHxnYmnvnrd3WIwBikogoKvyBPg7ddz71zmmjAO7Jmv1bVUt6i-bOvH6KK7nxR8MkPsl8nNicGRdTDQIqP35ivd-rkXquyEnxEIEKWdlQykCCXZOxdrEFzhi3pb85MJ2G54pZmVVBPyPGEFYEVT-P4Cd_4neATxhuoGPt5FULFZfAkE-PPpjjPdqfZdjvHkCLeYZu0Zd2pbJLuUf3v27JwSl9yQ8wpgQi0jfJpe-EiZxJXKYkyMZzgWY1GXpHZm-2LHMkcu2jsf-LKlEyDuTxlZJkq2MXnUtqD-DSqvpIOofatMY_VOrXCKQhi9n9aXD2s1YVh1YBZJ9LOp-HbjqvE1N2Qb-79uyi4O911A5HsDn7NWg5WPjN9p2LaMah4Imxq1q6HAJjD5vExg5aaUj03bXHXLEvNJ1-fPnkojPvkiN8Ct_I_CXx4Ovg7qfKTGTABEEpoS8kEsFhkSbYMRyOvVXh73rZPlstRZygjeCm4Ikm3zdxt6DziNYzI1jcJr_HY5TyeyUeS6qoZ1MIOpB35KdPM4X9UjVOdDOwXz5T_H8N5jP-01pQjlWSiP_UkCld7O7H_reTz_VJiFGq8MYZZ4K0FU6g_u7GF8GbQPSLB9PHIqHL1JcwZ8Bp9vJRyVCdCOHZs7i3rhZ1FDhWFPxi69qfhkQckD5F9isqeQEAm7Jys8MjseyFInRjvG6JuKEPh34VpVRmgqiqpoMyHMudvT3ZvQPQa-WfmALMpBFKEmkSy9RWIIjO4QHgaonu3J5bSVBqTj3awdB7WMj0m8_hBUvaRXenRxumweyuHhvTlYcRKeMHCeX5aSO0YhcjkaGor__YcRdTAHM9UzFFxGmW2aYNnr3_lA3tbYPqOUoV9scrNbdMbhY77D3WHuFYBYLAQbOhP6u_BEaEGp9_zPBk4-4Gw-6eRPONydRndAiv1XEUVkZ2BnkSkYP_PvzYq-yvLT7QoxFlKMrt-PiE9mz5_n5IDeyJQh9ZPnUae13HSWCY9gznpqgLsYBR7IvW1DDqi7i7KvLsSlvxkT-lgbOEwMaMP68jJZZQJpphFXLYXIDKHSvbAgLEjAWlNgMaBy1YmjqXBbU005SRtKdbGlvxa-7Kz_hRS6Qk2Z1Bp11u1yFp_4PhImA-O1XKpN0QjMGzvgxqhVcItP3Ch3O3ileugl2StynNnnm-2fdAe-CrsgZf1HmSjWDUIlEZymammQBJINYilV3Vz54-Lxe9Nzu-DYOm75oSR308xkgOXQWthj2gVX2jFRI20SYa9NVJ_lCKV3M2qGozuSyuC5IZn1tWEpSJGzWFWGQ1rwKrV9WoCcEqG0jcGuPUOgy-5tCF7X2RfKq5zXsFPuEmKdPvEK7vmh3O4I35kz1go40Cp41tHM3pd7kmr7UQe4kc_ppFSav_uv2W2DZfcQMI9umjmagmtCjLpWkhktsv4r8oyg4z50X3Kbkfu38jNXqkHNCcUqYEaaAMOUlf1Hw1uPsxVr1q5RqsUyByG4s3XsVTN5-EPiSc08s6xcLp5QHR_uVi3sp1JbbdbqlMbSC-DzBIRLPIV7BOzkCIvdqJVTzn-sAMKf5_PdrB0j4SnDgOirJgWhMqyBWhKOhuIcMbLe9nywCHGS1qioeFU0syd7m9i-9TPwHa7rG6BOvbNNUfzQK_2BTT7LOI-ODfqAWrohHJtgDPnqDjcWqV4wUXOigau04VJfmx4K1Z56lKMkeWLawFVh2SIhmVl-6JxYeKjIjmuZ-kCN-ewOSqRothL31DLFFI-hH0wN6XIpyEzbhZg_D_gEtyDO-D7c2OBgxoU8fGpruKLyNALTV-qYbljAVpm-Xaq2WlEMHVRYITx5Xv5KmZ4pioTLyQ3vKsA2ceyIhjBlyiJy7pRjaMlMjCh6jFywWTTqIcBdVNR5UlFoaf_sSxwbDS4SHHph2pdfgXhBqxccX5qJzoqVppAuew_4F4oK86Z5oa1zb4xZ1B_FjHMOvOdJdbbKmYQMWQE8cgIkpiSYFKlvUmdM-TPekNIFrr8YcqVD2A-gdkUOotuemFQq6hB1Hk7dAjhl9_Ly4Kzgavkcva-PlKpUGK_8zEShi0iz3qrRmxPeDt6dvagrH0_RYP-pqW5Zol7hx49OaCB_jN7iKHQqj9UUYsp5HhTCY_3z5oyxEJ1qGQuqINyDqBt3kYzjUMxe26jtE1uZMe-9fKbCdxqP90Kd-WvX3yW71pj4BQ7L6GN0_KvPXlMvAgp66usJdtNwn1vmzCZh9LwHObJnRJnrT4_Jw1FnQ-CTuk0CSxEWZuZxqEbucaDYVWgnAwz8zJG8I4xGG7xK1Vo6n4uY-1ECRCKWKD3Pu7oDsYE9zkzEySOFFwGQSrTaeek0Pj-bVf5SdjBk8A92CFHcZHmTkWIQF0QV3bfg78kF8GrOTkQAVt_3CI1uimPxuYj7CVV5IiCBSqTY4LIWBzef21nXudKhTk0ni3Zm_8_Ua67LFNk4C7TGQSXVLO41UHGjFGLJiDC9cfv9yJXp5-J_8cXWg956VuFNahabnPiAsTWYXnlGiO2TnarnRNfz0omziWeoLCExRWPWZ_5OH6wp0H-sf8mrc0TnFoXfcooKo1dHCxL9YhE0DyILlXf5Irg-2NVNDBI7ap_eqVKk1w02g-1ZxAK8zXbTvLuzVQql_gD4vpeaupZzLEavJe9NbGewe-Ut1oP8NMw7GQ7g9U9KqyotruWRQs541VG5AsD0M507lqonE1r0S4k84TSN07_g_fbAWZB-UnT6mc0w8t1B4ucf8hwlP72VFpt1TnBygt9KPJ8dZAJhJ2VyIKkc3Zp7xHVfB5poFVhACp6tV_Y8hdXafDVPfMZPe1qh0hOaKW0eA2hTxiE12faxY-NghS0e3c1CBfHNV2W0A9IlGF10JzUf1-7aylx4InMTba5mJYwFLrX3CbwZPGj-NVL0_AnSg&cid=CAQSSwDICaaNBOYijrDpbMYQiijikSwThsQAhnBg_2D6FnVM5PQDMgShQDAv_2QbeGWOpDCFEj6NMzQjwJ_PZudzi1QXQgZ69_0ymk1cPRgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.tiantianzhibo.net%2F&ds=l&xdt=1&iif=1&cor=11501952871119522000&adk=1964084972&idt=130&cac=0&dtd=22

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 06:58:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 603907
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 Sep 2024 06:58:24 GMT

GET
H/1.1 200
OK iju9wczm8trb Show response
hal9000.redintelligence.net/zone/ Frame 3C9F 11 KB
4 KB 135ms
39ms Script
text/html 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/iju9wczm8trb?subid=&gdpr=&gdpr_consent=&rnd=1696574611379416&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCiD4sk6wfZZiUF9nQ6wSbhomADKblvaBprZWcp8kP8C4QASDV585fYJXCpoKwB8gBCakC5TzTeR-xsT6oAwHIA5sEqgT_AU_Qqnx22bh959dE0yhrqtL3TbwVgbQ_Dn1DrzxSr7E3e63YEPSKhSaFKPVzrQ2SGgrq91cCzmpV1aZCEBSOa4KmQ2HmLd6J3lSYPmKYoImKEvJER-oLDbAM84coXfJuhczCYLTj5Wh8H5eqH9FH_dwu57Xf6X8St5RYcZlAgUpkywCMNZcASFLokFBwCG7Vvn-QRZYTGqQrufeeRLKqjb5nKKZBJikLqQOtFme9tsGfARN03A1yOPsPzxd41dlY3gMAN1_lrLs5mpa8WqRRcgsfTWCdJ9C2p08y-k11DCHmzf_IxPsdyYrKUBakpk1AlhkQO0WAd3RwQ_CnlAlDT8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMI2Kmv-OjggQMVWeiaCh0bQwLAEAEYASAAEgKgHvD_BwE%26num%3D1%26cid%3DCAQSSwDICaaNBOYijrDpbMYQiijikSwThsQAhnBg_2D6FnVM5PQDMgShQDAv_2QbeGWOpDCFEj6NMzQjwJ_PZudzi1QXQgZ69_0ymk1cPRgB%26sig%3DAOD64_1UtC93e3atDJ4sJz83a1z1nefsVg%26client%3Dca-pub-9501431160750931%26dbm_c%3DAKAmf-DuZgKRW7llqZDx_YW_IFb00Zk2dyIRbfREviOuDvJx1vTJ3uS5ov-40ER14f8-rHkq7UII-dDdY4Y5jb_3xg38HjGvQgtLXb26kWOba_MSKhbofsXK7AxGabDqZM-ofK4r8wWWCuoqiwvpJuxjSzdo6ED1FgmPWFRdwnaj95r2XqRp6eM%26cry%3D1%26dbm_d%3DAKAmf-BMVWtVoOIhFpIV7O-rUOtj8z8azSkckYtFMcgYvMhLVs8HLCSA7fAHPJLcV7866VS3uQXUzIsuSxfX1UbSK-nTuYA755YsA1bjSnnVwjpos_uoB6kFAkG_Xj9eidYMzurcDuGGqbpB5TWGimflrhZikDy5sK5uwhA7nrUCufOoYyVIN3_0Pg7luSF_9JsLXP3dCHH3gUARB_nSxHIE1OyDFnoegcPYPhppD6lX8TwO2VvkpYbuF9fRs33IosEGEpjdhsifiHKN-AK5i7H4Hn4QVg7rcz8pLGu6717f8EVcGTDucBQkTHtiSS1mZjA7RmUU9wVSOCWxQib018itF0RnUpyIOzPd12PisiFFxsBOyTXpauPPHsxLTxl8W9DLstlYx62lBWPq_lxn-xMNYDZ0lG76Z9rRcmgrb9QB0raLnS7hWCwtLvam_QzvGakeLkMjPGM4wJyJUozZ3nnuCMGQ2DLx1sWy-deWugb8paSKFmM4ptHe4RzBjMj-yC2k5-5oJiWA91onJTz8JZ8kSRJBY4-qhZ0D3GVbK9jU_OQntL3u-8c%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=250&slotname=8918672040&adk=3624264942&adf=1402206701&pi=t.ma~as.8918672040&w=300&lmt=1696567411&format=300x250&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574611326&bpp=1&bdt=2363&idt=1&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C250x250%2C300x255&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1860&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=EPXkxXaWoy&p=https%3A//www.tiantianzhibo.net&dtd=4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: d3c3a0002309ca38786fe073c87d221b969dec5b2e00e4eb7b4e60dae3177cf1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Fri, 06 Oct 2023 06:43:32 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4212
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 3521 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 91d4a0d94d1fc1773e6638ef374749383abc08d3666c106d948fe5542a14d31b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame C853 38 KB
13 KB 40ms
39ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 107821
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 00:46:31 GMT
expires: Fri, 04 Oct 2024 00:46:31 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 640B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-Jl3932fzY8HFGOiFk5oA&google_cver=1

43 B
733 B

59ms
58ms

Image
image/gif

104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-Jl3932fzY8HFGOiFk5oA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CP3nKBCD4EIYgoey4gEwAQ&v=APEucNUDsUtEGYXwqXYCUn8lzeaIdhsEhyCNtHkuwEuNoJA08RZ1gmBV-hLN7YEMbxLEJq7n35VZ94c53Tu1Fzw213lMbb6Imdp0HsD4wSfKShCwEv3GTXP_gKtVTvRbznJYE65Om0J1FqeDeDkNiIZxTm1IBfwd2YNE_ZH5Wp4EWE3zqpnxUVU
Protocol: H3
Server: 104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6jiY9DaQNIqgey7Cx0M1Y%2FCeOJuGp4YvD7YvJ1thXVvM0G4fx9608v5fMxhgy5jtzjgufmFc3%2BD7MFBafONVTryhk0yxgGra%2F6z23Xx9JpTPqGbdSf%2BfTWd6zrMmiPKl4AfjNfFub3LM3A%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 811bee3dab54bbaf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-Jl3932fzY8HFGOiFk5oA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 640B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZR.sky7JfNSkx3NHt17yjgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-Jl3932fzY8HFGOiFk5oA&google_cver=1&google_hm=2

43 B
734 B

53ms
52ms

Image
image/gif

104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-Jl3932fzY8HFGOiFk5oA&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CP3nKBCD4EIYgoey4gEwAQ&v=APEucNUDsUtEGYXwqXYCUn8lzeaIdhsEhyCNtHkuwEuNoJA08RZ1gmBV-hLN7YEMbxLEJq7n35VZ94c53Tu1Fzw213lMbb6Imdp0HsD4wSfKShCwEv3GTXP_gKtVTvRbznJYE65Om0J1FqeDeDkNiIZxTm1IBfwd2YNE_ZH5Wp4EWE3zqpnxUVU
Protocol: H3
Server: 104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PUdz4oyuxqyZMRtziJ3UmgmEcx8LBjwvb9BxhxAXiTTBsVVPWMlxesI3eGwdoEGQvdEsqEuYb5sg%2B%2FHl3pvddfkmjmwxX%2Fs2HnUJ%2BmvRPRSoeks9q66RWbhGf3mOwRRFfNrVhwbzWGgE3w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 811bee3e5c55bbaf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED-Jl3932fzY8HFGOiFk5oA&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 640B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOOJ39moFcfwW2i20fdYLTM&google_cver=1

43 B
839 B

51ms
51ms

Image
image/gif

185.89.210.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEOOJ39moFcfwW2i20fdYLTM&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CP3nKBCD4EIYgoey4gEwAQ&v=APEucNUDsUtEGYXwqXYCUn8lzeaIdhsEhyCNtHkuwEuNoJA08RZ1gmBV-hLN7YEMbxLEJq7n35VZ94c53Tu1Fzw213lMbb6Imdp0HsD4wSfKShCwEv3GTXP_gKtVTvRbznJYE65Om0J1FqeDeDkNiIZxTm1IBfwd2YNE_ZH5Wp4EWE3zqpnxUVU

Protocol

Server

185.89.210.244 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
an-x-request-uuid: 76e09a70-372b-4576-afaa-8618ffcb2dc0
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 80.255.7.109; 80.255.7.109; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEOOJ39moFcfwW2i20fdYLTM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 640B
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTA5NTQxMDQ2NjE3ODAzMjcx

170 B
232 B

54ms
53ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTA5NTQxMDQ2NjE3ODAzMjcx

Requested by

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
an-x-request-uuid: a1ffaf88-bc8e-4e1d-8b5a-d18e52afd3e5
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTA5NTQxMDQ2NjE3ODAzMjcx
x-proxy-origin: 80.255.7.109; 80.255.7.109; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame EF46 22 KB
8 KB 40ms
39ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 60840
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 13:49:32 GMT
expires: Fri, 04 Oct 2024 13:49:32 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/ 154 KB
53 KB 88ms
87ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/reactive_library_fy2021.js?bust=31078466

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6a2b72214cc983024d368bae7231532353964b1f5577ed6735cbc65ed21dc2d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tiantianzhibo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53740
x-xss-protection: 0
server: cafe
etag: 10158816926239346639
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 06 Oct 2023 06:43:32 GMT

GET
H/1.1

200
OK

request.php Show response
hal900019.redintelligence.net/ Frame 3C9F
Redirect Chain

https://hal900019.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=75cde5160b&subid=&uid=cc1f26e6bedc8b68&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900019.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=75cde5160b&subid=&uid=cc1f26e6bedc8b68&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

193ms
112ms

Script
application/x-javascript

78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900019.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=75cde5160b&subid=&uid=cc1f26e6bedc8b68&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCiD4sk6wfZZiUF9nQ6wSbhomADKblvaBprZWcp8kP8C4QASDV585fYJXCpoKwB8gBCakC5TzTeR-xsT6oAwHIA5sEqgT_AU_Qqnx22bh959dE0yhrqtL3TbwVgbQ_Dn1DrzxSr7E3e63YEPSKhSaFKPVzrQ2SGgrq91cCzmpV1aZCEBSOa4KmQ2HmLd6J3lSYPmKYoImKEvJER-oLDbAM84coXfJuhczCYLTj5Wh8H5eqH9FH_dwu57Xf6X8St5RYcZlAgUpkywCMNZcASFLokFBwCG7Vvn-QRZYTGqQrufeeRLKqjb5nKKZBJikLqQOtFme9tsGfARN03A1yOPsPzxd41dlY3gMAN1_lrLs5mpa8WqRRcgsfTWCdJ9C2p08y-k11DCHmzf_IxPsdyYrKUBakpk1AlhkQO0WAd3RwQ_CnlAlDT8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMI2Kmv-OjggQMVWeiaCh0bQwLAEAEYASAAEgKgHvD_BwE%26num%3D1%26cid%3DCAQSSwDICaaNBOYijrDpbMYQiijikSwThsQAhnBg_2D6FnVM5PQDMgShQDAv_2QbeGWOpDCFEj6NMzQjwJ_PZudzi1QXQgZ69_0ymk1cPRgB%26sig%3DAOD64_1UtC93e3atDJ4sJz83a1z1nefsVg%26client%3Dca-pub-9501431160750931%26dbm_c%3DAKAmf-DuZgKRW7llqZDx_YW_IFb00Zk2dyIRbfREviOuDvJx1vTJ3uS5ov-40ER14f8-rHkq7UII-dDdY4Y5jb_3xg38HjGvQgtLXb26kWOba_MSKhbofsXK7AxGabDqZM-ofK4r8wWWCuoqiwvpJuxjSzdo6ED1FgmPWFRdwnaj95r2XqRp6eM%26cry%3D1%26dbm_d%3DAKAmf-BMVWtVoOIhFpIV7O-rUOtj8z8azSkckYtFMcgYvMhLVs8HLCSA7fAHPJLcV7866VS3uQXUzIsuSxfX1UbSK-nTuYA755YsA1bjSnnVwjpos_uoB6kFAkG_Xj9eidYMzurcDuGGqbpB5TWGimflrhZikDy5sK5uwhA7nrUCufOoYyVIN3_0Pg7luSF_9JsLXP3dCHH3gUARB_nSxHIE1OyDFnoegcPYPhppD6lX8TwO2VvkpYbuF9fRs33IosEGEpjdhsifiHKN-AK5i7H4Hn4QVg7rcz8pLGu6717f8EVcGTDucBQkTHtiSS1mZjA7RmUU9wVSOCWxQib018itF0RnUpyIOzPd12PisiFFxsBOyTXpauPPHsxLTxl8W9DLstlYx62lBWPq_lxn-xMNYDZ0lG76Z9rRcmgrb9QB0raLnS7hWCwtLvam_QzvGakeLkMjPGM4wJyJUozZ3nnuCMGQ2DLx1sWy-deWugb8paSKFmM4ptHe4RzBjMj-yC2k5-5oJiWA91onJTz8JZ8kSRJBY4-qhZ0D3GVbK9jU_OQntL3u-8c%26adurl%3D&documentReferer=https%3A%2F%2Fwww.tiantianzhibo.net%2F&ancestorOrigins=https%3A%2F%2Fwww.tiantianzhibo.net&random=9944865800794&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=250&slotname=8918672040&adk=3624264942&adf=1402206701&pi=t.ma~as.8918672040&w=300&lmt=1696567411&format=300x250&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574611326&bpp=1&bdt=2363&idt=1&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C250x250%2C300x255&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1860&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=EPXkxXaWoy&p=https%3A//www.tiantianzhibo.net&dtd=4
Protocol: HTTP/1.1
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 517ef43cf053634b6afdd8cf0019a8ef0baa1926bedb1c01b56affd5728dc87a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 06 Oct 2023 06:43:32 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 26684500025699504444554012469019
Connection: close
Content-Length: 1393
Expires: Fri, 06 Oct 2023 07:43:32 +0200

Redirect headers

Pragma: no-cache
Date: Fri, 06 Oct 2023 06:43:32 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=75cde5160b&subid=&uid=cc1f26e6bedc8b68&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCiD4sk6wfZZiUF9nQ6wSbhomADKblvaBprZWcp8kP8C4QASDV585fYJXCpoKwB8gBCakC5TzTeR-xsT6oAwHIA5sEqgT_AU_Qqnx22bh959dE0yhrqtL3TbwVgbQ_Dn1DrzxSr7E3e63YEPSKhSaFKPVzrQ2SGgrq91cCzmpV1aZCEBSOa4KmQ2HmLd6J3lSYPmKYoImKEvJER-oLDbAM84coXfJuhczCYLTj5Wh8H5eqH9FH_dwu57Xf6X8St5RYcZlAgUpkywCMNZcASFLokFBwCG7Vvn-QRZYTGqQrufeeRLKqjb5nKKZBJikLqQOtFme9tsGfARN03A1yOPsPzxd41dlY3gMAN1_lrLs5mpa8WqRRcgsfTWCdJ9C2p08y-k11DCHmzf_IxPsdyYrKUBakpk1AlhkQO0WAd3RwQ_CnlAlDT8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMI2Kmv-OjggQMVWeiaCh0bQwLAEAEYASAAEgKgHvD_BwE%26num%3D1%26cid%3DCAQSSwDICaaNBOYijrDpbMYQiijikSwThsQAhnBg_2D6FnVM5PQDMgShQDAv_2QbeGWOpDCFEj6NMzQjwJ_PZudzi1QXQgZ69_0ymk1cPRgB%26sig%3DAOD64_1UtC93e3atDJ4sJz83a1z1nefsVg%26client%3Dca-pub-9501431160750931%26dbm_c%3DAKAmf-DuZgKRW7llqZDx_YW_IFb00Zk2dyIRbfREviOuDvJx1vTJ3uS5ov-40ER14f8-rHkq7UII-dDdY4Y5jb_3xg38HjGvQgtLXb26kWOba_MSKhbofsXK7AxGabDqZM-ofK4r8wWWCuoqiwvpJuxjSzdo6ED1FgmPWFRdwnaj95r2XqRp6eM%26cry%3D1%26dbm_d%3DAKAmf-BMVWtVoOIhFpIV7O-rUOtj8z8azSkckYtFMcgYvMhLVs8HLCSA7fAHPJLcV7866VS3uQXUzIsuSxfX1UbSK-nTuYA755YsA1bjSnnVwjpos_uoB6kFAkG_Xj9eidYMzurcDuGGqbpB5TWGimflrhZikDy5sK5uwhA7nrUCufOoYyVIN3_0Pg7luSF_9JsLXP3dCHH3gUARB_nSxHIE1OyDFnoegcPYPhppD6lX8TwO2VvkpYbuF9fRs33IosEGEpjdhsifiHKN-AK5i7H4Hn4QVg7rcz8pLGu6717f8EVcGTDucBQkTHtiSS1mZjA7RmUU9wVSOCWxQib018itF0RnUpyIOzPd12PisiFFxsBOyTXpauPPHsxLTxl8W9DLstlYx62lBWPq_lxn-xMNYDZ0lG76Z9rRcmgrb9QB0raLnS7hWCwtLvam_QzvGakeLkMjPGM4wJyJUozZ3nnuCMGQ2DLx1sWy-deWugb8paSKFmM4ptHe4RzBjMj-yC2k5-5oJiWA91onJTz8JZ8kSRJBY4-qhZ0D3GVbK9jU_OQntL3u-8c%26adurl%3D&documentReferer=https%3A%2F%2Fwww.tiantianzhibo.net%2F&ancestorOrigins=https%3A%2F%2Fwww.tiantianzhibo.net&random=9944865800794&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Fri, 06 Oct 2023 07:43:32 +0200

GET
H3 200 bK4GZl0mtHPwIamiN73ahbbApyVSn2vIx_eFPB1ZZt0.js Show response
pagead2.googlesyndication.com/bg/ Frame C853 38 KB
14 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/bK4GZl0mtHPwIamiN73ahbbApyVSn2vIx_eFPB1ZZt0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6cae06665d26b473f021a9a237bdda85b6c0a725529f6bc8c7f7853c1d5966dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 07:37:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 83177
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14735
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 07:37:15 GMT

GET
H3 200 bK4GZl0mtHPwIamiN73ahbbApyVSn2vIx_eFPB1ZZt0.js Show response
pagead2.googlesyndication.com/bg/ Frame EF46 38 KB
14 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/bK4GZl0mtHPwIamiN73ahbbApyVSn2vIx_eFPB1ZZt0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6cae06665d26b473f021a9a237bdda85b6c0a725529f6bc8c7f7853c1d5966dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 07:37:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 83177
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14735
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 07:37:15 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6F9F 25 KB
12 KB 429ms
428ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=50&adk=2281393541&adf=3669479829&pi=t.aa~a.409348236~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1696567412&rafmt=1&to=qs&pwprc=6902623340&format=350x50&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574612160&bpp=2&bdt=3197&idt=2&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D72146b1c207b02c9%3AT%3D1696574611%3ART%3D1696574611%3AS%3DALNI_MYQe7cXULIUNSNnRIY3DLAW1XIovA&gpic=UID%3D00000c8f7bb0a3a2%3AT%3D1696574611%3ART%3D1696574611%3AS%3DALNI_MZPrtGQ50n1XM-7Y80sdzsKA9pfrw&prev_fmts=0x0%2C250x250%2C300x255%2C300x250&nras=2&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=ByQlBYIbTM&p=https%3A//www.tiantianzhibo.net&dtd=12

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6b2bc72955ec02bbd1db66838455813a41a37fc110a80b10a45ce2b9af39f12a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tiantianzhibo.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 11937
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 06:43:32 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0131 640 B
265 B 82ms
80ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGPS2h_kBMAE&v=APEucNVjWntyf6XHiBVrMKtuCGaMXs1-J-0uerygnMS1LGTFmjaRfOsh7PdmVhOYnPa33bVZXhOi7oMg4skCio0AzwB1TTfEcCc9ZO0xeCdRNj3X4lL7aMjvNK2CbC_TBxOA1_ipWZX4BGZjiUtt-a2ybMBpoDUdbCIgcgpfrqharxbj-qSMbSE

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=255&slotname=6950575133&adk=1536346496&adf=1801062927&pi=t.ma~as.6950575133&w=300&lmt=1696567411&format=300x255&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574610952&bpp=1&bdt=1989&idt=275&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C250x250&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1070&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=Q746UBZpGo&p=https%3A//www.tiantianzhibo.net&dtd=279

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=255&slotname=6950575133&adk=1536346496&adf=1801062927&pi=t.ma~as.6950575133&w=300&lmt=1696567411&format=300x255&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574610952&bpp=1&bdt=1989&idt=275&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C250x250&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1070&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=Q746UBZpGo&p=https%3A//www.tiantianzhibo.net&dtd=279
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 06:43:32 GMT
expires: Fri, 06 Oct 2023 06:43:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame DC54 89 KB
31 KB 168ms
166ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 06 Oct 2023 06:43:32 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame DC54 3 KB
1 KB 42ms
40ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 19:18:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41091
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 19:18:41 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame DC54 20 KB
8 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:33:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61792
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:33:40 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DC54 187 KB
59 KB 53ms
51ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Oct 2023 06:43:32 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame DC54 42 B
63 B 74ms
73ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DGjU74eA5MPrGysqq5XqRaEkS5kY8KRfFhSCl0unCxYUdxuc7kJ4IWKXZl-aNi4nHy5pVj3aS16ewTpDKl556V380hd2g3ykzZ_yn_4vJYKsXSjnI

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DC54 0
20 B 75ms
74ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=3193844785935650788&x=1&ct=76

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 creative.html Show response
s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/ Frame 4CC9 927 B
430 B 129ms
48ms Document
text/html 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/creative.html?e=69&leftOffset=0&topOffset=0&c=fQU9Qgy5vj&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f20c487da288a57a0f215a7913dd47d337d56d69c183883c5b5ae5d82edac8bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 402
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 06:43:32 GMT
expires: Sat, 05 Oct 2024 06:43:32 GMT
last-modified: Fri, 24 Feb 2023 10:56:42 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3521 0
0 183ms
88ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstntSA0fdjGMmeCnFRxcw8BqiUawDJS0reyCFEiKfLoY5L9A7AU5KC2k-_fv1TQKR5xzwbBYrAP128KaFS8YPh9IOxBm3YzmgoBcEvZ4I1tcy3y8VdCbcU7ANl-sENSZh3S7ToZFa7EjrCI0WzelnzZE18XrZcePfx9UirCjD4cgnAvw3adGzzSDBfEivNQd4ngPMqR7LoXx7B5ZzXGib_4kMBbobNq59mumogn_a8TIGzSyGn5G_OBF7nkr_Z34luNUOiyDEiCW25FP8eVmrS5725xhMCqa9NdVkVOD1xsEu0HqHUZBKyoKI4PSFKx9Abj96QdX5lG1wnvuoE62-ix4NwHIiMV969pSM0zdmJiHLF1sjL0kZ19x_dzSqG7xClnKAT1UW2CQe49xR7rQCM130ZHfr8pMm2NCm3DL10RIB8kc94MdjaVnHdtH_2vUk343Q2cz4mEBp9jCYAmGY7Q_q07RvoOU9AvnAgVHRZNl_zTGYJ5wgH4e8ouynvvOvRd-pYMZhOsddzAMBveqwyJMyI1512r5wbLfgt6p7eBP4-Ui0W_OvVan7xjlqPRh5EStGXHxdD2oZmUFzILc5IKMLPHWQfxm2VuZOc5VlY1SXB6b89MmOUzKbFsDaBp-KSoER0zcAorxXZV4X0EzNBhmXOivKR5ahWTAwwWQNh1X4BjZ_sTmpAsEkp3Y3qSKnQeuPjEqF8Giz3bAq6QqVBV2I3e0YWVsf2Y263U1of6YkCoNLNAQeg2L1TBO6BegINX0u18xVAlid4Z-jnL2_0ChCpppLF0AF3NL1KV01B8qJsFACMR0WIxDPqi8uz0bVXkZHCw7m3N8462DJY61Kv-4YYqRN_zJCr5h_q-XynfIQxz0FkQdrSMqX5-R2qJuF9CS_JcSXb3-UCtSrqDwswibU2MkfwC9zsZ85DgRSlkgDCLqwFfzucPmLKHfoL8wsjF77U7AZL_OiVMZVGx6PlwQt4nQEzsX9BdLFVZm7J5_a7OJKZv3ljm2yhFVVuigcbJMJXGyJDlkyATLuF0lvnUCoHHTiFoP3zJzXNSMqvCJ559PIbBbGZBTxndulxa7WZxpmR_FZM7hCodqLO4_oVbugYbYPkcknI1vq8R7skxBdFJim0hYlHipL6E1ZratQHtFjZAm1gdNrvJzf6QQePy_TIrsNh2HgA8oBKQ07eBF5lqGWouE7UNSutizZHdlo-f43QQy4yJT-TLquRNt07EdcoPlb1EGLVPpksqb3ZvMPCH4Rww5EfTsyEA&sai=AMfl-YTMkzUUCeOK6rTtpcItlAWWb5YaG1jc4X3z1zHZewIc7pJ8UQPiIJ1AwGch4s5epT_zBWXa2iRW3HUsJr7opdU3AOTHelLj_lZ1MZa2k3ls-3c0V3FYcv_ab3_spCDaL4T2fSjLt6h90hQeIPuG9OY0WsTE6-DIcWscpHdcep2kDd0kQc0FSqNWJ2v2FBwpLENLDrGmsFoUxW9CH0N8D5E-v5WVRE-qmjwkfGFoaVmlwWfwbunyV9qmZYbVwHPdUjWRMtAdathm8WEyoU0LDPbMLMvkrlxQacdXPMkFIH9lUeZ28LTskCIG1dNgAEjsYkjO-pAq_cN10sHv2i09R--pHKLLpzdfa4s0EnSymYsGWIuxSfNaV4Ha-Vw4oWNqDBkrt3ZPOaddNXxbJ_zHv7tNqEobouhXxVqJf2ykY3xg3sotWZAbXq1RRn5hUPQqx6q7VNrNYQS5rMFwb8e4IU0bGlqQa1dna-w5bSCh&sig=Cg0ArKJSzMSvvsK_ZnpcEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=260&cbvp=1&cstd=251&cisv=r20231004.37341&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 06 Oct 2023 06:43:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 list.htm Show response
bifen4pc.qiumibao.com/json/ 15 KB
3 KB 291ms
291ms XHR
text/html 118.178.110.57
ALIBABA-CN-NET Ha...

General

Check archive.org

Show headers Download Go to

Full URL: https://bifen4pc.qiumibao.com/json/list.htm?80565
Requested by: Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/statics/js/public/jquery.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 118.178.110.57 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software: /
Resource Hash: db1ed4c00ec91ece111f3d29f0e6a38ea281fb2e2063bcdc79972f989cf8554b

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.tiantianzhibo.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:32 GMT
content-encoding: gzip
last-modified: Fri, 06 Oct 2023 06:43:32 GMT
etag: W/"651fac94-3a99"
vary: Accept-Encoding
access-control-allow-methods: GET,POST,OPTIONS
content-type: text/html
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/ Frame 0CC5 10 KB
4 KB 41ms
40ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tiantianzhibo.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 46590
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 17:47:02 GMT
etag: 2603938475786422795
expires: Thu, 19 Oct 2023 17:47:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/ Frame D8EE 10 KB
4 KB 40ms
39ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tiantianzhibo.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 46590
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 17:47:02 GMT
etag: 2603938475786422795
expires: Thu, 19 Oct 2023 17:47:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 0131
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBMDCXOp5GsJEMKr0Z4rEZE&google_cver=1

43 B
114 B

64ms
50ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBMDCXOp5GsJEMKr0Z4rEZE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGPS2h_kBMAE&v=APEucNVjWntyf6XHiBVrMKtuCGaMXs1-J-0uerygnMS1LGTFmjaRfOsh7PdmVhOYnPa33bVZXhOi7oMg4skCio0AzwB1TTfEcCc9ZO0xeCdRNj3X4lL7aMjvNK2CbC_TBxOA1_ipWZX4BGZjiUtt-a2ybMBpoDUdbCIgcgpfrqharxbj-qSMbSE
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBMDCXOp5GsJEMKr0Z4rEZE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 0131 43 B
304 B 150ms
49ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGPS2h_kBMAE&v=APEucNVjWntyf6XHiBVrMKtuCGaMXs1-J-0uerygnMS1LGTFmjaRfOsh7PdmVhOYnPa33bVZXhOi7oMg4skCio0AzwB1TTfEcCc9ZO0xeCdRNj3X4lL7aMjvNK2CbC_TBxOA1_ipWZX4BGZjiUtt-a2ybMBpoDUdbCIgcgpfrqharxbj-qSMbSE
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 0131
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEIpG22c6ssnwMLnIUMHJCLY&google_cver=1

23 B
163 B

143ms
79ms

Image
image/gif

23.35.237.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEIpG22c6ssnwMLnIUMHJCLY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGPS2h_kBMAE&v=APEucNVjWntyf6XHiBVrMKtuCGaMXs1-J-0uerygnMS1LGTFmjaRfOsh7PdmVhOYnPa33bVZXhOi7oMg4skCio0AzwB1TTfEcCc9ZO0xeCdRNj3X4lL7aMjvNK2CbC_TBxOA1_ipWZX4BGZjiUtt-a2ybMBpoDUdbCIgcgpfrqharxbj-qSMbSE
Protocol: H2
Server: 23.35.237.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-56.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

expires: Fri, 06 Oct 2023 06:43:32 GMT
pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEIpG22c6ssnwMLnIUMHJCLY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 0131 23 B
163 B 212ms
79ms Image
image/gif 23.35.237.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSETBC6jZEBGPS2h_kBMAE&v=APEucNVjWntyf6XHiBVrMKtuCGaMXs1-J-0uerygnMS1LGTFmjaRfOsh7PdmVhOYnPa33bVZXhOi7oMg4skCio0AzwB1TTfEcCc9ZO0xeCdRNj3X4lL7aMjvNK2CbC_TBxOA1_ipWZX4BGZjiUtt-a2ybMBpoDUdbCIgcgpfrqharxbj-qSMbSE
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-56.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

expires: Fri, 06 Oct 2023 06:43:32 GMT
pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H2 200 css2
fonts.googleapis.com/ Frame 0CC5 4 KB
1 KB 139ms
50ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 06 Oct 2023 06:43:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 06 Oct 2023 05:45:25 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 06 Oct 2023 06:43:32 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 0CC5 205 B
651 B 128ms
41ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 01:08:26 GMT
x-content-type-options: nosniff
age: 106506
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 04 Oct 2024 01:08:26 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 0CC5 604 B
696 B 129ms
42ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 11:42:48 GMT
x-content-type-options: nosniff
age: 154844
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 03 Oct 2024 11:42:48 GMT

GET
H3 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/elements/html/ Frame 0CC5 15 KB
6 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

729bb9007929a8af5c6f300c99e7c5899043ed1734d39fd6f4e0361b94d1adbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:55:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60511
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6551
x-xss-protection: 0
server: cafe
etag: 6101707970674548951
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:55:01 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/elements/html/ Frame 0CC5 20 KB
8 KB 41ms
39ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7f8d937ac3c24cd9099dccaeb3e160dba15d6396b7f8ada3ca95f9ef24633aee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:52:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60663
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8566
x-xss-protection: 0
server: cafe
etag: 11420928434021954480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:52:29 GMT

GET
H3 200 initial.css
s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/css/ Frame 4CC9 2 KB
899 B 42ms
41ms Stylesheet
text/css 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/css/initial.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/creative.html?e=69&leftOffset=0&topOffset=0&c=fQU9Qgy5vj&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

284ad04845b7380ab09d988a65a8136842b4a297bd063889b5062f731389177c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/creative.html?e=69&leftOffset=0&topOffset=0&c=fQU9Qgy5vj&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 13:02:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 236482
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 870
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 10:56:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 02 Oct 2024 13:02:10 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 4CC9 118 KB
40 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/creative.html?e=69&leftOffset=0&topOffset=0&c=fQU9Qgy5vj&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/creative.html?e=69&leftOffset=0&topOffset=0&c=fQU9Qgy5vj&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 12:29:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 65661
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 06 Oct 2023 12:29:11 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ Frame 4CC9 82 KB
83 KB 154ms
49ms Script
text/javascript 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/creative.html?e=69&leftOffset=0&topOffset=0&c=fQU9Qgy5vj&t=1&renderingType=2&ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 00:17:45 GMT
x-content-type-options: nosniff
age: 23147
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 84245
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 05 Oct 2024 00:17:45 GMT

GET
H2 200 jquery-ui.min.js Show response
ajax.googleapis.com/ajax/libs/jqueryui/1.11.1/ Frame 4CC9 233 KB
62 KB 242ms
138ms Script
text/javascript 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.1/jquery-ui.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/creative.html?e=69&leftOffset=0&topOffset=0&c=fQU9Qgy5vj&t=1&renderingType=2&ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e09639315704980552b92eaae21f66af00a6e8a371f757f76b0b12420c2ed2a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 04:35:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 266871
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63865
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Oct 2024 04:35:41 GMT

GET
H3 200 initial.js Show response
s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/js/ Frame 4CC9 16 KB
3 KB 67ms
67ms Script
application/x-javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/js/initial.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/creative.html?e=69&leftOffset=0&topOffset=0&c=fQU9Qgy5vj&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d08cdad175344acba124ab88b2afbeec7779e8ddf5c9cf456c1133b8885192ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/creative.html?e=69&leftOffset=0&topOffset=0&c=fQU9Qgy5vj&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 11:47:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 586586
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2929
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 10:56:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 28 Sep 2024 11:47:06 GMT

GET
H3 200 logo.jpg
s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/images/ Frame 4CC9 2 KB
2 KB 43ms
42ms Image
image/jpeg 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/images/logo.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/creative.html?e=69&leftOffset=0&topOffset=0&c=fQU9Qgy5vj&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4927978f916c67a75b089f975343a53f686c38f1fc69c11252c2d5c6a1eb1913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/creative.html?e=69&leftOffset=0&topOffset=0&c=fQU9Qgy5vj&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 03:08:33 GMT
x-content-type-options: nosniff
age: 99299
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2209
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 10:56:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Oct 2024 03:08:33 GMT

GET
H3 200 spinner.gif
s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/images/ Frame 4CC9 7 KB
7 KB 41ms
41ms Image
image/gif 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/images/spinner.gif

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/creative.html?e=69&leftOffset=0&topOffset=0&c=fQU9Qgy5vj&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bcc5de0f53784c98bf4b3345b43f7d95736bd096e7ce0b8132a0555624adc13a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/creative.html?e=69&leftOffset=0&topOffset=0&c=fQU9Qgy5vj&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 12:14:18 GMT
x-content-type-options: nosniff
age: 498554
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6841
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 10:56:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 29 Sep 2024 12:14:18 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame D8EE 4 KB
744 B 122ms
50ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c4ec171d8f202fb90c55007f2dc8ab43a7d089d5e7b717eb03b41fdb3907b261

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 06 Oct 2023 06:43:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 06 Oct 2023 05:50:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 06 Oct 2023 06:43:32 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/ Frame D8EE 23 KB
9 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e0309fd597700b89310de557575438fb73dbee569cf734340057c0884ce91c20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:36:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61605
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9151
x-xss-protection: 0
server: cafe
etag: 7930219084593097114
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:36:47 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame D8EE 3 KB
1 KB 55ms
53ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 19:18:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41091
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 19:18:41 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame D8EE 20 KB
8 KB 45ms
43ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:33:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61792
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:33:40 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D8EE 187 KB
59 KB 65ms
64ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Oct 2023 06:43:32 GMT

GET
H2 200 f20a2b7dfb9062a0a08db52babdaa11c.js Show response
www.gstatic.com/mysidia/ Frame D8EE 37 KB
16 KB 112ms
42ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f20a2b7dfb9062a0a08db52babdaa11c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9bb40cefe87d2b65103b30be083f0dc8f963f3c930f230d905b811b6eb82f47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 15:26:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 55028
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15586
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:46:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 03 Jan 2024 15:26:24 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DC54 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5147060633222&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DC54 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5147060633222&version=m202309260101&ct=76&x=1&cor=3193844785935651000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame DC54 106 KB
41 KB 88ms
88ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DGX-zU8SRMKTFvtFAm3rQbAj2EVgiSFyNcXN5OqHFNc_D9RiPgmOljWL-FRuqMQVxN7F-lEzIyILWIXcSAacq1p_YlIJN-AxPvl12CYXsxETJSUu5kxWlfS9DBQ0ZoZBiPsVzLxlXIEpkl9jSXdzmA_G2gXUF11Wb1HmDksnN5IU46c-4&dbm_d=AKAmf-CoEZV414lfFH0fGVpczLf06OuLEZJT6Pq2j3qGN0UmyzAzbeIsJj4x2sd04k_d-jpUnLPjjXz0oTYA8FD0LCE0RyPRvELCSd4Po_h86shyRXcsn2zBqqUDOF8oIrjUi0G7JwJsjex3USxGOJq4G2za4O9wbIhJ0TRQ2g7vFldmNpGkQx5nDaMnYHTSs-ezznuMyJLzYZl7zZsGZnhji5Xv-BiUddM6e1f2edVZOVk-mwNIm7t5jbKQcsihCgNHaP6txKqPZNhljXefS4oisOus9524LXYFwEUffj0nDFu6ma0jRy3tpeXfmc8qjE2ZbfE1Aq5MS99GPD8x3_fLqPlZL89SXzUG6t7F2k_JyH5XL9I4LEK4Yk6d2KGnX-QlVx1W0OY1Pd3CUGNGYEjAKJbAd-jQxeJAJnlLs4da7SWQxD94iNzoX26krWGqHSSDTpA002z4LpZ9FmRtPtRA-6DLSVLND-sBBnVV_A2bGYX_f1zYqOGA4LCb9nA-0GnYUofEE5NjoeEQW2fShqE5qp2mWQsYqUBpm-d-myFpMxpQ83LZfEvQv5HqNLMv7aWj7xgbAfzBssmLq2syWuMcADTkzZEAHnHuioWbyjHIHzQ-XyfqdJTCpcraCBO63HrQIQegeq1gMblekBRF8TtVVtP_DrsIXwxAgpiT4fNDQK55sg1_UXMWg80TvHvHLLXuBoA89av1OP14ykhjlNTbRnvoofhDsBDgVtcEdwU1kpmUgkx_dN0yxS_ZwpnIZMVGSPQ5qpFxwUjax3BdBPFuoOVmihe6BbDg-K8RYlbJUYBuZXmddcTREZBxg15S6aYS-_SpIjytzOhbC61ehFirygRS4g5ip6Bwp8575zd0Nlda1fFKO_2nIainKijpda_nAoIrNa46OsNaWG2V9ZVkQ61zRo1d8ZMgYqqi8GRs1eGruky_S-FLi5NJgC0Hj3hp-1cysUlWZ8iuKW0s3zkhtCzQlHpSWmdrMUHSf8ULLhTgBmqE3_riTtx389OPudqYIOQzeAc1XOdSR9HaU7Ln7Zy37rNY17QaqiJZA2Q2cNlTeuuTNVmGosSvDSmDx3NWwMz71nOOiN4UYuiX1QCoQ-jqWmgT5-69rAnY3PceKN_BvlwIV-WSss-Gej2YBF7mTD7R14HFc6FWfi9EURjq7rrh1UoLToYvu5lPU5ICCUF7JNsKi0iFXkAIg6ER0lk2bFc-98idGUvCdasLJvjeFal9iohS4KSlh41tF_CG9CaE93riD1oPxg93KwM5DcwR_Xs3SkMF64r0Xi2Nzrb34Da8HUdAz-KxXbdebqHmMdlZYa4MnCqaymj_4LJ3hAffdMjWH-PU5QmoI2bTRf_F3A69-eGtQsYMD6EEmeYMpshsRFmy5B4fzkq0A5k5WPJk26w7ApsQm7Bp1QELZ5DBoR7y4CIzGKze0l2mKj0PW32pD6qNPX9ICAXbNGaiJo_y2YUq1pH-8k_CfmIKtJBUM2Oljx_YxSL1P5HjIw7hQ_WxGSytzXDxyS22mZKw0DWlp5kf6pqc2x9GxNyCYO_clWTculYG6ZMS0jWJyAnNIRpAVE11C8TDdvOSvfxO666cYDb9sVRif7YaHPOOxvcixJUC1SNjrd-Ggn86b2zKjWDSA-sNHAlNJBwof1ZPdiy9UABpNezJ1Goa-O2XH1TECHJgM7UB_Sei53Bsy4HzyEHbafcBPWpTnV9KVcHNAsF_ypM7cOrIZuKceCujwx0N0IxavpP2R2iGVmWd7JPGKbPYKnBpdwkf_aEoPdPJUH4YzZpMHfggyqIK4Dl_yhpt0ohgrjsMDduUnswpeYhjFWVoNjNyD0dxoZqMY5sn9Eh7mf07KA-InnEZkJDm2GE7a0Mj5oPlyFOjycb2kS_0nRQyPbc_bZNGr_1bSdPvGR6VLRWA1K57_z67csgQ9AVuXKhOlMBdnLnz40xXkANXzTpl44Uxn-gw3FAGNsADFTRY0CqZ28nJUrV5xa4BUhUHDh2J3Y8J7aQmGrnrBduW2Qjtajl8zu3t1Qf8GfpdTsrMgkSr6K0qqFRpyOqBIF9hW0sA-mBnIojl_8-Ql8zLTEGXeEF3adBSzRrNBbW2ecFD09OQrh4VIZNnDxScaXsrovds2mLr3UMi_Fyf4iCAdnJlBaGSn79tDkw0llkhwFWHYEdIaiM-oHAFHul-ElE9JsSvmJHwk4EFHDwRes176nIa21ILQAMex6DFVYIx6E9Bl8uK0fj5yScbXxArUcFCf20dDhWnRdecVhjbxiI8cv3_ikwDlHLQssyNsjdeV07WKOFrVy5OJkUHrn1NgRKCHtxCbVYRSwkcJbAs-8piPjCWie8A7p9QeX2zUBWK7y6MNWuM2chs2_ZzQZC8KUX-x-AC7TJSKLZk7A1RZ5A2xtFLNy7Am5pJuXE2kG0tnH3EumxL3IY7byDaIXqTIoT1DABclY29h2skFrBtsLqvsFSfWJVbYCe7pqbfab70Xgt1DNH21L2qKr7s1Ndanb01U3yvc7D5pzw21M4fXuLRC_aTNULcFCfo5mekmufR_3UcLp41r0iZjC7uLV0_okcoUAbfOsCqkEfhv8Rq2ACT48Jj-6-JqGAQ_QF6WYybmdP7E7jDarX11IO3ESxceNr8oOhqWXVjEwl1caLrewnahXDmDsBPBRERz80BN2pvdIjXJLP2P01AlYcbnXyEfNaYha7PQ-4JmxCQ0WcjEyl7k---B5AlkHkKq99s-mxT7XgRyKED__5UxZHEj4qomzCbt_ahDZJzWA0l1o8OTWTzpyY5bc0sAzNzNRrIpfgohDIGvVweTWbuYgxZPo13nh9410h29gigqaCtsoIYeh1Nvt3DY4HVGnyxoKwAHN_BvKTtZZuLbmzTmU2ptk-7454-LGmweXs1q_yhZjm6RzBFg1YfJwlMGyX1m6sGDpsx15bFhoSwjLXs3CdwHnpICso4OrMlsO65kfO24srvCmMqHmT4bottwyWuFSoTCCueFeZq48ohZLCAyKM-sQ-owCutbLi9fbxQcYhM7CdijvMzolDZ6IVNtf9yJFem8GiKod0KZZkH6c98R8CU1s9TD2pPBaIyAynIwfhcHov6FASc6-Oio-c_2OyqWvPTMyOQMzsHV6VVOIcJmgkZp6vywoX3OHVQIqxjVlIFjXqZJ3bwC05CmeqLCvf5k_5s-99_gTB7v0qd4Pdpde_FL9IQp6ULZ1stERRK_CO2kO2cybKWLuE7Qj8HQjk066ryhl2lWnx-vG9w-ErhtiKEKvy8jz8DOqzh5v9guJYHaroLs5Tc2UCA6HsehibMduZy32YMbZ2AgPtU2Z2-1tqjxjn9wv-l1EKcdXrG5cR64yrqPy1Vz-tLaCyucC60Kl1HIcdofobfBr-E5WzvAFuDysPh9ohxX4ECZkqhXvcUDKyV1NoDgYiaaT1L4jYRFhk0MkH4ItthKLolcmEiQa64PHVDD6tzMD6vEFJWjpioJaobYsFgNcV6Ev8q9l5Pmhg5x6--3s3Io_YDRz0wL_r6NWudvZyu4ZMAM7Me57tWj4NVBFjoHOZVwXghlMFDl92DPbULM0BWRGB3W7Jd4Rj5tOJD_i-P5e0qcFHnwmsazToUYUmprNzkUDEYO6FRs9h0vW8FuPzGwha8j9Fs11Fc5m6S4WCI3HBZ8XVBf0p_fwm-XV852AbTy4alq0d-QDPw2_Azr9No0zcNmbKm30qvKBedNFM8sxrYObkQIgnXETZ1EtkLyhZZQ9xb4EOHNTRQuDvIlKtX-alKUi9m&cid=CAQSSwDICaaNiRGbKKalPii-ESszbfn5yrUlP-PKVLDqV7pdnV0cAczNUbWqcBLF2cROyhlfB-HMYpzkNO9YctcOgzy7GhrMEUTcFmfffBgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.tiantianzhibo.net%2F&ds=l&xdt=1&iif=1&cor=3193844785935651000&adk=497053795&idt=211&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3cfc9577a5bf4c99500dff97877038a42855564ac87df89ced1dfdd195f64448

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=255&slotname=6950575133&adk=1536346496&adf=1801062927&pi=t.ma~as.6950575133&w=300&lmt=1696567411&format=300x255&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574610952&bpp=1&bdt=1989&idt=275&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C250x250&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1070&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=Q746UBZpGo&p=https%3A//www.tiantianzhibo.net&dtd=279
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41547
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C853 0
20 B 76ms
76ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BU-eWk6wfZbbfEJLu6gTjoIyQAgAAAAA4AeAEAg&bg=!SkmlSQbNAAYMG8UMLBs7ADQBe5WfOG2OYsrQPLuVY4q48KyNt7qcYeRs_KjiYmTAaf-WmkEwkQ8JKa3zzcjZoNXzEIV3AgAAANJSAAAACWgBBwoAI9CiQwqj9pjId9bYtIeZd7or0DJWiwKDxK8b6cGnlon2x49dmQMSR8-mMu73s7E86pWyXKGqtMucD7wyvA8FrAPuhcut8UrYttkz3YZnlj_zSSpxV1lhvcsIPngAPrDxRom2zkDRuQxAn774bpO-vR0mL0UUM5wGYzIDwRF9tHA1hzKuIZucU-8PVdk4ar7pTv_K_ArKjRUeegc8yJv2Vus3NQg1bnO0yek8ndFz07fquqZ0kVQZf_HhiYf5bzv1N9b_FP9xgRTZ_c4XgX8vGpdgsAK-uLFifN42FpfCx-155zQ_3Qzon1tRW9PtzoJb08Lj0vSUWxf5o4EceocDDKED6jg8C9gdNi_AuFRQhKf1S8SvUyLztTwJ_aVvW9ZBEDZba8wUh1gOo-sTmun7vFJ4YWDBFwEEvBqUZ0pnp8p8qu-5O_0VTWBY1yaCnc1cNApIcbdUhwCuGyS5UqaPBgXmP919KsI_2PYuePlHZdTDJxMcTj0oHg9bEnhhUQN-y8rGrO2M4lFwT-bIOJ8CtOpABR3m1FdcdiW8t2-3N9jo_zDrDB8-LCQwvnI0-M-WAUu6CIO_D4iYmbmitP4yjzohjPsEnI7Wb4aLlaUpMGlFucATUImB0S2uZRrcFM1ITfK1lef9XI6WzTFQWyWg81jmsw1oUspUIzOlwQvwDGKp0isczoLzMbB10X85999vjoCb71jgLI2lFlykI5r7MYBoPymK86FvuzXZVmN7Zusk5wA_BLztubJ_qRh6oLMSqbrUqsRSKjJ0fchEQl1q3Z4PQE-l41VA07_QwBf69JEFlDw9jrM0QYeDmea1sOSlKbuR5TYl5WxnNdTOKmqY0TXKmiLdZyvAR6Wvh_PycC977TzRQjlvx47vWNqm-36PMs2mSMcH-At16H4_mu4xnGQtP2qmQvEzYdsfW2Z7le5Y7y_EwxT9o1p_asKm1B9UtG5V4mOeOITEDv2eMzeFxAQ7n7yVqUUl6P9vveDtFW2vXhbp3D6SUMU0GuHDcn3Ju-ZFyFLNWNE3SI7lCIpg1-CUwGZ8q7d2jqv-LyDAV11Ym2jMNRXWsihf1bKBrXNO49mMcbIF0sv_

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EF46 0
20 B 78ms
78ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BJiS4k6wfZar-Nsy-gAeqja_QCgAAAAA4AeAEAg&bg=!ICOlI2zNAAYMG8UMLBs7ADQBe5WfOBq0UA3BBrn3qPqWMq7dwrRPMBzUhEhMStAEO3U5r5cwPp_CLaPgpLaXvMFq9X3TAgAAAMhSAAAABGgBB5kC4SnxPJ_HbrkZps8GcwfHWSCTzv--BE4uB5gniFQD1CFHQpwlhl5G-RFE_OVu9ImUBhayCXg6pUquI4ihMJ0LkZJCoyycfm6v5t-d8_8rf3sAH5BGn5SNVtRPGGoBUgDKKWei62n_iXOEkqDErJqrz6mEXiN9I7YlrUlM9PGtmT64Ox_1zEL2yNZXQeQIfbRalDcl55SNleKpcQ2L0U03N3mjnMeZjIb0j9ZsJUpzrXyFtYQj0oRHTwTjgaDeK2N_yWyU_HmNLgZa1lmmMI3sdCA9bXcNo37aRD0K-xoY36_lkYNotd2KVhJQeQTkl-Xxnw1tmLAo9GR_-GWTkTru1jchHl_uAST7yr2E-9zM_ZLMV9vcCqWMsNeOuWW_N5xXBtmkF73JJ4co37DxKHvZJ4uEggIL030qTUtW92RcTBGyQqld9eU9FkastHRsERwhTPUl_UC1TsWIDGLFPoeadtaASjVtgg-MinFklSIB3NF8zU_2e4F02TOAPZKrzZMY5VwKZ-9uB_yN_iPom07I6njTeiRllQTu0YVZhIQedI2NB_f_LgJ5Gej_7fLRGeeAsUq3tenZDVIrsOZ6Ivgo4iY6mv6hIKt9AMJwDjtHJzhKT3SHVtYSD5KnEe1V7OQOZOIMrCIYUUUgNTJ3BLsJI6GYlztUhXWrp7xjfBr1y5Ewhjp2eP-P-CDF_o1iiHFP-Hf61N8Yxu5HwSbJxpmfSYDLMJGCxH-AipZ6mEbpCkYDhTMWH58cvj2R1gyOjjAZ5lKBFXT7WCM8rl1xIMIP1VQuY60PnPJvEc2ehBbM61YuEHb46h5PCYE6iVIfT0cchysBDyeyjkIonj8Pl7xUD2itHNNwiX1aVRgFVmSdzK43t3iH9yR_b7zXAfalsduyRJMKjKL-Gqph_k1-BiHd_KQu426LL4AxX85YDQmk6whi8xNtsrzqxYrYbHplvz6LtNvg6GiQYoUSVqd-6fcw2A-A

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame 28D5 0
465 B 221ms
92ms Document
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=26684500025699504444554012469019&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=75cde5160b&subid=&uid=cc1f26e6bedc8b68&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCiD4sk6wfZZiUF9nQ6wSbhomADKblvaBprZWcp8kP8C4QASDV585fYJXCpoKwB8gBCakC5TzTeR-xsT6oAwHIA5sEqgT_AU_Qqnx22bh959dE0yhrqtL3TbwVgbQ_Dn1DrzxSr7E3e63YEPSKhSaFKPVzrQ2SGgrq91cCzmpV1aZCEBSOa4KmQ2HmLd6J3lSYPmKYoImKEvJER-oLDbAM84coXfJuhczCYLTj5Wh8H5eqH9FH_dwu57Xf6X8St5RYcZlAgUpkywCMNZcASFLokFBwCG7Vvn-QRZYTGqQrufeeRLKqjb5nKKZBJikLqQOtFme9tsGfARN03A1yOPsPzxd41dlY3gMAN1_lrLs5mpa8WqRRcgsfTWCdJ9C2p08y-k11DCHmzf_IxPsdyYrKUBakpk1AlhkQO0WAd3RwQ_CnlAlDT8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMI2Kmv-OjggQMVWeiaCh0bQwLAEAEYASAAEgKgHvD_BwE%26num%3D1%26cid%3DCAQSSwDICaaNBOYijrDpbMYQiijikSwThsQAhnBg_2D6FnVM5PQDMgShQDAv_2QbeGWOpDCFEj6NMzQjwJ_PZudzi1QXQgZ69_0ymk1cPRgB%26sig%3DAOD64_1UtC93e3atDJ4sJz83a1z1nefsVg%26client%3Dca-pub-9501431160750931%26dbm_c%3DAKAmf-DuZgKRW7llqZDx_YW_IFb00Zk2dyIRbfREviOuDvJx1vTJ3uS5ov-40ER14f8-rHkq7UII-dDdY4Y5jb_3xg38HjGvQgtLXb26kWOba_MSKhbofsXK7AxGabDqZM-ofK4r8wWWCuoqiwvpJuxjSzdo6ED1FgmPWFRdwnaj95r2XqRp6eM%26cry%3D1%26dbm_d%3DAKAmf-BMVWtVoOIhFpIV7O-rUOtj8z8azSkckYtFMcgYvMhLVs8HLCSA7fAHPJLcV7866VS3uQXUzIsuSxfX1UbSK-nTuYA755YsA1bjSnnVwjpos_uoB6kFAkG_Xj9eidYMzurcDuGGqbpB5TWGimflrhZikDy5sK5uwhA7nrUCufOoYyVIN3_0Pg7luSF_9JsLXP3dCHH3gUARB_nSxHIE1OyDFnoegcPYPhppD6lX8TwO2VvkpYbuF9fRs33IosEGEpjdhsifiHKN-AK5i7H4Hn4QVg7rcz8pLGu6717f8EVcGTDucBQkTHtiSS1mZjA7RmUU9wVSOCWxQib018itF0RnUpyIOzPd12PisiFFxsBOyTXpauPPHsxLTxl8W9DLstlYx62lBWPq_lxn-xMNYDZ0lG76Z9rRcmgrb9QB0raLnS7hWCwtLvam_QzvGakeLkMjPGM4wJyJUozZ3nnuCMGQ2DLx1sWy-deWugb8paSKFmM4ptHe4RzBjMj-yC2k5-5oJiWA91onJTz8JZ8kSRJBY4-qhZ0D3GVbK9jU_OQntL3u-8c%26adurl%3D&documentReferer=https%3A%2F%2Fwww.tiantianzhibo.net%2F&ancestorOrigins=https%3A%2F%2Fwww.tiantianzhibo.net&random=9944865800794&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
content-length: 0
content-type: application/javascript; charset=utf-8
date: Fri, 06 Oct 2023 06:43:32 GMT
host: pv.medialead.de
proxy-host: pv.medialead.de
server: nginx
strict-transport-security: max-age=15768000
vary: Origin
x-iplb-instance: 40028
x-iplb-request-id: 50FF076D:C472_91EFC182:01BB_651FAC94_4EE0E6:27FE6

GET
H2 200 / Show response
adv.office-partner.de/ Frame A337 930 B
931 B 205ms
39ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=75cde5160b&subid=&uid=cc1f26e6bedc8b68&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCiD4sk6wfZZiUF9nQ6wSbhomADKblvaBprZWcp8kP8C4QASDV585fYJXCpoKwB8gBCakC5TzTeR-xsT6oAwHIA5sEqgT_AU_Qqnx22bh959dE0yhrqtL3TbwVgbQ_Dn1DrzxSr7E3e63YEPSKhSaFKPVzrQ2SGgrq91cCzmpV1aZCEBSOa4KmQ2HmLd6J3lSYPmKYoImKEvJER-oLDbAM84coXfJuhczCYLTj5Wh8H5eqH9FH_dwu57Xf6X8St5RYcZlAgUpkywCMNZcASFLokFBwCG7Vvn-QRZYTGqQrufeeRLKqjb5nKKZBJikLqQOtFme9tsGfARN03A1yOPsPzxd41dlY3gMAN1_lrLs5mpa8WqRRcgsfTWCdJ9C2p08y-k11DCHmzf_IxPsdyYrKUBakpk1AlhkQO0WAd3RwQ_CnlAlDT8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMI2Kmv-OjggQMVWeiaCh0bQwLAEAEYASAAEgKgHvD_BwE%26num%3D1%26cid%3DCAQSSwDICaaNBOYijrDpbMYQiijikSwThsQAhnBg_2D6FnVM5PQDMgShQDAv_2QbeGWOpDCFEj6NMzQjwJ_PZudzi1QXQgZ69_0ymk1cPRgB%26sig%3DAOD64_1UtC93e3atDJ4sJz83a1z1nefsVg%26client%3Dca-pub-9501431160750931%26dbm_c%3DAKAmf-DuZgKRW7llqZDx_YW_IFb00Zk2dyIRbfREviOuDvJx1vTJ3uS5ov-40ER14f8-rHkq7UII-dDdY4Y5jb_3xg38HjGvQgtLXb26kWOba_MSKhbofsXK7AxGabDqZM-ofK4r8wWWCuoqiwvpJuxjSzdo6ED1FgmPWFRdwnaj95r2XqRp6eM%26cry%3D1%26dbm_d%3DAKAmf-BMVWtVoOIhFpIV7O-rUOtj8z8azSkckYtFMcgYvMhLVs8HLCSA7fAHPJLcV7866VS3uQXUzIsuSxfX1UbSK-nTuYA755YsA1bjSnnVwjpos_uoB6kFAkG_Xj9eidYMzurcDuGGqbpB5TWGimflrhZikDy5sK5uwhA7nrUCufOoYyVIN3_0Pg7luSF_9JsLXP3dCHH3gUARB_nSxHIE1OyDFnoegcPYPhppD6lX8TwO2VvkpYbuF9fRs33IosEGEpjdhsifiHKN-AK5i7H4Hn4QVg7rcz8pLGu6717f8EVcGTDucBQkTHtiSS1mZjA7RmUU9wVSOCWxQib018itF0RnUpyIOzPd12PisiFFxsBOyTXpauPPHsxLTxl8W9DLstlYx62lBWPq_lxn-xMNYDZ0lG76Z9rRcmgrb9QB0raLnS7hWCwtLvam_QzvGakeLkMjPGM4wJyJUozZ3nnuCMGQ2DLx1sWy-deWugb8paSKFmM4ptHe4RzBjMj-yC2k5-5oJiWA91onJTz8JZ8kSRJBY4-qhZ0D3GVbK9jU_OQntL3u-8c%26adurl%3D&documentReferer=https%3A%2F%2Fwww.tiantianzhibo.net%2F&ancestorOrigins=https%3A%2F%2Fwww.tiantianzhibo.net&random=9944865800794&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Fri, 06 Oct 2023 06:43:32 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Fri, 13 Oct 2023 06:43:32 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75 Show response
pv.medialead.de/trck/epv/ Frame 3C9F 0
465 B 203ms
75ms Script
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=26684500025699504444554012469019&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:32 GMT
strict-transport-security: max-age=15768000
server: nginx
host: pv.medialead.de
x-iplb-request-id: 50FF076D:C476_91EFC182:01BB_651FAC94_4EF02C:27FE7
x-iplb-instance: 40028
vary: Origin
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
content-length: 0
proxy-host: pv.medialead.de

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75
pv.medialead.de/trck/eview/ Frame 3C9F 43 B
481 B 204ms
72ms Image
image/gif 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e58733936cdd965d03e75?subid=26684500025699504444554012469019&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:32 GMT
strict-transport-security: max-age=15768000
server: nginx
host: pv.medialead.de
x-iplb-request-id: 50FF076D:C474_91EFC182:01BB_651FAC94_4E7982:1D8B7
x-iplb-instance: 40027
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
content-length: 43
proxy-host: pv.medialead.de

GET
H2 200 impression.php
t23.intelliad.de/ Frame 3C9F 43 B
556 B 174ms
51ms Image
image/gif 3.71.162.119
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t23.intelliad.de/impression.php?cl=2353636373136323131303&cp=101&ag=248&bm=100&bmcl=5373735313236323131303&crid=101&timestamp=1696574612&co=
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=75cde5160b&subid=&uid=cc1f26e6bedc8b68&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCiD4sk6wfZZiUF9nQ6wSbhomADKblvaBprZWcp8kP8C4QASDV585fYJXCpoKwB8gBCakC5TzTeR-xsT6oAwHIA5sEqgT_AU_Qqnx22bh959dE0yhrqtL3TbwVgbQ_Dn1DrzxSr7E3e63YEPSKhSaFKPVzrQ2SGgrq91cCzmpV1aZCEBSOa4KmQ2HmLd6J3lSYPmKYoImKEvJER-oLDbAM84coXfJuhczCYLTj5Wh8H5eqH9FH_dwu57Xf6X8St5RYcZlAgUpkywCMNZcASFLokFBwCG7Vvn-QRZYTGqQrufeeRLKqjb5nKKZBJikLqQOtFme9tsGfARN03A1yOPsPzxd41dlY3gMAN1_lrLs5mpa8WqRRcgsfTWCdJ9C2p08y-k11DCHmzf_IxPsdyYrKUBakpk1AlhkQO0WAd3RwQ_CnlAlDT8AE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAZgLAcgLAYAMAaoNAkRFyA0BsBPMnNkS0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26gclid%3DEAIaIQobChMI2Kmv-OjggQMVWeiaCh0bQwLAEAEYASAAEgKgHvD_BwE%26num%3D1%26cid%3DCAQSSwDICaaNBOYijrDpbMYQiijikSwThsQAhnBg_2D6FnVM5PQDMgShQDAv_2QbeGWOpDCFEj6NMzQjwJ_PZudzi1QXQgZ69_0ymk1cPRgB%26sig%3DAOD64_1UtC93e3atDJ4sJz83a1z1nefsVg%26client%3Dca-pub-9501431160750931%26dbm_c%3DAKAmf-DuZgKRW7llqZDx_YW_IFb00Zk2dyIRbfREviOuDvJx1vTJ3uS5ov-40ER14f8-rHkq7UII-dDdY4Y5jb_3xg38HjGvQgtLXb26kWOba_MSKhbofsXK7AxGabDqZM-ofK4r8wWWCuoqiwvpJuxjSzdo6ED1FgmPWFRdwnaj95r2XqRp6eM%26cry%3D1%26dbm_d%3DAKAmf-BMVWtVoOIhFpIV7O-rUOtj8z8azSkckYtFMcgYvMhLVs8HLCSA7fAHPJLcV7866VS3uQXUzIsuSxfX1UbSK-nTuYA755YsA1bjSnnVwjpos_uoB6kFAkG_Xj9eidYMzurcDuGGqbpB5TWGimflrhZikDy5sK5uwhA7nrUCufOoYyVIN3_0Pg7luSF_9JsLXP3dCHH3gUARB_nSxHIE1OyDFnoegcPYPhppD6lX8TwO2VvkpYbuF9fRs33IosEGEpjdhsifiHKN-AK5i7H4Hn4QVg7rcz8pLGu6717f8EVcGTDucBQkTHtiSS1mZjA7RmUU9wVSOCWxQib018itF0RnUpyIOzPd12PisiFFxsBOyTXpauPPHsxLTxl8W9DLstlYx62lBWPq_lxn-xMNYDZ0lG76Z9rRcmgrb9QB0raLnS7hWCwtLvam_QzvGakeLkMjPGM4wJyJUozZ3nnuCMGQ2DLx1sWy-deWugb8paSKFmM4ptHe4RzBjMj-yC2k5-5oJiWA91onJTz8JZ8kSRJBY4-qhZ0D3GVbK9jU_OQntL3u-8c%26adurl%3D&documentReferer=https%3A%2F%2Fwww.tiantianzhibo.net%2F&ancestorOrigins=https%3A%2F%2Fwww.tiantianzhibo.net&random=9944865800794&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.71.162.119 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-71-162-119.eu-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
server: Apache
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW NID PSAo PSDo OUR STP OTC"
content-type: image/gif
cache-control: no-store, no-cache, max-age=0, must-revalidate
content-length: 43
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 3F91 15 KB
1 KB 57ms
50ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

62218c89aeba998ce96c351c07bba16f0f37d591eb24b3a5c954fae4adda5cc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 06 Oct 2023 06:43:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 06 Oct 2023 05:45:06 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 06 Oct 2023 06:43:32 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/ Frame 3F91 23 KB
9 KB 44ms
39ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e0309fd597700b89310de557575438fb73dbee569cf734340057c0884ce91c20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:36:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61605
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9151
x-xss-protection: 0
server: cafe
etag: 7930219084593097114
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:36:47 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame 3F91 3 KB
1 KB 57ms
52ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 19:18:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41091
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 19:18:41 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame 3F91 20 KB
8 KB 47ms
42ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:33:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61792
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:33:40 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3F91 187 KB
59 KB 69ms
64ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Oct 2023 06:43:32 GMT

GET
H2 200 f20a2b7dfb9062a0a08db52babdaa11c.js Show response
www.gstatic.com/mysidia/ Frame 3F91 37 KB
15 KB 44ms
40ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f20a2b7dfb9062a0a08db52babdaa11c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9bb40cefe87d2b65103b30be083f0dc8f963f3c930f230d905b811b6eb82f47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 15:26:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 55028
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15586
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:46:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 03 Jan 2024 15:26:24 GMT

GET
DATA 200
OK truncated
/ Frame D8EE 287 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce

Request headers

Referer
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3

200

624907996767536446
tpc.googlesyndication.com/simgad/ Frame D8EE
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDr3ZqF_gEQgAgYgAgyCFFyRh2Ouq9r
https://tpc.googlesyndication.com/simgad/624907996767536446

8 KB
8 KB

46ms
44ms

Image
image/png

2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/624907996767536446

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

484ec1c347c17d7d3b98d5058aa5d90bb5c7315f3a67f44611e902de4be50831

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 07:46:09 GMT
x-content-type-options: nosniff
age: 514643
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8502
x-xss-protection: 0
last-modified: Tue, 09 Apr 2019 09:00:52 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 29 Sep 2024 07:46:09 GMT

Redirect headers

date: Fri, 06 Oct 2023 01:04:44 GMT
x-content-type-options: nosniff
server: cafe
age: 20328
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/624907996767536446
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 05 Nov 2023 01:04:44 GMT

GET
DATA 200
OK truncated
/ Frame D8EE 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f763b65857a176e47cd5d84c9af89d31bf68a195d8775a76cf2c696b6061314e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame D8EE 16 KB
16 KB 133ms
40ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 17:26:14 GMT
x-content-type-options: nosniff
age: 220638
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Oct 2024 17:26:14 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1686300/75378989/ Frame DC54 46 KB
12 KB 208ms
63ms Script
application/javascript 3.248.134.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1686300/75378989/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1014294059&ias_pubId=pub-9501431160750931&ias_chanId=1&ias_placementId=20600109049&bidurl=https://www.tiantianzhibo.net/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0gJmoQ5YWWC90R931P9zJDy
Requested by: Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.248.134.18 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-134-18.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 5092f40278a4ea7dc668dfb480cbead9026329b474b6c30bdc47628b55d9fa65

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame DC54 111 KB
39 KB 52ms
51ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 20:02:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38477
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 06 Oct 2023 20:02:15 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231004/r20110914/elements/html/ Frame DC54 11 KB
4 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231004/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DGX-zU8SRMKTFvtFAm3rQbAj2EVgiSFyNcXN5OqHFNc_D9RiPgmOljWL-FRuqMQVxN7F-lEzIyILWIXcSAacq1p_YlIJN-AxPvl12CYXsxETJSUu5kxWlfS9DBQ0ZoZBiPsVzLxlXIEpkl9jSXdzmA_G2gXUF11Wb1HmDksnN5IU46c-4&dbm_d=AKAmf-CoEZV414lfFH0fGVpczLf06OuLEZJT6Pq2j3qGN0UmyzAzbeIsJj4x2sd04k_d-jpUnLPjjXz0oTYA8FD0LCE0RyPRvELCSd4Po_h86shyRXcsn2zBqqUDOF8oIrjUi0G7JwJsjex3USxGOJq4G2za4O9wbIhJ0TRQ2g7vFldmNpGkQx5nDaMnYHTSs-ezznuMyJLzYZl7zZsGZnhji5Xv-BiUddM6e1f2edVZOVk-mwNIm7t5jbKQcsihCgNHaP6txKqPZNhljXefS4oisOus9524LXYFwEUffj0nDFu6ma0jRy3tpeXfmc8qjE2ZbfE1Aq5MS99GPD8x3_fLqPlZL89SXzUG6t7F2k_JyH5XL9I4LEK4Yk6d2KGnX-QlVx1W0OY1Pd3CUGNGYEjAKJbAd-jQxeJAJnlLs4da7SWQxD94iNzoX26krWGqHSSDTpA002z4LpZ9FmRtPtRA-6DLSVLND-sBBnVV_A2bGYX_f1zYqOGA4LCb9nA-0GnYUofEE5NjoeEQW2fShqE5qp2mWQsYqUBpm-d-myFpMxpQ83LZfEvQv5HqNLMv7aWj7xgbAfzBssmLq2syWuMcADTkzZEAHnHuioWbyjHIHzQ-XyfqdJTCpcraCBO63HrQIQegeq1gMblekBRF8TtVVtP_DrsIXwxAgpiT4fNDQK55sg1_UXMWg80TvHvHLLXuBoA89av1OP14ykhjlNTbRnvoofhDsBDgVtcEdwU1kpmUgkx_dN0yxS_ZwpnIZMVGSPQ5qpFxwUjax3BdBPFuoOVmihe6BbDg-K8RYlbJUYBuZXmddcTREZBxg15S6aYS-_SpIjytzOhbC61ehFirygRS4g5ip6Bwp8575zd0Nlda1fFKO_2nIainKijpda_nAoIrNa46OsNaWG2V9ZVkQ61zRo1d8ZMgYqqi8GRs1eGruky_S-FLi5NJgC0Hj3hp-1cysUlWZ8iuKW0s3zkhtCzQlHpSWmdrMUHSf8ULLhTgBmqE3_riTtx389OPudqYIOQzeAc1XOdSR9HaU7Ln7Zy37rNY17QaqiJZA2Q2cNlTeuuTNVmGosSvDSmDx3NWwMz71nOOiN4UYuiX1QCoQ-jqWmgT5-69rAnY3PceKN_BvlwIV-WSss-Gej2YBF7mTD7R14HFc6FWfi9EURjq7rrh1UoLToYvu5lPU5ICCUF7JNsKi0iFXkAIg6ER0lk2bFc-98idGUvCdasLJvjeFal9iohS4KSlh41tF_CG9CaE93riD1oPxg93KwM5DcwR_Xs3SkMF64r0Xi2Nzrb34Da8HUdAz-KxXbdebqHmMdlZYa4MnCqaymj_4LJ3hAffdMjWH-PU5QmoI2bTRf_F3A69-eGtQsYMD6EEmeYMpshsRFmy5B4fzkq0A5k5WPJk26w7ApsQm7Bp1QELZ5DBoR7y4CIzGKze0l2mKj0PW32pD6qNPX9ICAXbNGaiJo_y2YUq1pH-8k_CfmIKtJBUM2Oljx_YxSL1P5HjIw7hQ_WxGSytzXDxyS22mZKw0DWlp5kf6pqc2x9GxNyCYO_clWTculYG6ZMS0jWJyAnNIRpAVE11C8TDdvOSvfxO666cYDb9sVRif7YaHPOOxvcixJUC1SNjrd-Ggn86b2zKjWDSA-sNHAlNJBwof1ZPdiy9UABpNezJ1Goa-O2XH1TECHJgM7UB_Sei53Bsy4HzyEHbafcBPWpTnV9KVcHNAsF_ypM7cOrIZuKceCujwx0N0IxavpP2R2iGVmWd7JPGKbPYKnBpdwkf_aEoPdPJUH4YzZpMHfggyqIK4Dl_yhpt0ohgrjsMDduUnswpeYhjFWVoNjNyD0dxoZqMY5sn9Eh7mf07KA-InnEZkJDm2GE7a0Mj5oPlyFOjycb2kS_0nRQyPbc_bZNGr_1bSdPvGR6VLRWA1K57_z67csgQ9AVuXKhOlMBdnLnz40xXkANXzTpl44Uxn-gw3FAGNsADFTRY0CqZ28nJUrV5xa4BUhUHDh2J3Y8J7aQmGrnrBduW2Qjtajl8zu3t1Qf8GfpdTsrMgkSr6K0qqFRpyOqBIF9hW0sA-mBnIojl_8-Ql8zLTEGXeEF3adBSzRrNBbW2ecFD09OQrh4VIZNnDxScaXsrovds2mLr3UMi_Fyf4iCAdnJlBaGSn79tDkw0llkhwFWHYEdIaiM-oHAFHul-ElE9JsSvmJHwk4EFHDwRes176nIa21ILQAMex6DFVYIx6E9Bl8uK0fj5yScbXxArUcFCf20dDhWnRdecVhjbxiI8cv3_ikwDlHLQssyNsjdeV07WKOFrVy5OJkUHrn1NgRKCHtxCbVYRSwkcJbAs-8piPjCWie8A7p9QeX2zUBWK7y6MNWuM2chs2_ZzQZC8KUX-x-AC7TJSKLZk7A1RZ5A2xtFLNy7Am5pJuXE2kG0tnH3EumxL3IY7byDaIXqTIoT1DABclY29h2skFrBtsLqvsFSfWJVbYCe7pqbfab70Xgt1DNH21L2qKr7s1Ndanb01U3yvc7D5pzw21M4fXuLRC_aTNULcFCfo5mekmufR_3UcLp41r0iZjC7uLV0_okcoUAbfOsCqkEfhv8Rq2ACT48Jj-6-JqGAQ_QF6WYybmdP7E7jDarX11IO3ESxceNr8oOhqWXVjEwl1caLrewnahXDmDsBPBRERz80BN2pvdIjXJLP2P01AlYcbnXyEfNaYha7PQ-4JmxCQ0WcjEyl7k---B5AlkHkKq99s-mxT7XgRyKED__5UxZHEj4qomzCbt_ahDZJzWA0l1o8OTWTzpyY5bc0sAzNzNRrIpfgohDIGvVweTWbuYgxZPo13nh9410h29gigqaCtsoIYeh1Nvt3DY4HVGnyxoKwAHN_BvKTtZZuLbmzTmU2ptk-7454-LGmweXs1q_yhZjm6RzBFg1YfJwlMGyX1m6sGDpsx15bFhoSwjLXs3CdwHnpICso4OrMlsO65kfO24srvCmMqHmT4bottwyWuFSoTCCueFeZq48ohZLCAyKM-sQ-owCutbLi9fbxQcYhM7CdijvMzolDZ6IVNtf9yJFem8GiKod0KZZkH6c98R8CU1s9TD2pPBaIyAynIwfhcHov6FASc6-Oio-c_2OyqWvPTMyOQMzsHV6VVOIcJmgkZp6vywoX3OHVQIqxjVlIFjXqZJ3bwC05CmeqLCvf5k_5s-99_gTB7v0qd4Pdpde_FL9IQp6ULZ1stERRK_CO2kO2cybKWLuE7Qj8HQjk066ryhl2lWnx-vG9w-ErhtiKEKvy8jz8DOqzh5v9guJYHaroLs5Tc2UCA6HsehibMduZy32YMbZ2AgPtU2Z2-1tqjxjn9wv-l1EKcdXrG5cR64yrqPy1Vz-tLaCyucC60Kl1HIcdofobfBr-E5WzvAFuDysPh9ohxX4ECZkqhXvcUDKyV1NoDgYiaaT1L4jYRFhk0MkH4ItthKLolcmEiQa64PHVDD6tzMD6vEFJWjpioJaobYsFgNcV6Ev8q9l5Pmhg5x6--3s3Io_YDRz0wL_r6NWudvZyu4ZMAM7Me57tWj4NVBFjoHOZVwXghlMFDl92DPbULM0BWRGB3W7Jd4Rj5tOJD_i-P5e0qcFHnwmsazToUYUmprNzkUDEYO6FRs9h0vW8FuPzGwha8j9Fs11Fc5m6S4WCI3HBZ8XVBf0p_fwm-XV852AbTy4alq0d-QDPw2_Azr9No0zcNmbKm30qvKBedNFM8sxrYObkQIgnXETZ1EtkLyhZZQ9xb4EOHNTRQuDvIlKtX-alKUi9m&cid=CAQSSwDICaaNiRGbKKalPii-ESszbfn5yrUlP-PKVLDqV7pdnV0cAczNUbWqcBLF2cROyhlfB-HMYpzkNO9YctcOgzy7GhrMEUTcFmfffBgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.tiantianzhibo.net%2F&ds=l&xdt=1&iif=1&cor=3193844785935651000&adk=497053795&idt=211&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:43:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61181
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:43:51 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231004/r20110914/ Frame DC54 30 KB
11 KB 52ms
51ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231004/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4fcc2c45e5c8be67198b1d2c38bef90e3373e59b91be75e915711bfa7c10d22a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:57:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60372
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11602
x-xss-protection: 0
server: cafe
etag: 2362517075893974484
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:57:20 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame DC54 41 KB
13 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 06:58:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 603908
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 Sep 2024 06:58:24 GMT

GET
DATA 200
OK truncated
/ Frame DC54 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a7c6e322c214cc37657e2b389710e2990072f76451d4e91fefdfedd9f5c8379c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6F9F 42 B
63 B 84ms
80ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BpTqP3bPO6Aox9B9--TJc5yWr1RxySs4X31TRHkqyrFCzlPPtxsertlv-2w2vZ_LWMTUVq6mfADnc8cy6SnOIwM8r1Ckg2x_lg4n1UPabqY1kUeeA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=50&adk=2281393541&adf=3669479829&pi=t.aa~a.409348236~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1696567412&rafmt=1&to=qs&pwprc=6902623340&format=350x50&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574612160&bpp=2&bdt=3197&idt=2&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D72146b1c207b02c9%3AT%3D1696574611%3ART%3D1696574611%3AS%3DALNI_MYQe7cXULIUNSNnRIY3DLAW1XIovA&gpic=UID%3D00000c8f7bb0a3a2%3AT%3D1696574611%3ART%3D1696574611%3AS%3DALNI_MZPrtGQ50n1XM-7Y80sdzsKA9pfrw&prev_fmts=0x0%2C250x250%2C300x255%2C300x250&nras=2&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=ByQlBYIbTM&p=https%3A//www.tiantianzhibo.net&dtd=12

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6F9F 0
20 B 84ms
80ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=17382607199006831073&x=1&ct=132

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 6F9F 89 KB
31 KB 105ms
104ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 06 Oct 2023 06:43:32 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame 6F9F 3 KB
1 KB 48ms
46ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 19:18:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41091
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 19:18:41 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame 6F9F 20 KB
8 KB 43ms
41ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:33:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61792
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:33:40 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 6F9F 0
0 243ms
47ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQwRy84Pjd-goEP9VP76cGPY2clMfWodW-bPMcwlDGLJbAHS60-zM_UQoI1kPUrwFWW8YrwMdW65iLAYRXGngqi5M_nGg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=50&adk=2281393541&adf=3669479829&pi=t.aa~a.409348236~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1696567412&rafmt=1&to=qs&pwprc=6902623340&format=350x50&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574612160&bpp=2&bdt=3197&idt=2&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D72146b1c207b02c9%3AT%3D1696574611%3ART%3D1696574611%3AS%3DALNI_MYQe7cXULIUNSNnRIY3DLAW1XIovA&gpic=UID%3D00000c8f7bb0a3a2%3AT%3D1696574611%3ART%3D1696574611%3AS%3DALNI_MZPrtGQ50n1XM-7Y80sdzsKA9pfrw&prev_fmts=0x0%2C250x250%2C300x255%2C300x250&nras=2&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=ByQlBYIbTM&p=https%3A//www.tiantianzhibo.net&dtd=12
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6F9F 187 KB
59 KB 55ms
53ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Oct 2023 06:43:32 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8E8F 143 B
166 B 40ms
40ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1177
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 06:23:55 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 783F 466 B
235 B 152ms
148ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMPn2QIQm5vbAhj5v7J0MAE&v=APEucNU-q6CB7rgmLsTQbwFPTgSLHge5yYZRXXXt6e7wONoT-SaQAgWVLj0TwKfKm-x2hmCI5k65bsRMxsA96xz5Z_kMJX7-mxvaKgBv-JpTPB8Qm7-nXmHp6DukPNldtHH-7q1lU9T6OBbZp7H27zM_6yS5nKTVUCRMAv_HWM1Ft3YmuRkNeEc

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=50&adk=2281393541&adf=3669479829&pi=t.aa~a.409348236~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1696567412&rafmt=1&to=qs&pwprc=6902623340&format=350x50&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574612160&bpp=2&bdt=3197&idt=2&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D72146b1c207b02c9%3AT%3D1696574611%3ART%3D1696574611%3AS%3DALNI_MYQe7cXULIUNSNnRIY3DLAW1XIovA&gpic=UID%3D00000c8f7bb0a3a2%3AT%3D1696574611%3ART%3D1696574611%3AS%3DALNI_MZPrtGQ50n1XM-7Y80sdzsKA9pfrw&prev_fmts=0x0%2C250x250%2C300x255%2C300x250&nras=2&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=ByQlBYIbTM&p=https%3A//www.tiantianzhibo.net&dtd=12
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 06:43:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 4CC9 7 KB
6 KB 166ms
80ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fc5aaf324d93d80d48f715eef3035a4fa6c18f22403121725fdfb3fdaa046ed6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5717
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame D8EE
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=COS8wk6wfZZ6OEMCu78EPs7KpwAe9jaavb-fNr6y_DorRo-2-ARABINXnzl9glcKmgrAHoAGwuqHXA8gBCakC5TzTeR-xsT6oAwHIA8sEqgTZAU_QRL8v_G-nv3bSVldCKbuwKZ21F2xf_Fp...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2212472378881030305300%22,%22debug_reporting%22:true,%22destination%22:%22https://kayak.de%22,%22event_report_window%22:%222...

0
0

162ms
75ms

Fetch
text/css

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2212472378881030305300%22,%22debug_reporting%22:true,%22destination%22:%22https://kayak.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22988306736%22],%224%22:[%2210-06%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%227920051722387263953%22}&andc=true

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:33 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"12472378881030305300","debug_reporting":true,"destination":"https://kayak.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["988306736"],"4":["10-06"],"6":["true"]},"priority":"500","source_event_id":"7920051722387263953"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 06 Oct 2023 06:43:33 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 06 Oct 2023 06:43:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"12472378881030305300","debug_reporting":true,"destination":"https://kayak.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["988306736"],"4":["10-06"],"6":["true"]},"priority":"500","source_event_id":"7920051722387263953"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/11949286355477378158/_export/ Frame FC0D 137 KB
23 KB 45ms
45ms Document
text/html 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11949286355477378158/_export/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b59df8f9102ba4d4ccf63c5026e2d85bee8cf0d226d68e20bd9ae010c146469f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 86577
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 23864
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 06:40:35 GMT
expires: Fri, 04 Oct 2024 06:40:35 GMT
last-modified: Fri, 29 Sep 2023 13:23:30 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame DC54 0
0 85ms
84ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv4AF1Ye6zmnedzFS3QPawTL3ZYWCjey9_xcKzNqlNCw31pUpiqNDW7l5wxGK5wgbYh6KwPN2PzfZyD3gxmmyDb9txIfYsrXFCKw04dhbf30E1L-aB5qozIFlS6XlG6Z4JHWpwobwPI0LfGh8iX3mtbvarIA84R5skCQ-B1fEEGjoPgK_TodN1rob-2jRJyITM0LMXFrL2zQHo2cC_Kr_CjEcJxEvNtrZpTi_ISOr_Mf_pfKzehhyde5_o3f5iYiCQ1q0xjt1OZkEvbQsqri--gvJsEzcb0n6XBFScrHW7kFVscZEDdG1ZqH5WP_uz9MbzbW4NZO7srcedlw5b7HFB-TIL483XyG5TnIop_X_KZVrrb9Btkt6TWxLIawXHMwKD4C6UchIGASBxA9aaDdvGJKlvGLgWDmXvq0tULG6-uGYgleg6bUivSgDiIqgg5tV8ocnJ2BrvbO0wfB5SfOWZfLtDwJDDfO1wkYi1sxBBXWyHGht6EcivW1SvMftPQQeGB6lGX9sVwkM362-scdT67akU7pGDQqrwS2LZl0NWB7JJkCsuZWtIwSBMitNuLpow2Ry458nCbzEtnNqpPjANEKEdnPs1KoW0xei05Sq9rFeiv3pSFlXIMmSmJM5ow8ZmK9iQYY56Hfkc1RNCBZaolqB7MAa5MJlKYeZmDvoOMcJ0Zmmw37lLnJQNcaU4dOkoltrYwioAIVplYSJJGuyyy3iXV8_6PJCwytPBsGvmSfqBab2egnkUZ-M0SYHSmZWOAJvlTdDgkA1WRaoGMyayD7ZVxnfyQeiRzj93u0GB8mj7d4JOBbDOj-EVGxM9lh2sn6QSTLTzGAqVYTGrhtmtRKAlARq7KRtW8hggG77ZYlHtgMoznuyTbH0L1QK6GFql2F7pqSj_MweYdkYIyVcdf6PvlX27np_oL-et7OwaJ60zHDASxNge63-ZWvpAWem8A-S61IyV2oHSrVm3xjrgRPfNC5aO3Ka-Ji9LfuaUHoN6DYx3qZ7aRjBNBQUtNiMSvI-Wbk4lhw_epAXk7zMHwhqKS9TsgONzSswa4gFcEicfGnxKNd_EQkkWspfv_n2l9rm_zpvzhFedpEVhNa7z6mFOZJtXJHi-pG7kJjiqOBskDWQYmKW8E_bHRTNB4pmGhSSCC3IRRpol4kn38I7FsV5ssDUt19BKNF-_87kVo_qDty-QRnUAU9Gdu_wEsSHzYNWDrjkNOg8TMEVb367YFVrGoaUEA2bQPvZ6cNpS0AHu9-f2wPKy7paO1jqpgG5msqqIFqT1rcuZAcsiQ47hOBto&sai=AMfl-YRdSeEIhU7b_vZL_F3FAUbLubKlGP1NasaK30BSE_ETlGh5vuC9zMso4NloAWc5w99nqxEs1Wk7UXoZ9uAtRMl7VsSMD2j_S9KkxguiSlw7WYWf3ZtKED6ndvsIVmk9HoWYk5LP57bzIqrtTdkZywZXXGze5h0fRcIsKgsJlBbJaor6rd77uZhW53IpSTyrO3TRfcflij59R-eCOYszMhXkSkZfG8Jd1834ll6REZeUSzPhktCJ0-BYNq6nd0kaQkmKyMLdu9qROuGwFor20IJo4Wt3PbSb&sig=Cg0ArKJSzLkKj13vhvNcEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=169&cbvp=1&cstd=166&cisv=r20231004.38557&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 06 Oct 2023 06:43:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 93656
tags.bluekai.com/site/ Frame DC54 62 B
572 B 554ms
187ms Image
image/gif 69.192.160.219
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/93656?limit=0&phint=event%3Dimp&phint=aid%3D6531095&phint=cid%3D30606763&phint=crid%3D200172151&phint=pid%3D377231986
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=255&slotname=6950575133&adk=1536346496&adf=1801062927&pi=t.ma~as.6950575133&w=300&lmt=1696567411&format=300x255&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574610952&bpp=1&bdt=1989&idt=275&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C250x250&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1070&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=Q746UBZpGo&p=https%3A//www.tiantianzhibo.net&dtd=279
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.192.160.219 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-219.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date: Fri, 06 Oct 2023 06:43:33 GMT
content-length: 62
bk-server: 70c0
content-type: image/gif

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 7D8F 22 KB
8 KB 45ms
45ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 60840
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 13:49:32 GMT
expires: Fri, 04 Oct 2024 13:49:32 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame A337 174 KB
63 KB 149ms
49ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c4cc3a5b356106ac98447f631b84e0627242c322110a3b825ec192f19987c326

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:32 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64036
x-xss-protection: 0
last-modified: Fri, 06 Oct 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 06 Oct 2023 06:43:32 GMT

GET
H3 200 bK4GZl0mtHPwIamiN73ahbbApyVSn2vIx_eFPB1ZZt0.js Show response
pagead2.googlesyndication.com/bg/ Frame 16BC 38 KB
14 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/bK4GZl0mtHPwIamiN73ahbbApyVSn2vIx_eFPB1ZZt0.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6cae06665d26b473f021a9a237bdda85b6c0a725529f6bc8c7f7853c1d5966dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 07:37:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 83177
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14735
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 07:37:15 GMT

GET
H2 200 link.html Show response
track.webgains.com/ Frame 3C9F 2 KB
2 KB 554ms
109ms Script
text/html 13.43.154.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=26684500025699504444554012469019&nw=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=250&slotname=8918672040&adk=3624264942&adf=1402206701&pi=t.ma~as.8918672040&w=300&lmt=1696567411&format=300x250&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574611326&bpp=1&bdt=2363&idt=1&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C250x250%2C300x255&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1860&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=EPXkxXaWoy&p=https%3A//www.tiantianzhibo.net&dtd=4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.43.154.56 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-43-154-56.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: bc453cd657a49e4036098010b9a87e348ce83be958449f57a5e27ae7efe851df

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:33 GMT
last-modified: Fri, 06 Oct 2023 06:43:33 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Fri, 06 Oct 2023 06:44:33 GMT

GET
H2

200

activityi;dc_pre=CImkkPno4IEDFbFVkQUd5HwL1Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9970179360259.533 Show response
5994599.fls.doubleclick.net/ Frame 04CC
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9970179360259.533?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CImkkPno4IEDFbFVkQUd5HwL1Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9970179360259.533?

391 B
326 B

94ms
93ms

Document
text/html

142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CImkkPno4IEDFbFVkQUd5HwL1Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9970179360259.533?

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

cafe /

Resource Hash

ef8672ea195e04ae64b3cbe2e42070bc9849ef827be80218e33b6d5dfcbd65b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 217
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 06:43:33 GMT
expires: Fri, 06 Oct 2023 06:43:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 06:43:32 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CImkkPno4IEDFbFVkQUd5HwL1Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9970179360259.533?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900019.redintelligence.net/ Frame 13AA 7 KB
2 KB 125ms
41ms Document
text/html 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900019.redintelligence.net/request_content.php?s=26684500025699504444554012469019&a=9248d12c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=250&slotname=8918672040&adk=3624264942&adf=1402206701&pi=t.ma~as.8918672040&w=300&lmt=1696567411&format=300x250&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574611326&bpp=1&bdt=2363&idt=1&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C250x250%2C300x255&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1860&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=EPXkxXaWoy&p=https%3A//www.tiantianzhibo.net&dtd=4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 8f41766b1dd9ed6325c83edeac764689f9d8d4c4a839faaef543806c6dcf1d2c

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2062
Content-Type: text/html; charset=utf-8
Date: Fri, 06 Oct 2023 06:43:32 GMT
Expires: Fri, 06 Oct 2023 07:43:32 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame 3C9F 221 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 87e8aa8992fa3dba3f33e62499636b649954671bf3a736cc8a1aa3cd581ffe7c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3521 0
0 79ms
77ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstntSA0fdjGMmeCnFRxcw8BqiUawDJS0reyCFEiKfLoY5L9A7AU5KC2k-_fv1TQKR5xzwbBYrAP128KaFS8YPh9IOxBm3YzmgoBcEvZ4I1tcy3y8VdCbcU7ANl-sENSZh3S7ToZFa7EjrCI0WzelnzZE18XrZcePfx9UirCjD4cgnAvw3adGzzSDBfEivNQd4ngPMqR7LoXx7B5ZzXGib_4kMBbobNq59mumogn_a8TIGzSyGn5G_OBF7nkr_Z34luNUOiyDEiCW25FP8eVmrS5725xhMCqa9NdVkVOD1xsEu0HqHUZBKyoKI4PSFKx9Abj96QdX5lG1wnvuoE62-ix4NwHIiMV969pSM0zdmJiHLF1sjL0kZ19x_dzSqG7xClnKAT1UW2CQe49xR7rQCM130ZHfr8pMm2NCm3DL10RIB8kc94MdjaVnHdtH_2vUk343Q2cz4mEBp9jCYAmGY7Q_q07RvoOU9AvnAgVHRZNl_zTGYJ5wgH4e8ouynvvOvRd-pYMZhOsddzAMBveqwyJMyI1512r5wbLfgt6p7eBP4-Ui0W_OvVan7xjlqPRh5EStGXHxdD2oZmUFzILc5IKMLPHWQfxm2VuZOc5VlY1SXB6b89MmOUzKbFsDaBp-KSoER0zcAorxXZV4X0EzNBhmXOivKR5ahWTAwwWQNh1X4BjZ_sTmpAsEkp3Y3qSKnQeuPjEqF8Giz3bAq6QqVBV2I3e0YWVsf2Y263U1of6YkCoNLNAQeg2L1TBO6BegINX0u18xVAlid4Z-jnL2_0ChCpppLF0AF3NL1KV01B8qJsFACMR0WIxDPqi8uz0bVXkZHCw7m3N8462DJY61Kv-4YYqRN_zJCr5h_q-XynfIQxz0FkQdrSMqX5-R2qJuF9CS_JcSXb3-UCtSrqDwswibU2MkfwC9zsZ85DgRSlkgDCLqwFfzucPmLKHfoL8wsjF77U7AZL_OiVMZVGx6PlwQt4nQEzsX9BdLFVZm7J5_a7OJKZv3ljm2yhFVVuigcbJMJXGyJDlkyATLuF0lvnUCoHHTiFoP3zJzXNSMqvCJ559PIbBbGZBTxndulxa7WZxpmR_FZM7hCodqLO4_oVbugYbYPkcknI1vq8R7skxBdFJim0hYlHipL6E1ZratQHtFjZAm1gdNrvJzf6QQePy_TIrsNh2HgA8oBKQ07eBF5lqGWouE7UNSutizZHdlo-f43QQy4yJT-TLquRNt07EdcoPlb1EGLVPpksqb3ZvMPCH4Rww5EfTsyEA&sai=AMfl-YTMkzUUCeOK6rTtpcItlAWWb5YaG1jc4X3z1zHZewIc7pJ8UQPiIJ1AwGch4s5epT_zBWXa2iRW3HUsJr7opdU3AOTHelLj_lZ1MZa2k3ls-3c0V3FYcv_ab3_spCDaL4T2fSjLt6h90hQeIPuG9OY0WsTE6-DIcWscpHdcep2kDd0kQc0FSqNWJ2v2FBwpLENLDrGmsFoUxW9CH0N8D5E-v5WVRE-qmjwkfGFoaVmlwWfwbunyV9qmZYbVwHPdUjWRMtAdathm8WEyoU0LDPbMLMvkrlxQacdXPMkFIH9lUeZ28LTskCIG1dNgAEjsYkjO-pAq_cN10sHv2i09R--pHKLLpzdfa4s0EnSymYsGWIuxSfNaV4Ha-Vw4oWNqDBkrt3ZPOaddNXxbJ_zHv7tNqEobouhXxVqJf2ykY3xg3sotWZAbXq1RRn5hUPQqx6q7VNrNYQS5rMFwb8e4IU0bGlqQa1dna-w5bSCh&sig=Cg0ArKJSzMSvvsK_ZnpcEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=861&vt=11&dtpt=601&dett=3&cstd=251&cisv=r20231004.37341&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 DcmEnabler_01_250.js Show response
s0.2mdn.net/879366/ Frame FC0D 32 KB
11 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11949286355477378158/_export/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11949286355477378158/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 07:13:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84610
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11558
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 06 Oct 2023 07:13:22 GMT

GET
H3 200 style.css
s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/css/ Frame 4CC9 24 KB
3 KB 47ms
47ms Stylesheet
text/css 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/css/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/js/initial.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15179e81f131befdd6e603ba3ddca00b8cc4e43aa70583d9e7b41fd56698ebbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/creative.html?e=69&leftOffset=0&topOffset=0&c=fQU9Qgy5vj&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 13:26:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 234997
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2812
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 10:56:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 02 Oct 2024 13:26:55 GMT

GET
H3 200 jquery.textfit.js Show response
s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/js/ Frame 4CC9 3 KB
1 KB 52ms
52ms Script
application/x-javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/js/jquery.textfit.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/js/initial.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b818254dfc983fb2732ecfc54815327606434288e6eb0c0c0b7e8523e14b6c9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/creative.html?e=69&leftOffset=0&topOffset=0&c=fQU9Qgy5vj&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:08:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 59690
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1127
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 10:56:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Oct 2024 14:08:42 GMT

GET
H3 200 nhdynamic.js Show response
s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/js/ Frame 4CC9 44 KB
6 KB 50ms
50ms Script
application/x-javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/js/nhdynamic.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/js/initial.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c599f96659ce07649e90b86b90732f1293b042e212423e7366794ada841d688d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/creative.html?e=69&leftOffset=0&topOffset=0&c=fQU9Qgy5vj&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 08:16:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 512808
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5782
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 10:56:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 29 Sep 2024 08:16:44 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8E8F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

54ms
54ms

Document
text/html

2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 06:43:32 GMT
expires: Fri, 06 Oct 2023 06:43:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 06:43:32 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bK4GZl0mtHPwIamiN73ahbbApyVSn2vIx_eFPB1ZZt0.js Show response
pagead2.googlesyndication.com/bg/ Frame 6812 38 KB
14 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/bK4GZl0mtHPwIamiN73ahbbApyVSn2vIx_eFPB1ZZt0.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6cae06665d26b473f021a9a237bdda85b6c0a725529f6bc8c7f7853c1d5966dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 07:37:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 83177
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14735
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 07:37:15 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 177ms
75ms Preflight
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 06 Oct 2023 06:43:32 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET

partner
sync.search.spotxchange.com/ Frame 783F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEKzhXH0WJ7SUn5X9MB5TIyM&google_cver=1

0
0

GET partner
sync.search.spotxchange.com/ Frame 783F 0
0

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58269/ Frame 783F 0
125 B 149ms
42ms Image
text/plain 3.75.62.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMPn2QIQm5vbAhj5v7J0MAE&v=APEucNU-q6CB7rgmLsTQbwFPTgSLHge5yYZRXXXt6e7wONoT-SaQAgWVLj0TwKfKm-x2hmCI5k65bsRMxsA96xz5Z_kMJX7-mxvaKgBv-JpTPB8Qm7-nXmHp6DukPNldtHH-7q1lU9T6OBbZp7H27zM_6yS5nKTVUCRMAv_HWM1Ft3YmuRkNeEc

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.75 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:33 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.75
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6F9F 0
20 B 74ms
73ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=433887507040&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6F9F 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=433887507040&version=m202309260101&ct=132&x=1&cor=17382607199006830000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6F9F 91 KB
38 KB 86ms
86ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DdFHsNgzSizODaF0byW0SwhKZ_1H6DW43R48IIn_DvitbokaDbnBgb6dpAhqr533kZo9FV3IWQrOojWUOCG7bhkYjBqfBOg0RR97FAViyxe0WyUoPk2wMMwfmWaGe1H6gPicB8_UQh_YOaErBVfxGOiWoElGjzKCw5ujvejLVSV35Pf9AhAfzrNi4LGDTynM3Tl02E&cry=1&dbm_d=AKAmf-BtJuH4hjZVnH_wkpMnFU7ZmKJQ2czK1SuBsa2hvfilFCTZ9oosP3WGVV_D9ChzJFKbBwlPJD8u2jyeVPzziZUibyjavyHVoTkl73IWKwdV0nJdxDC_32nuKhlnFwXEirOHscR3Hf1CAbdDwT_cfU84bqmwoLk0-IxMFtdxsGSsGbT9jumiQs7vA3C9ce9GDYmSrJO9GXX3YjWfiu9aLQ6CI82pjb3VnprNyFmWmsxC-wzT6ZoxPNMTgcHIsuPOnPcWq8Kmxw7r3MKn3OAa1ONFa-2H8NcfZO8-vhohZ4gqmMxJR3Lg1lw3te794g5UCq5BkWBazimb7_tlxby_pgfHbsAdP7A8znmitC1GL24DYgAWW7WLz0j6zFESNquyJEdhIfy7rbGk5f-f8hjild3pxJYV8zlN1cMKCV3hzceolPDI8ggNYFEbV1hojsuYYe9UWlhyWydpq80JMg7DaDXW5tpT61uwoBJ_IkQ5k3sNFsDqz-7nG-143jj6ZC7SysEbeO_33TCaIuzgUemN_RsJi7OGqlbRfsmHtP5P2dU5lrLMw-nhbhqVjxG4iaspHHECTPLqEprcDMfy08ajzexwJ5Hr2A9rQOaHT5-Zb8N05sof7VNU3UPolPbhke7fKsnCDLb3cjqMNx08SIGcP4lawaz6nSZpUppWqujJExzmoltR2ZBMit5cBs_Xv620ifhtqdRgu2rzkQM6AFdYuiHx-PSogV8tVoStTmxkZVPRpNISbFe-jYE2_N7oycMFoW8ddTM0NjUg1r1LF4lg-rCwifeizrdeZco661lFdcht-SoBx0ysj-rwUjwMAvm88jQYCZiQifIIOMHTiMlW0afWvWx7bCIRLgC1SesnpWtHG4hzNbsNb3i7N9aP08EZ8HCm6g2VX_5cTwX-MNd0OL7b8b-VhPwhN1P8sMOeJD3wDU8Tga7gwnuV5naxFgYG40oLvn4WAlGRS3C3a-9GlX2nkZEcj2rFpyqaCM6f9MysLQiCO7niys45gSSlzt6jM32k6dbj9zQQQFehxfpC6Xx9iBsOJGMKZAW2gqu2029fQDvItZdihPA4HlBMUZzZ_nMaNzCQorcVGiW9fbtILlLalPGGtChakKO9OSCCkJ7aCn9QSvvQ2m1M7JKMqp152w06i7nz-DrdER7PqppP3ymZiYt31mfHL4Lq_tjkhY6oiKktxBKjyLfaiiK5UZzVBt1pTNXyfXFu6b6OHTb8AzSsHqQIa7262dc3-hdJQHLHBe9YUQeBKlp79V_or_UzYVNOWS1f81Ug5zkkdKJsnB52n1Ag-_nRrsoIqHwMkTa0t9nbqN77vl9B0hIZ-0WeokAbrXnEb4PUxe2DQqXmihiJKeb_mJ5pMWtt4woNoZOXlt2zARnOcPhneiOAqqiGeuFga9tuM_YS2RyWE9uPwK7akt52yM0Zjeoiu8seAFqHtUeqEccMcUN9OnOOgYCwkC_hHJZAnoFIzfrnvzUJxQGnGEnfKUp-LGbuxoR5taCAGEyzdj9jRxWHw1b143KHyGItg-GQPec5wFJLbmQrIu74EsvNxGVKW7pMqek1AbdBwBQZxaB-UOJUMfylhUGn5qOH4hdvfBis_Ln4E7w806M_QsPYjN6KZpg_F6Wgm4o92yL--n_gtCsVaICXnHkO_vUaFgabXpacOuIBxJZZLqYz8-ymAsvQG-ZbW7Nnjvp9H6jD2UI_l8tZvzQoQ2Fl9MCrUpimK6QFPMgFfcaX_KLBP0dCbQulRyf5kUSoFq-A0exxXoteeNA0butUtNjVCRX1owxsxM7XEWd7NkAmbt-OKwNaci62vUJvQbhGv8x9wxZvku8QkiHrJ1MxOOVtnbEk1bSJw_YjFWnmpTW9GAZYplYbfCkCf74FRqoyV319szoKAWUSBHDJDBUt9N_BbIUL8-5XqzAazErAAr8GeUn9EL7deNyqsUbv0JvD5A_GwOqU--D_tuQ7JjWUmPOC9GF2NWGRws8WkJ6l2_aYqO9aCxJyFBo_S48_X9t3B5JWHJmdtVSPF3fKxxmP_TCskGQROiUju_uCSgx3EDPvJP6XGpxomiGboKUbXIuOP8f2JGqJKjgSvhvIP6besvbvNrVVz8g8qXJ5EfItBejr0czsEz3SCh1cjwCUW6JH9PuOhCnNVrCEmxXkB56Zw4sVu8mbiVnmG8bmjlRHnjPV9TSQVrBma5pmorrgCvx_6q-augTdJ7249tvDjrfIuAWeVBYl-T2XJgEsCaYexJW3MxvXlH9NhZVM_q1bNR0y3duuDNLh8QJyAmlUKn8nhVsa624RDPn4H5Tlxsd1in0-WxRezrGm73679hyCRfjHMUif4k9L-nCAQuR8A7G3hIF35cCgKIC70iZUBkHQCxFWNOJShfd0O4Rq31tahmF-qVP-xqz4MWuTuau86PdGtArK6G7YDHpeg1hTm_W6rosHLauoPcixfjjXxcv5yrn3W-fgB8-x-_ydY5aiY8Rxiemf4Yjcj4EoG77L9Nwiv7p_fLLC5FtnG9EXEgQB9-jfgnJbSesYmyzCxZY45Qt0n1O-vWaQRCDu3vyckLsB2E1Qq0XfvuwM64n1fWm3gIxoh5vd2k1tnxLaIuFszfUCr8viQ166IxMY1Pr3wgqOcXOSLI4QEBuQFujDJGOBntX9gH84TuXIxvly-2Hulu1mC8zusJIsQVgW5JGm3rT0NYTqhDL7fxCF7_41P7PRS1P34xI-JD3156KwI444_ih8Go1N8kZMbUcLhreaOiAHoa47YK3UbmG3UqrSP0H2dgF8ytpRtNcj-IFu8wNUf-023-MbNG9DxDLVOW5MzQpimIFhM7U9jbM0mROPAUVHl7tv0fVnyP48mxQz8Nzxy5DmkIJoWT6n3Ufoe4ajiVME-GjW3GFklwzQyNseTa_qaTOjcA6bz_WTb_wNKRKQnyIW-2j3lz6a5t_vSLLQ5M6DPU-4u4SwoFef__27d-gs_4I0V5FdmDg6Y9MK5O-H48JiT67VhMHWL_XE1k_A92KSeFmaNk4pJpH42h2g-zZwrTuDFE58E-OLvHUOgS5bmkPYknXzA5q_UmTVWK-Iwr6WQHWnmP86Htsh0XUWr_TqtCdCACFT5qj4W6eYz8kvgyFMb0sVzSqSKYfsi4uiB16gI4qrQI-a_h43nOz1fBOS0ngob_oCH1ooNkIFAiIK3ARu7P-5RBe5Wzr4lqW8kwHShezUFThV7LxfxzNVzy6_KhQRw-i1GikkX6W0VgwJs_JPOuRtm3SxKnwM09WJdeLnp_rTzHB1qoTBHmLodG9gSYuIKEeQWzMVdMIfi4L8bd0HDmfmLRBIS-Gpps40hVkIQ5jlsJo74HDFRM4nEa6J8eIVy-WXJMPc9GW-AzL2h7AIU5sctkur4_vJiiT4WmEcKbqGNx3395vFoaWtvLmLXAPR8_zPcwWxEbSaMqy2UJfVtJPlIwe1dPVQQ6mcOIt6fQ-RPTUB2RFUqrs46YS6bQZ3mvaHhZbUF6i9qF9FOiWuLF1kHGjj41sw3D-cVoiTjnUjVlalX_oW3CQfTF7PQqirEagP5uiaBobIIN-zTSclqSG7F8k37Iz-HXaz3RWFj928XrAV-FJn3gkYB40h5W-HF72dbmoi8WB-_tdkLWRZjzdJAohqRFXNAcFIT2VMTDLbe_LpcSM_e4C6B0P_auSFYxrkwRsH8WQl61T_A2tjqj_MDNE8_rNtXPfgwGdZOqm7eiz-TlCFdXhuf2V7T_CAylthJ0A2ESRcRK1mXjC3Emz6a_9NVCxWJgCUqAuscgDFwGAZj_OjTqotLn4cWk9jioTan3msMIiAihutgLGBXwFaY8o0FX-xvaELYqKxqbGDFccBTMqv5PaC9HlLJQFqpytPqUugBCicqaY3CFYSHEv1zX2R2Qel8MydEmHH5O2FK6tBZGUMgLVmndgfXUoly_lFInTrcBrKSROsGDmvG9XaIpT3E6ONTx2td8J1KOj6sh_xCiOWMryBOgpF9TRMFjuBRTNGeyLeDFFq_OWQuth5Q0Mn_UWC&cid=CAQSOwDICaaNzUFocCty1ANNFSYfD98vyROZEkMpkJBOQ0yKYDuLjEefQmjGxYpaMm8L3oJLqkd68Je_ZdT2GAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.tiantianzhibo.net%2F&ds=l&xdt=1&iif=1&cor=17382607199006830000&adk=2228999115&idt=192&cac=0&dtd=13

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

288b76ecee7dad7a622743ee94c2d0b673137f1bdb4f9246d5899bcd980899d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=50&adk=2281393541&adf=3669479829&pi=t.aa~a.409348236~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1696567412&rafmt=1&to=qs&pwprc=6902623340&format=350x50&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574612160&bpp=2&bdt=3197&idt=2&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D72146b1c207b02c9%3AT%3D1696574611%3ART%3D1696574611%3AS%3DALNI_MYQe7cXULIUNSNnRIY3DLAW1XIovA&gpic=UID%3D00000c8f7bb0a3a2%3AT%3D1696574611%3ART%3D1696574611%3AS%3DALNI_MZPrtGQ50n1XM-7Y80sdzsKA9pfrw&prev_fmts=0x0%2C250x250%2C300x255%2C300x250&nras=2&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=ByQlBYIbTM&p=https%3A//www.tiantianzhibo.net&dtd=12
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38544
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main.19.8.439.js Show response
static.adsafeprotected.com/ Frame DC54 207 KB
65 KB 170ms
55ms Script
application/javascript 2600:9000:21f3:f000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.439.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rjss/st/1686300/75378989/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1014294059&ias_pubId=pub-9501431160750931&ias_chanId=1&ias_placementId=20600109049&bidurl=https://www.tiantianzhibo.net/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0gJmoQ5YWWC90R931P9zJDy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:f000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: efc2b5f3cfb42ac86c11900be6091d645853af46ab4f01bfba7280c3ac37ae02

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 13:42:57 GMT
x-amz-version-id: jxULgCd28jZVPRI.j5D8yH73I4fVMdj5
content-encoding: gzip
via: 1.1 ec9e3bc729d9c6d55ed32446408ad62e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 4986037
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 08 Aug 2023 19:01:42 GMT
server: AmazonS3
etag: W/"f00fcc2e1b804b8a3edfbb8cb19bddaa"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: 4lJkxFr7DED3XJIHhGeOyRXysIkIg8rhQTL8iq-bX5usDUcK5oyBQA==

GET
H3 200 bK4GZl0mtHPwIamiN73ahbbApyVSn2vIx_eFPB1ZZt0.js Show response
pagead2.googlesyndication.com/bg/ Frame 7D8F 38 KB
14 KB 41ms
39ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/bK4GZl0mtHPwIamiN73ahbbApyVSn2vIx_eFPB1ZZt0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6cae06665d26b473f021a9a237bdda85b6c0a725529f6bc8c7f7853c1d5966dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 07:37:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 83177
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14735
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 07:37:15 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 4CC9 17 KB
6 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 06 Oct 2023 06:43:32 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 13AA 5 KB
682 B 49ms
48ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=26684500025699504444554012469019&a=9248d12c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 06 Oct 2023 06:43:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 06 Oct 2023 05:48:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 06 Oct 2023 06:43:32 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 13AA 12 KB
12 KB 121ms
41ms Image
image/png 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-1200x627.jpg
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=26684500025699504444554012469019&a=9248d12c
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 5eb26501db1161e7014ebc2f284c78e58b229c75e3da2657793cec571678cbe7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Fri, 06 Oct 2023 06:43:33 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 12180
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 13AA 12 KB
12 KB 147ms
42ms Image
image/png 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=26684500025699504444554012469019&a=9248d12c
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: bf4fe5a423509c3b94effef6a514afb7b6a5c64776cb359e923613e39a9e4899

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Fri, 06 Oct 2023 06:43:33 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 12073
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 13AA 7 KB
7 KB 152ms
41ms Image
image/png 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/71572/creativesup/iQ_Online-Deutschkurse_1200x627px.jpg
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=26684500025699504444554012469019&a=9248d12c
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 507ec173cf6ed9d4c318291e6568c3e1601c8909169be4eebb239a3122dabb45

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Fri, 06 Oct 2023 06:43:33 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 7343
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 200 GothamNarrow-Bold.woff
s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/fonts/ Frame 4CC9 80 KB
80 KB 45ms
45ms Font
font/woff 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/fonts/GothamNarrow-Bold.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/css/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a7b3c6dd66c88e7db6eeb6ca64342e2256a61bcd96889b2f6337aca61a0237a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/css/style.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 04:34:09 GMT
x-content-type-options: nosniff
age: 7764
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 81884
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 10:56:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 05 Oct 2024 04:34:09 GMT

GET
H3 200 flecha.png
s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/images/ Frame 4CC9 1 KB
1 KB 98ms
98ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/images/flecha.png

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

316c626585650b118dc2ca02a311b72962a5d160f89a3b686a942548cea022d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/creative.html?e=69&leftOffset=0&topOffset=0&c=fQU9Qgy5vj&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 04:30:09 GMT
x-content-type-options: nosniff
age: 526404
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1035
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 10:56:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 29 Sep 2024 04:30:09 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame DC54 0
0 81ms
80ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv4AF1Ye6zmnedzFS3QPawTL3ZYWCjey9_xcKzNqlNCw31pUpiqNDW7l5wxGK5wgbYh6KwPN2PzfZyD3gxmmyDb9txIfYsrXFCKw04dhbf30E1L-aB5qozIFlS6XlG6Z4JHWpwobwPI0LfGh8iX3mtbvarIA84R5skCQ-B1fEEGjoPgK_TodN1rob-2jRJyITM0LMXFrL2zQHo2cC_Kr_CjEcJxEvNtrZpTi_ISOr_Mf_pfKzehhyde5_o3f5iYiCQ1q0xjt1OZkEvbQsqri--gvJsEzcb0n6XBFScrHW7kFVscZEDdG1ZqH5WP_uz9MbzbW4NZO7srcedlw5b7HFB-TIL483XyG5TnIop_X_KZVrrb9Btkt6TWxLIawXHMwKD4C6UchIGASBxA9aaDdvGJKlvGLgWDmXvq0tULG6-uGYgleg6bUivSgDiIqgg5tV8ocnJ2BrvbO0wfB5SfOWZfLtDwJDDfO1wkYi1sxBBXWyHGht6EcivW1SvMftPQQeGB6lGX9sVwkM362-scdT67akU7pGDQqrwS2LZl0NWB7JJkCsuZWtIwSBMitNuLpow2Ry458nCbzEtnNqpPjANEKEdnPs1KoW0xei05Sq9rFeiv3pSFlXIMmSmJM5ow8ZmK9iQYY56Hfkc1RNCBZaolqB7MAa5MJlKYeZmDvoOMcJ0Zmmw37lLnJQNcaU4dOkoltrYwioAIVplYSJJGuyyy3iXV8_6PJCwytPBsGvmSfqBab2egnkUZ-M0SYHSmZWOAJvlTdDgkA1WRaoGMyayD7ZVxnfyQeiRzj93u0GB8mj7d4JOBbDOj-EVGxM9lh2sn6QSTLTzGAqVYTGrhtmtRKAlARq7KRtW8hggG77ZYlHtgMoznuyTbH0L1QK6GFql2F7pqSj_MweYdkYIyVcdf6PvlX27np_oL-et7OwaJ60zHDASxNge63-ZWvpAWem8A-S61IyV2oHSrVm3xjrgRPfNC5aO3Ka-Ji9LfuaUHoN6DYx3qZ7aRjBNBQUtNiMSvI-Wbk4lhw_epAXk7zMHwhqKS9TsgONzSswa4gFcEicfGnxKNd_EQkkWspfv_n2l9rm_zpvzhFedpEVhNa7z6mFOZJtXJHi-pG7kJjiqOBskDWQYmKW8E_bHRTNB4pmGhSSCC3IRRpol4kn38I7FsV5ssDUt19BKNF-_87kVo_qDty-QRnUAU9Gdu_wEsSHzYNWDrjkNOg8TMEVb367YFVrGoaUEA2bQPvZ6cNpS0AHu9-f2wPKy7paO1jqpgG5msqqIFqT1rcuZAcsiQ47hOBto&sai=AMfl-YRdSeEIhU7b_vZL_F3FAUbLubKlGP1NasaK30BSE_ETlGh5vuC9zMso4NloAWc5w99nqxEs1Wk7UXoZ9uAtRMl7VsSMD2j_S9KkxguiSlw7WYWf3ZtKED6ndvsIVmk9HoWYk5LP57bzIqrtTdkZywZXXGze5h0fRcIsKgsJlBbJaor6rd77uZhW53IpSTyrO3TRfcflij59R-eCOYszMhXkSkZfG8Jd1834ll6REZeUSzPhktCJ0-BYNq6nd0kaQkmKyMLdu9qROuGwFor20IJo4Wt3PbSb&sig=Cg0ArKJSzLkKj13vhvNcEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=438&vt=11&dtpt=269&dett=3&cstd=166&cisv=r20231004.38557&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 6F9F 172 KB
60 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 12:29:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 65662
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 06 Oct 2023 12:29:11 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231004/r20110914/elements/html/ Frame 6F9F 11 KB
4 KB 60ms
60ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231004/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DdFHsNgzSizODaF0byW0SwhKZ_1H6DW43R48IIn_DvitbokaDbnBgb6dpAhqr533kZo9FV3IWQrOojWUOCG7bhkYjBqfBOg0RR97FAViyxe0WyUoPk2wMMwfmWaGe1H6gPicB8_UQh_YOaErBVfxGOiWoElGjzKCw5ujvejLVSV35Pf9AhAfzrNi4LGDTynM3Tl02E&cry=1&dbm_d=AKAmf-BtJuH4hjZVnH_wkpMnFU7ZmKJQ2czK1SuBsa2hvfilFCTZ9oosP3WGVV_D9ChzJFKbBwlPJD8u2jyeVPzziZUibyjavyHVoTkl73IWKwdV0nJdxDC_32nuKhlnFwXEirOHscR3Hf1CAbdDwT_cfU84bqmwoLk0-IxMFtdxsGSsGbT9jumiQs7vA3C9ce9GDYmSrJO9GXX3YjWfiu9aLQ6CI82pjb3VnprNyFmWmsxC-wzT6ZoxPNMTgcHIsuPOnPcWq8Kmxw7r3MKn3OAa1ONFa-2H8NcfZO8-vhohZ4gqmMxJR3Lg1lw3te794g5UCq5BkWBazimb7_tlxby_pgfHbsAdP7A8znmitC1GL24DYgAWW7WLz0j6zFESNquyJEdhIfy7rbGk5f-f8hjild3pxJYV8zlN1cMKCV3hzceolPDI8ggNYFEbV1hojsuYYe9UWlhyWydpq80JMg7DaDXW5tpT61uwoBJ_IkQ5k3sNFsDqz-7nG-143jj6ZC7SysEbeO_33TCaIuzgUemN_RsJi7OGqlbRfsmHtP5P2dU5lrLMw-nhbhqVjxG4iaspHHECTPLqEprcDMfy08ajzexwJ5Hr2A9rQOaHT5-Zb8N05sof7VNU3UPolPbhke7fKsnCDLb3cjqMNx08SIGcP4lawaz6nSZpUppWqujJExzmoltR2ZBMit5cBs_Xv620ifhtqdRgu2rzkQM6AFdYuiHx-PSogV8tVoStTmxkZVPRpNISbFe-jYE2_N7oycMFoW8ddTM0NjUg1r1LF4lg-rCwifeizrdeZco661lFdcht-SoBx0ysj-rwUjwMAvm88jQYCZiQifIIOMHTiMlW0afWvWx7bCIRLgC1SesnpWtHG4hzNbsNb3i7N9aP08EZ8HCm6g2VX_5cTwX-MNd0OL7b8b-VhPwhN1P8sMOeJD3wDU8Tga7gwnuV5naxFgYG40oLvn4WAlGRS3C3a-9GlX2nkZEcj2rFpyqaCM6f9MysLQiCO7niys45gSSlzt6jM32k6dbj9zQQQFehxfpC6Xx9iBsOJGMKZAW2gqu2029fQDvItZdihPA4HlBMUZzZ_nMaNzCQorcVGiW9fbtILlLalPGGtChakKO9OSCCkJ7aCn9QSvvQ2m1M7JKMqp152w06i7nz-DrdER7PqppP3ymZiYt31mfHL4Lq_tjkhY6oiKktxBKjyLfaiiK5UZzVBt1pTNXyfXFu6b6OHTb8AzSsHqQIa7262dc3-hdJQHLHBe9YUQeBKlp79V_or_UzYVNOWS1f81Ug5zkkdKJsnB52n1Ag-_nRrsoIqHwMkTa0t9nbqN77vl9B0hIZ-0WeokAbrXnEb4PUxe2DQqXmihiJKeb_mJ5pMWtt4woNoZOXlt2zARnOcPhneiOAqqiGeuFga9tuM_YS2RyWE9uPwK7akt52yM0Zjeoiu8seAFqHtUeqEccMcUN9OnOOgYCwkC_hHJZAnoFIzfrnvzUJxQGnGEnfKUp-LGbuxoR5taCAGEyzdj9jRxWHw1b143KHyGItg-GQPec5wFJLbmQrIu74EsvNxGVKW7pMqek1AbdBwBQZxaB-UOJUMfylhUGn5qOH4hdvfBis_Ln4E7w806M_QsPYjN6KZpg_F6Wgm4o92yL--n_gtCsVaICXnHkO_vUaFgabXpacOuIBxJZZLqYz8-ymAsvQG-ZbW7Nnjvp9H6jD2UI_l8tZvzQoQ2Fl9MCrUpimK6QFPMgFfcaX_KLBP0dCbQulRyf5kUSoFq-A0exxXoteeNA0butUtNjVCRX1owxsxM7XEWd7NkAmbt-OKwNaci62vUJvQbhGv8x9wxZvku8QkiHrJ1MxOOVtnbEk1bSJw_YjFWnmpTW9GAZYplYbfCkCf74FRqoyV319szoKAWUSBHDJDBUt9N_BbIUL8-5XqzAazErAAr8GeUn9EL7deNyqsUbv0JvD5A_GwOqU--D_tuQ7JjWUmPOC9GF2NWGRws8WkJ6l2_aYqO9aCxJyFBo_S48_X9t3B5JWHJmdtVSPF3fKxxmP_TCskGQROiUju_uCSgx3EDPvJP6XGpxomiGboKUbXIuOP8f2JGqJKjgSvhvIP6besvbvNrVVz8g8qXJ5EfItBejr0czsEz3SCh1cjwCUW6JH9PuOhCnNVrCEmxXkB56Zw4sVu8mbiVnmG8bmjlRHnjPV9TSQVrBma5pmorrgCvx_6q-augTdJ7249tvDjrfIuAWeVBYl-T2XJgEsCaYexJW3MxvXlH9NhZVM_q1bNR0y3duuDNLh8QJyAmlUKn8nhVsa624RDPn4H5Tlxsd1in0-WxRezrGm73679hyCRfjHMUif4k9L-nCAQuR8A7G3hIF35cCgKIC70iZUBkHQCxFWNOJShfd0O4Rq31tahmF-qVP-xqz4MWuTuau86PdGtArK6G7YDHpeg1hTm_W6rosHLauoPcixfjjXxcv5yrn3W-fgB8-x-_ydY5aiY8Rxiemf4Yjcj4EoG77L9Nwiv7p_fLLC5FtnG9EXEgQB9-jfgnJbSesYmyzCxZY45Qt0n1O-vWaQRCDu3vyckLsB2E1Qq0XfvuwM64n1fWm3gIxoh5vd2k1tnxLaIuFszfUCr8viQ166IxMY1Pr3wgqOcXOSLI4QEBuQFujDJGOBntX9gH84TuXIxvly-2Hulu1mC8zusJIsQVgW5JGm3rT0NYTqhDL7fxCF7_41P7PRS1P34xI-JD3156KwI444_ih8Go1N8kZMbUcLhreaOiAHoa47YK3UbmG3UqrSP0H2dgF8ytpRtNcj-IFu8wNUf-023-MbNG9DxDLVOW5MzQpimIFhM7U9jbM0mROPAUVHl7tv0fVnyP48mxQz8Nzxy5DmkIJoWT6n3Ufoe4ajiVME-GjW3GFklwzQyNseTa_qaTOjcA6bz_WTb_wNKRKQnyIW-2j3lz6a5t_vSLLQ5M6DPU-4u4SwoFef__27d-gs_4I0V5FdmDg6Y9MK5O-H48JiT67VhMHWL_XE1k_A92KSeFmaNk4pJpH42h2g-zZwrTuDFE58E-OLvHUOgS5bmkPYknXzA5q_UmTVWK-Iwr6WQHWnmP86Htsh0XUWr_TqtCdCACFT5qj4W6eYz8kvgyFMb0sVzSqSKYfsi4uiB16gI4qrQI-a_h43nOz1fBOS0ngob_oCH1ooNkIFAiIK3ARu7P-5RBe5Wzr4lqW8kwHShezUFThV7LxfxzNVzy6_KhQRw-i1GikkX6W0VgwJs_JPOuRtm3SxKnwM09WJdeLnp_rTzHB1qoTBHmLodG9gSYuIKEeQWzMVdMIfi4L8bd0HDmfmLRBIS-Gpps40hVkIQ5jlsJo74HDFRM4nEa6J8eIVy-WXJMPc9GW-AzL2h7AIU5sctkur4_vJiiT4WmEcKbqGNx3395vFoaWtvLmLXAPR8_zPcwWxEbSaMqy2UJfVtJPlIwe1dPVQQ6mcOIt6fQ-RPTUB2RFUqrs46YS6bQZ3mvaHhZbUF6i9qF9FOiWuLF1kHGjj41sw3D-cVoiTjnUjVlalX_oW3CQfTF7PQqirEagP5uiaBobIIN-zTSclqSG7F8k37Iz-HXaz3RWFj928XrAV-FJn3gkYB40h5W-HF72dbmoi8WB-_tdkLWRZjzdJAohqRFXNAcFIT2VMTDLbe_LpcSM_e4C6B0P_auSFYxrkwRsH8WQl61T_A2tjqj_MDNE8_rNtXPfgwGdZOqm7eiz-TlCFdXhuf2V7T_CAylthJ0A2ESRcRK1mXjC3Emz6a_9NVCxWJgCUqAuscgDFwGAZj_OjTqotLn4cWk9jioTan3msMIiAihutgLGBXwFaY8o0FX-xvaELYqKxqbGDFccBTMqv5PaC9HlLJQFqpytPqUugBCicqaY3CFYSHEv1zX2R2Qel8MydEmHH5O2FK6tBZGUMgLVmndgfXUoly_lFInTrcBrKSROsGDmvG9XaIpT3E6ONTx2td8J1KOj6sh_xCiOWMryBOgpF9TRMFjuBRTNGeyLeDFFq_OWQuth5Q0Mn_UWC&cid=CAQSOwDICaaNzUFocCty1ANNFSYfD98vyROZEkMpkJBOQ0yKYDuLjEefQmjGxYpaMm8L3oJLqkd68Je_ZdT2GAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.tiantianzhibo.net%2F&ds=l&xdt=1&iif=1&cor=17382607199006830000&adk=2228999115&idt=192&cac=0&dtd=13

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:43:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61182
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:43:51 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231004/r20110914/ Frame 6F9F 30 KB
11 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231004/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4fcc2c45e5c8be67198b1d2c38bef90e3373e59b91be75e915711bfa7c10d22a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:57:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60373
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11602
x-xss-protection: 0
server: cafe
etag: 2362517075893974484
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:57:20 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6F9F 41 KB
13 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 06:58:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 603909
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 Sep 2024 06:58:24 GMT

GET
H/1.1 200
OK viewability Show response
hal900019.redintelligence.net/ Frame 13AA 0
150 B 123ms
40ms Script
text/html 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900019.redintelligence.net/viewability?s=26684500025699504444554012469019&a=26b75c4b&vb=m
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=26684500025699504444554012469019&a=9248d12c
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/request_content.php?s=26684500025699504444554012469019&a=9248d12c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Fri, 06 Oct 2023 06:43:33 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame DA40 1 KB
643 B 48ms
48ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 82088
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 07:55:25 GMT
etag: 48472445140208031
expires: Fri, 06 Oct 2023 07:55:25 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 6F9F 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5e3ddcd2f735522906457190e56f0eab272557406234ef7e5a19462391d767f8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js Show response
pagead2.googlesyndication.com/bg/ Frame C06C 37 KB
14 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61e4cd17cd84adc5ed49ce361925ab89ed9210810bf03c51eb875b7f59d99127

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 18:57:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42360
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14663
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 18:57:33 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame A337 272 KB
91 KB 51ms
50ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cc5286df28e10000842177b318d4d58701dadbab093ca484bb10cc5a9c898b36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92654
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 06 Oct 2023 06:43:33 GMT

GET
H2 200 dc_pre=CImkkPno4IEDFbFVkQUd5HwL1Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9970179360259.533
adservice.google.com/ddm/fls/z/ Frame 04CC 42 B
401 B 190ms
78ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CImkkPno4IEDFbFVkQUd5HwL1Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9970179360259.533

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CImkkPno4IEDFbFVkQUd5HwL1Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=9970179360259.533?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 13AA 14 KB
15 KB 59ms
58ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900019.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:23:45 GMT
x-content-type-options: nosniff
age: 51588
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14824
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Oct 2024 16:23:45 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 13AA 15 KB
15 KB 64ms
63ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900019.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 09:02:57 GMT
x-content-type-options: nosniff
age: 596436
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14892
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 Sep 2024 09:02:57 GMT

GET
H3 200 Visual4.png
s0.2mdn.net/sadbundle/11949286355477378158/_export/ Frame FC0D 4 KB
4 KB 44ms
43ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11949286355477378158/_export/Visual4.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f134a359c4d6eddf5f209a60a7d36098e4b8b6d563d44d8c296f6a84f49bce9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11949286355477378158/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 14:12:16 GMT
x-content-type-options: nosniff
age: 318677
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4335
x-xss-protection: 0
last-modified: Fri, 29 Sep 2023 13:23:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 01 Oct 2024 14:12:16 GMT

GET
H3 200 CTA1.png
s0.2mdn.net/sadbundle/11949286355477378158/_export/ Frame FC0D 1 KB
1 KB 55ms
52ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11949286355477378158/_export/CTA1.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

700c5217840eb7f1cccc8f8baae216fe6ffdb92eeee3081162cda5c7bc11834a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11949286355477378158/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 23:43:46 GMT
x-content-type-options: nosniff
age: 111587
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1123
x-xss-protection: 0
last-modified: Fri, 29 Sep 2023 13:23:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 03 Oct 2024 23:43:46 GMT

GET
H3 200 Prise.png
s0.2mdn.net/sadbundle/11949286355477378158/_export/ Frame FC0D 2 KB
2 KB 53ms
51ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11949286355477378158/_export/Prise.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd55cd172476309fc82f9d1a1b0274d43d39b4cce8e9e9b1f1984f35d2b434a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11949286355477378158/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 09:29:21 GMT
x-content-type-options: nosniff
age: 76452
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2389
x-xss-protection: 0
last-modified: Fri, 29 Sep 2023 13:23:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Oct 2024 09:29:21 GMT

GET
H3 200 Prod.png
s0.2mdn.net/sadbundle/11949286355477378158/_export/ Frame FC0D 8 KB
8 KB 53ms
51ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11949286355477378158/_export/Prod.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74c5b75c88e57d03779ef9e89a963f0cb193dfc883fe9175238e126648cef733

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11949286355477378158/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 16:55:07 GMT
x-content-type-options: nosniff
age: 49706
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7999
x-xss-protection: 0
last-modified: Fri, 29 Sep 2023 13:23:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Oct 2024 16:55:07 GMT

GET
H3 200 CTA.png
s0.2mdn.net/sadbundle/11949286355477378158/_export/ Frame FC0D 2 KB
2 KB 52ms
50ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11949286355477378158/_export/CTA.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a965c47cdc93f20ec8e54a7245b166d7f02eb688401ded4f562c4d2e899bb99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11949286355477378158/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 08:14:22 GMT
x-content-type-options: nosniff
age: 80951
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1692
x-xss-protection: 0
last-modified: Fri, 29 Sep 2023 13:23:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Oct 2024 08:14:22 GMT

GET
H3 404 text2.png
s0.2mdn.net/sadbundle/11949286355477378158/_export/ Frame FC0D 43 B
69 B 93ms
91ms Image
image/gif 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11949286355477378158/_export/text2.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11949286355477378158/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:33 GMT
x-content-type-options: nosniff
server: sffe
x-dns-prefetch-control: off
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-xss-protection: 0
expires: Fri, 06 Oct 2023 06:43:33 GMT

GET
H3 200 Visual2.png
s0.2mdn.net/sadbundle/11949286355477378158/_export/ Frame FC0D 1 KB
1 KB 51ms
49ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11949286355477378158/_export/Visual2.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

40c8cae4925d67c7252386f0912a2ea85d1ae5fe50c4d207d935e655187ba614

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11949286355477378158/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 14:12:16 GMT
x-content-type-options: nosniff
age: 318677
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1036
x-xss-protection: 0
last-modified: Fri, 29 Sep 2023 13:23:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 01 Oct 2024 14:12:16 GMT

GET
H3 200 Visual.jpg
s0.2mdn.net/sadbundle/11949286355477378158/_export/ Frame FC0D 12 KB
12 KB 63ms
61ms Image
image/jpeg 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11949286355477378158/_export/Visual.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa93cc5f2ab65481616b2c5076e6be58c02dba501475ee1afb6f4ac7379c9726

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11949286355477378158/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 14:12:16 GMT
x-content-type-options: nosniff
age: 318677
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12088
x-xss-protection: 0
last-modified: Fri, 29 Sep 2023 13:23:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 01 Oct 2024 14:12:16 GMT

GET
H3 200 Text1.png
s0.2mdn.net/sadbundle/11949286355477378158/_export/ Frame FC0D 2 KB
2 KB 50ms
48ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11949286355477378158/_export/Text1.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dac17b5c97549812c5fc58f1b43d6d80295a29af6e053a6ab530bf67ce53a5e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11949286355477378158/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 21:11:14 GMT
x-content-type-options: nosniff
age: 34339
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2281
x-xss-protection: 0
last-modified: Fri, 29 Sep 2023 13:23:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Oct 2024 21:11:14 GMT

GET
H3 200 MM_Logo.png
s0.2mdn.net/sadbundle/11949286355477378158/_export/ Frame FC0D 1 KB
1 KB 63ms
61ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11949286355477378158/_export/MM_Logo.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6cb6de4ede11071d20e1082219816a2bfb6758a033255620b5043c050c975958

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11949286355477378158/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 06:40:35 GMT
x-content-type-options: nosniff
age: 86578
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1419
x-xss-protection: 0
last-modified: Fri, 29 Sep 2023 13:23:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Oct 2024 06:40:35 GMT

GET
H3 200 SA_Logo.png
s0.2mdn.net/sadbundle/11949286355477378158/_export/ Frame FC0D 2 KB
2 KB 54ms
52ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11949286355477378158/_export/SA_Logo.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14da64b505b2a1568681040ae22449a1dc2498504f619260fe383ca1772c3b60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11949286355477378158/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 01:08:04 GMT
x-content-type-options: nosniff
age: 106529
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1569
x-xss-protection: 0
last-modified: Fri, 29 Sep 2023 13:23:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Oct 2024 01:08:04 GMT

GET
H3 200 Visual1.png
s0.2mdn.net/sadbundle/11949286355477378158/_export/ Frame FC0D 14 KB
14 KB 54ms
53ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11949286355477378158/_export/Visual1.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d822f3c406b44748bac1021d8f25277d82c4371f39fa6e72b968e00e00fd3e07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11949286355477378158/_export/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 21:26:30 GMT
x-content-type-options: nosniff
age: 33423
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14559
x-xss-protection: 0
last-modified: Fri, 29 Sep 2023 13:23:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Oct 2024 21:26:30 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/7244335152788954732/ Frame 4E13 169 KB
36 KB 62ms
50ms Document
text/html 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7244335152788954732/index.html?e=69&leftOffset=0&topOffset=0&c=79yfj91IHf&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3aefcb6a4eb0fed2de43b0bc2bc37a0309bfb5ab3c4bbb097ed0c2ba0459c742

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 06:43:33 GMT
expires: Sat, 05 Oct 2024 06:43:33 GMT
last-modified: Thu, 09 Jul 2020 14:43:37 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6F9F 0
0 104ms
86ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvnfNOEVorat6jvxTfmS1W64nhlf-ZF-OIJTp3exP3RZZ9shEZtCB4LVSToMJWBPAWh016tmvJWzjVqO_a-OQCnpUBQObQVOw3FBG8aJY0SQYFxoaesW6wU5zT5U_bnmqDcHKMYDTAN9Nvo_iHs8k598P_zQVwiK0eylHt7APDbYPUxUiUaPmVVbZW_3D96ITwYTCuctoIjggQL9M6Uz3IkhO7WUeAbujxI5v1HWFGsayhO8cudfsi6d8hfm-b4vwpXcTznbitcr6119CDQJtLzFFiSPeUcw6oOxsDXhWeja7I2g6Rf_X4_kMDqth5rrzOg3jnHp0kyB_jrDaQSr2ckJOd7v7tQPtVCQeqm3FkqWcl681w9qnNse3jG0A0ZOiZpoZvM-6k6NYSF6gj7wD4IxwoJ26Mbi83IjRyR_NmnupEhHWcwzYl3YXYAX7ziCk3e-qaMwVHlp_LOVQGjE_WnMmAPzFSwtM7siLulUrNcBXhrLDCiQvD-bMJmdh2OUyXNMLYEhY6_mdpZlHmAy1mCR6GU1-TeNwADx_oJa8kdepRMj091gtMG_Pl0epUBQn3lvU0M39wrnj98iQrXN8WQ5njzstM9qW_SyMXbqeiHyFdT7bejoCB17lVrP1_0OqJkAufs9lDou0i1sZX5xFpC3m1EmtTbozEYkojQ0L7pRZnQNhv7Xocos2q9m0TCsnGKscgyieyiGww0dtxmnU6h6cVDNOalgTX78qhRcLcNh87p71claGDwUVNnqwmPF0V2KjqR6LYWA9hRM_njM7QbJx8DqjD5zd0RlhCxyNECBJALAhDKUuEN5a1sa5EDeFhsRJ2V7-B5QL9mJj3J6D72_dER9pg-6vx1jmpjPZjm7LROhdgjwzz6_J66VvgU9ofky5ZfAL0dVXECBivfEWDixL0QOSaL-h3mlCtTXppMCSxCm7W0iOnHjt8YO6ON1zU-DZxxe2X1qb8sWV-MxIo9sm4Lzt1_WJhnzenbp7qfOowf_S9T1nPqZUkwBIDzss1PoE-vR6UAR-0GtiF_Vu1A0RDmv31SjEnxpF0cQnswIiZp3uMgROvlftivs63wdYhZ-Di0ofxWPrNjCGmwZgU3bKw1FTnHE_Mi7xhGP3kA_RY3kgSIyonyynbVanBj1JlSBYtmqTbxXO5_19c7MccxGY3VYFBoK246dlwvpLyvJlu3n6nZ-WQNl3R3dehjkwuGKEcDH8uYAKX1ajIbcH726rBJSZu88uYaX6MGCxI4TDRH8w4OdwcaOw-bO79KNQKH8UJUww8z-5y875DFUTBhksEI3brdH5N0Yqh08S5W2C56VtYCdQ&sai=AMfl-YRfrVSLEpTzM-AI0Z1NWG4pSVuUvoRxLHKcOIdHSRFVgsY0JXheeLM2uhyqJqEDLweJ_jHskq4rgOv2uzCpjp666nkeqCJDRiyTGaODbQNFnUbMsVUiA4-sYw72jddHQObt8piTHlLfLFrsLnMG2Mr2ZvJILBAKQGmGbiVNOB7rpe0dsyw4O11cwddZJduy1hexqYze1cmsgZrZbOKNro1AUyaXDICr0NPGQlw9-Qqo_Xt2skWqEcdD_U1NxmwZKBBa-lfVaDCN01jueRI4taQb8maR&sig=Cg0ArKJSzB43NC7z0yAXEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=165&cbvp=1&cstd=153&cisv=r20231004.44861&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 06 Oct 2023 06:43:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 B24472818.278588850;dc_trk_aid=472665651;dc_trk_cid=136959608;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;dc_exteid=ABAjH0ijfADyut-vORyr9gEdJGgG;dc_pubid=5;dc_dbm_token...
ad.doubleclick.net/ddm/trackimp/N105603.3892527AXA_DE/ Frame 6F9F 42 B
440 B 347ms
59ms Image
image/gif 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N105603.3892527AXA_DE/B24472818.278588850;dc_trk_aid=472665651;dc_trk_cid=136959608;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;dc_exteid=ABAjH0ijfADyut-vORyr9gEdJGgG;dc_pubid=5;dc_dbm_token=AD1EzRQAAADZCtEBCgwIABUAAAAAHQAAAAASDAgAFQAAAAAdAAAAACIRCL7fvxSoApub2wKwArDHgwdAAdICKhgBIhMI_b_j-OjggQMVxMA7Ah3QxQoMKAEwATjq-KS-ihBAAkgBWIiBIKoDV0NBUVNPd0RJQ2FhTnpVRm9jQ3R5MUFOTkZTWWZEOTh2eVJPWkVrTXBrSkJPUTB5S1lEdUxqRWVmUW1qR3hZcGFNbThMM29KTHFrZDY4SmVfWmRUMkdBRbIDFgiA4YAQEAEYHzICqgI6AoBASL39wToQ-b-ydBegZmgISa398RhnK2-ZmuE?

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame DA40 0
104 B 370ms
81ms Image
text/plain 2a02:fa8:8806:13::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEBSLnbEa2HNGNjIGQz1QGZ8&google_cver=1&google_push=AXcoOmS63fz-04-7ngcJuW6eqrYO1AzFGTUqUsagYYHTJxZbpBkOzNv1O4qxp2IxX7YQFQJh_of4F6XeIusGl0S9XWoaBdQalxRiWV8
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=50&adk=2281393541&adf=3669479829&pi=t.aa~a.409348236~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1696567412&rafmt=1&to=qs&pwprc=6902623340&format=350x50&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574612160&bpp=2&bdt=3197&idt=2&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D72146b1c207b02c9%3AT%3D1696574611%3ART%3D1696574611%3AS%3DALNI_MYQe7cXULIUNSNnRIY3DLAW1XIovA&gpic=UID%3D00000c8f7bb0a3a2%3AT%3D1696574611%3ART%3D1696574611%3AS%3DALNI_MZPrtGQ50n1XM-7Y80sdzsKA9pfrw&prev_fmts=0x0%2C250x250%2C300x255%2C300x250&nras=2&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=ByQlBYIbTM&p=https%3A//www.tiantianzhibo.net&dtd=12
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:33 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DA40
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEBULR4cgyt5lgm1Zc7AX-Jg&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEBULR4cgyt5lgm1Zc7AX-Jg&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=RW5WckFBY1IxUU9FeUY1&google_gid=CAESEBULR4cgyt5lgm1Zc7AX-Jg&google_cver=1&google_push=AXcoOmQSHq6_nKty_kJJ3pLNQ179K_QT-_ZGKteNUvXsMXV...

170 B
188 B

52ms
51ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=RW5WckFBY1IxUU9FeUY1&google_gid=CAESEBULR4cgyt5lgm1Zc7AX-Jg&google_cver=1&google_push=AXcoOmQSHq6_nKty_kJJ3pLNQ179K_QT-_ZGKteNUvXsMXVDGXtytBg0wiR7R4NI4TDDvBIPiUfsQ6kDVSCvLr0RNFxzwUwL2EE9pF4

Requested by

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 06 Oct 2023 06:43:33 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-790-g2a3fdc2#rel-ec2-master i-0e647d20a74bb4317@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=RW5WckFBY1IxUU9FeUY1&google_gid=CAESEBULR4cgyt5lgm1Zc7AX-Jg&google_cver=1&google_push=AXcoOmQSHq6_nKty_kJJ3pLNQ179K_QT-_ZGKteNUvXsMXVDGXtytBg0wiR7R4NI4TDDvBIPiUfsQ6kDVSCvLr0RNFxzwUwL2EE9pF4
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DA40
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEBAPSaatBJSjILdzZn5z9As&google_push=AXcoOmQrl-wpWt5ZUxV4Q7FQXpAzqbZrWdrHPiGPjsv8XfXu1OOmoMNhuv...

170 B
188 B

50ms
50ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEBAPSaatBJSjILdzZn5z9As&google_push=AXcoOmQrl-wpWt5ZUxV4Q7FQXpAzqbZrWdrHPiGPjsv8XfXu1OOmoMNhuvBMDif5mOGtrngWb7P3bafw18Hcpagh1IjIogOWZ_xT6g

Requested by

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230062-FRA
pragma: no-cache
date: Fri, 06 Oct 2023 06:43:33 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1696574614.522060,VS0,VE88
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEBAPSaatBJSjILdzZn5z9As&google_push=AXcoOmQrl-wpWt5ZUxV4Q7FQXpAzqbZrWdrHPiGPjsv8XfXu1OOmoMNhuvBMDif5mOGtrngWb7P3bafw18Hcpagh1IjIogOWZ_xT6g
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2 200 sync
x.bidswitch.net/ Frame DA40 43 B
146 B 328ms
42ms Image
image/gif 3.72.146.157
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEH84w74nCVVXoBxjVtC0mpg&google_cver=1&google_push=AXcoOmTsROgytIF9cI3NyYBGRDWfttq8QFwiLnpJP2b-Fm2lVGH8hUKvWtI3j3CICl5uEqEbNS2sYL6WXSBR9j5XxJD1kNfaNPVRNw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=50&adk=2281393541&adf=3669479829&pi=t.aa~a.409348236~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1696567412&rafmt=1&to=qs&pwprc=6902623340&format=350x50&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574612160&bpp=2&bdt=3197&idt=2&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D72146b1c207b02c9%3AT%3D1696574611%3ART%3D1696574611%3AS%3DALNI_MYQe7cXULIUNSNnRIY3DLAW1XIovA&gpic=UID%3D00000c8f7bb0a3a2%3AT%3D1696574611%3ART%3D1696574611%3AS%3DALNI_MZPrtGQ50n1XM-7Y80sdzsKA9pfrw&prev_fmts=0x0%2C250x250%2C300x255%2C300x250&nras=2&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=ByQlBYIbTM&p=https%3A//www.tiantianzhibo.net&dtd=12
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.72.146.157 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-72-146-157.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:33 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DA40
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEFQFprWGO8Vfx-fbViuGmEM&google_cver=1&google_push=AXcoOmTX6LbgmkSOVfHqXRWyf3yfAPDQdvBIcSZnrRrGO4gqMEyyB5B1xCwW46z_LRAH5qpLAlCMSNbcZVohTnzSRyo4FV_...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEFQFprWGO8Vfx-fbViuGmEM&google_cver=1&google_push=AXcoOmTX6LbgmkSOVfHqXRWyf3yfAPDQdvBIcSZnrRrGO4gqMEyyB5B1xCwW46z_LRAH5qpLAlCMSNbcZVohTnzSRyo4F...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmTX6LbgmkSOVfHqXRWyf3yfAPDQdvBIcSZnrRrGO4gqMEyyB5B1xCwW46z_LRAH5qpLAlCMSNbcZVohTnzSRyo4FV_gEGM4gA

170 B
188 B

51ms
50ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmTX6LbgmkSOVfHqXRWyf3yfAPDQdvBIcSZnrRrGO4gqMEyyB5B1xCwW46z_LRAH5qpLAlCMSNbcZVohTnzSRyo4FV_gEGM4gA

Requested by

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmTX6LbgmkSOVfHqXRWyf3yfAPDQdvBIcSZnrRrGO4gqMEyyB5B1xCwW46z_LRAH5qpLAlCMSNbcZVohTnzSRyo4FV_gEGM4gA
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame DA40 43 B
363 B 332ms
49ms Image
image/gif 178.250.7.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmQHTF3ZsNfGXoK9nj1ygG2_RVg4SVJfAJw-Sr-xDw40WdwpZH-c6CvbKrJ1M0jV0DGuapVZHXpYUj-O1w-mqA2NmhGijYvdepY&google_gid=CAESEL6Crj1hd6vtjPBkCskq4vU&google_cver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:33 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 205565
expires: Fri, 06 Oct 2023 00:00:00 GMT

GET
H2

200

report
sync.teads.tv/um/ Frame DA40
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEMLX5LDQb0n_...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmQwgmjeNWBoqm20yUzQKdjWL_Mx5o_yrm0VnAY_WDALTnNLZsb5qTbCyOEdArQei8hUSiXirRwvV21kO0wlUC2gvXXkAUP5CwkR
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

67ms
67ms

Image
image/gif

23.35.237.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=50&adk=2281393541&adf=3669479829&pi=t.aa~a.409348236~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1696567412&rafmt=1&to=qs&pwprc=6902623340&format=350x50&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574612160&bpp=2&bdt=3197&idt=2&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D72146b1c207b02c9%3AT%3D1696574611%3ART%3D1696574611%3AS%3DALNI_MYQe7cXULIUNSNnRIY3DLAW1XIovA&gpic=UID%3D00000c8f7bb0a3a2%3AT%3D1696574611%3ART%3D1696574611%3AS%3DALNI_MZPrtGQ50n1XM-7Y80sdzsKA9pfrw&prev_fmts=0x0%2C250x250%2C300x255%2C300x250&nras=2&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=ByQlBYIbTM&p=https%3A//www.tiantianzhibo.net&dtd=12
Protocol: H2
Server: 23.35.237.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-56.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

expires: Fri, 06 Oct 2023 06:43:33 GMT
pragma: no-cache
date: Fri, 06 Oct 2023 06:43:33 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:33 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame DA40 0
12 B 52ms
47ms Image
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LN0Rmf8tsmVz1l3O62Zj-RlrJasc6na8mOBYkuUdfEGymLUoJQD2WAXfWyt0tmjnkQTlKryA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:33 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 35D2 22 KB
8 KB 43ms
39ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 60841
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 13:49:32 GMT
expires: Fri, 04 Oct 2024 13:49:32 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame DC54
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1686300/75378989/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1014294059&ias_pubId=pub-9501431160750931&ias_chanId=1&ias_placementId=20600109049&bi...
https://static.adsafeprotected.com/skeleton.js?bundleId=${BUNDLE_ID}&ias_xappb=

17 B
465 B

41ms
41ms

Script
application/javascript

2600:9000:21f3:f000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js?bundleId=${BUNDLE_ID}&ias_xappb=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=255&slotname=6950575133&adk=1536346496&adf=1801062927&pi=t.ma~as.6950575133&w=300&lmt=1696567411&format=300x255&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574610952&bpp=1&bdt=1989&idt=275&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C250x250&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1070&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=Q746UBZpGo&p=https%3A//www.tiantianzhibo.net&dtd=279
Protocol: H2
Server: 2600:9000:21f3:f000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Tue, 09 May 2023 06:47:57 GMT
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via: 1.1 ec9e3bc729d9c6d55ed32446408ad62e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 12959737
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: _UKKSjIKydRg3xIllp2mM_nIO0mA8kn6Z95d4Ir3DNr-996O6taH8g==

Redirect headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:33 GMT
server: nginx
x-server-name: app18.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js?bundleId=${BUNDLE_ID}&ias_xappb=
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 1C4F 91 KB
23 KB 45ms
45ms Script
application/javascript 2600:9000:21f3:f000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=255&slotname=6950575133&adk=1536346496&adf=1801062927&pi=t.ma~as.6950575133&w=300&lmt=1696567411&format=300x255&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574610952&bpp=1&bdt=1989&idt=275&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C250x250&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1070&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=Q746UBZpGo&p=https%3A//www.tiantianzhibo.net&dtd=279
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:f000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 08 Jun 2023 21:19:49 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 ec9e3bc729d9c6d55ed32446408ad62e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 10315425
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: phlO5TWJQuqquavg2kLoHQXHh_PtVesYmQTpOnv1WprrKw7YZgZG9Q==

GET
H3 200 Enabler_01_242.js Show response
s0.2mdn.net/879366/ Frame 4E13 107 KB
37 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_242.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7244335152788954732/index.html?e=69&leftOffset=0&topOffset=0&c=79yfj91IHf&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7effa4abb1004ac11058d1fc73b1ebb9cbf993bc96dd96be50ba81ba895bd69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7244335152788954732/index.html?e=69&leftOffset=0&topOffset=0&c=79yfj91IHf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 04:03:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9620
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37452
x-xss-protection: 0
last-modified: Thu, 06 Feb 2020 15:49:50 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 07 Oct 2023 04:03:13 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame DC54 43 B
215 B 406ms
121ms Image
image/gif 2600:1f18:1aca:4280:b389:27e6:6658:a58d
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1686300&asId=b2c0e3e3-ed9f-f872-e785-01e8466eafef&tv=%7Bc:qfoOGi,pingTime:-3,time:447,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:363%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:447,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:363,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B108~0%5D,as:%5B108~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tRT0b1Z+11%7C12%7C1311%7C1312%7C13131%7C141*.1686300-75378989%7C1411%7C1412%7C14131%7C151%7C152%7C153%7C154%7C155%7C156%7C161%7C162%7C163%7C164%7C1711%7C1712%7C181,idMap:141*,rmeas:1,rend:0,renddet:na,siq:364%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=255&slotname=6950575133&adk=1536346496&adf=1801062927&pi=t.ma~as.6950575133&w=300&lmt=1696567411&format=300x255&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574610952&bpp=1&bdt=1989&idt=275&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C250x250&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1070&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=Q746UBZpGo&p=https%3A//www.tiantianzhibo.net&dtd=279
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:b389:27e6:6658:a58d Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:33 GMT
server: nginx
x-server-name: dt16.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame DC54 43 B
216 B 400ms
119ms Image
image/gif 2600:1f18:1aca:4280:b389:27e6:6658:a58d
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1686300&asId=b2c0e3e3-ed9f-f872-e785-01e8466eafef&tv=%7Bc:qfoOGk,pingTime:-6,time:449,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:449,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:363,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B109~0%5D,as:%5B109~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tRT0b1Z+11%7C12%7C1311%7C1312%7C13131%7C141*.1686300-75378989%7C1411%7C1412%7C14131%7C151%7C152%7C153%7C154%7C155%7C156%7C161%7C162%7C163%7C164%7C1711%7C1712%7C181,idMap:141*,rmeas:1,rend:0,renddet:na,siq:364%7D&tpiLookup=ao:www.tiantianzhibo.net*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=255&slotname=6950575133&adk=1536346496&adf=1801062927&pi=t.ma~as.6950575133&w=300&lmt=1696567411&format=300x255&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574610952&bpp=1&bdt=1989&idt=275&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C250x250&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1070&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=Q746UBZpGo&p=https%3A//www.tiantianzhibo.net&dtd=279
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:b389:27e6:6658:a58d Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:33 GMT
server: nginx
x-server-name: dt12.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3521 42 B
64 B 79ms
78ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstTMUFiKzteXtVXnO3jG8QgXgLiVNdzAT7_UUCfxsN7bqs9z46PQ3SW7EpotyrC3fr4SkCShcgvwFWQnafGtrDR-8rSBfbvxlzMMC02d2-CpDFjC24topg66F6E5dIxnSwUqwjp8KV9wObB&sai=AMfl-YR4FVSvwRS0K2yRbVwEQzpCFfwORKRdQylCXy5CAaPcXN9KWPbr2S888INScolGkxXKSarrTTPEFxnfRKm_5knMnl9wVJJ-cr4Mysukye5p_nl6XqVVnW3GpqBdOrgM-v8d4NjRrPk0yBEe&sig=Cg0ArKJSzAE8lYnMJx3SEAE&cid=CAQSSwDICaaNyCSnnsqvkHZTGmFWjO70ZqcdRXawcLXBqOnQDZMMQJV738-ozCE6OpnXz9wmkp0_Jta0ET2FISJ564d6bDj9HDEMWQW6tRgB&id=lidar2&mcvt=1066&p=0,0,200,200&mtos=1066,1066,1066,1066,1066&tos=1066,0,0,0,0&v=20231004&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1179801399&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696574611893&rpt=411&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame DC54 43 B
215 B 318ms
120ms Image
image/gif 2600:1f18:1aca:4280:b389:27e6:6658:a58d
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1686300&asId=b2c0e3e3-ed9f-f872-e785-01e8466eafef&tv=%7Bc:qfoOHH,pingTime:-2,time:534,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:734,beZ:736,mfA:1071,cmA:1072,inA:1072,inZ:1076,prA:1076,prZ:1093,si:1098,poA:1099,poZ:1115,cmZ:1115,mfZ:1115,loA:1183,loZ:1186,ltA:1268,ltZ:1268,mdA:736,mdZ:950%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.250,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:363%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:535,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:363,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B195~0%5D,as:%5B195~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tRT0b1Z+11%7C12%7C1311%7C1312%7C13131%7C141*.1686300-75378989%7C1411%7C1412%7C14131%7C151%7C152%7C153%7C154%7C155%7C156%7C161%7C162%7C163%7C164%7C1711%7C1712%7C181,idMap:141*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:na,siq:364,sinceFw:169,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=255&slotname=6950575133&adk=1536346496&adf=1801062927&pi=t.ma~as.6950575133&w=300&lmt=1696567411&format=300x255&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574610952&bpp=1&bdt=1989&idt=275&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C250x250&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1070&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=Q746UBZpGo&p=https%3A//www.tiantianzhibo.net&dtd=279
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:b389:27e6:6658:a58d Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:33 GMT
server: nginx
x-server-name: dt18.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 bK4GZl0mtHPwIamiN73ahbbApyVSn2vIx_eFPB1ZZt0.js Show response
pagead2.googlesyndication.com/bg/ Frame 35D2 38 KB
14 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/bK4GZl0mtHPwIamiN73ahbbApyVSn2vIx_eFPB1ZZt0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6cae06665d26b473f021a9a237bdda85b6c0a725529f6bc8c7f7853c1d5966dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 07:37:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 83178
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14735
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 07:37:15 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 3C9F 52 KB
18 KB 148ms
47ms Script
text/javascript 18.66.147.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=26684500025699504444554012469019&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-98.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 761cff5428e8aa5d947284cdaa6d9f6e9d0fe755909c364f807ee5c23ddb8dcd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 01:18:32 GMT
content-encoding: gzip
via: 1.1 77517a7f5d9094d359ba5186c3bda1e6.cloudfront.net (CloudFront)
last-modified: Mon, 02 Oct 2023 14:06:37 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 19502
etag: W/"2c13a74e288a2942ad3d2af9bad52cdf"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: ZUrYUNeO2wtae3kBfJKiJOn9rdzH5SHcJrOl_kL37lobV9GeBlwe-g==

GET
H2 200 1x1.png
cdn.track.production.webgains.team/7121/ Frame 3C9F 3 KB
3 KB 160ms
40ms Image
image/png 99.86.4.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.png?Expires=1696574913&Signature=Izo82JTJz5qLnTGco2cl-8qSTfQXJPtb9EBDrh~u7QkLnCfP2ZDE9ebFSKB~a2XqC~bb7mQn2nW~BGXqGOcdHbF5g0SZkEpIXFKTA7jdPYzE~mw1ezCxw~xlLNxZPZ3AHjFR3icrwu1buUSw91W0556U~jpBIe6wSnvmbqPngXONFSoH4ejKWe6iXFOO99V5dYOGjmSZT1PujEUuIdChUKmNBRMiHeXNIN2UsFj8pMzqRe0iSltuviDuBZT90Y-XaPTk3018GKVyMLQgopSFUPCuznUYXdP9MkyHozvIaEY9cWQh-m1YAVbCzIFk-Mr6rpVFJxJKcvP~WCRnYta7Tg__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=250&slotname=8918672040&adk=3624264942&adf=1402206701&pi=t.ma~as.8918672040&w=300&lmt=1696567411&format=300x250&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574611326&bpp=1&bdt=2363&idt=1&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C250x250%2C300x255&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1860&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=EPXkxXaWoy&p=https%3A//www.tiantianzhibo.net&dtd=4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-36.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-amz-version-id: null
date: Fri, 06 Oct 2023 05:13:22 GMT
via: 1.1 c275031486c6f7b744b8d30847e98b14.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 5411
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: KocvBdZMjCooLv3O5SpGlY4UPaNSi_D45sFOHmxBE4rhrJ3OJwBNaQ==

GET
H3 200 SourceSansPro-Black.woff2
s0.2mdn.net/sadbundle/7244335152788954732/ Frame 4E13 78 KB
78 KB 41ms
40ms Font
application/octet-stream 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7244335152788954732/SourceSansPro-Black.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7244335152788954732/index.html?e=69&leftOffset=0&topOffset=0&c=79yfj91IHf&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18b2f5f468e077f4b6a2e3d2a9244a7cd60913c5504b587159a00ca5d7bcdd62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7244335152788954732/index.html?e=69&leftOffset=0&topOffset=0&c=79yfj91IHf&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 21:04:46 GMT
x-content-type-options: nosniff
age: 34727
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 80208
x-xss-protection: 0
last-modified: Thu, 09 Jul 2020 14:43:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Oct 2024 21:04:46 GMT

GET
H3 200 SourceSansPro-Bold.woff2
s0.2mdn.net/sadbundle/7244335152788954732/ Frame 4E13 82 KB
82 KB 54ms
54ms Font
application/octet-stream 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7244335152788954732/SourceSansPro-Bold.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7244335152788954732/index.html?e=69&leftOffset=0&topOffset=0&c=79yfj91IHf&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d422eaf41ab920c8ce99379cec61f704b1710b183c0a0523986906851e0a0ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7244335152788954732/index.html?e=69&leftOffset=0&topOffset=0&c=79yfj91IHf&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 10:49:02 GMT
x-content-type-options: nosniff
age: 244471
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 83468
x-xss-protection: 0
last-modified: Thu, 09 Jul 2020 14:43:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 02 Oct 2024 10:49:02 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7D8F 0
24 B 78ms
77ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BhWnOlKwfZYmmG87rx_APjfGCmAsAAAAAOAHgBAI&bg=!2dql2pXNAAYMG8UMLBs7ADQBe5WfODr-cSpy1r4hAVYa4rsXvbE00nv02wh8isEoGPHvYOuyQhX4uLk-_Am_zc06zdnuAgAAAclSAAAADmgBB5kDA44DOgNz2554ZVoj3JM3juMqk7j3cznFX7-dMcliYflTfPc5vi9p01jaxcijR7pqkESQOrVxjP_jX25sZ5xF4u8mUkC4jxpsRhbtmHC7JA9AgenVBFA1uiLwsMHNKj1bj26NsuE1c_DNLycfwFnU6WiV7hdvyupkkU8c8IrDmUd5bx1ZPjpZ8OmZAjzt7Fk4rnKAj4tOVZsRGg8f3IXf-up4cjE6pB75DvUXeJ1708iKGm4phHg1THB3UcaL3QkfTK5i7pOkqrWRsgR_KTcpW7A3ONPlkFBkEEsRTZBlgR15mEq2_ZmzwtyyVtuXHX6xueVJl2eK4mYxvx9i7wcZa0oCJHakvhxlxy4kL4sZ7WGUQzDoCpsG0vR1nk0I9gbuCJiwJl_MiQKHAJnnxST6SZiCcNABO2qA9cC49RGe2c0Cxc30h0DQ4qbKSykxZTuWDHCiC2LnD4wBxG-ZcGSe-kyPgvPTsXhXuMeHdXj8yTqeywsdX4OccsjMIAHsGsld50Id_zZYMRRWeC8tjoTb9gCZtfzZ12h9SV8lllpIgSJGrEfTB_jCjMrhQQTnYYoyrcKtYc605Mp3lyM6UcNlRmLmE-0R77r2yWAKsrGBZBBu4do2H-SWi1_TYgGilp3zz1zfCeQU5k1Kii9YEglfySQ_QYrFMLrT8NElCrCha3m2Dz5C25NBdQC6ANSOYb_lTHB9yTj9FRrJJBXUllyVcRdS0cAijXOOWUbcT6ySxpPUx_-AXdC5PZDJG-BPXt7YkfBUioLrJ2Xp5vRLq7tFwQBj40u2WLWi6aXhI4JxcVMzuBm4inxVey7Rz6P9_Ood_2sERxTeHT0kN5RhqU70WWUWQSv7YfZDAE_k_69fBu9rGP075di8c1QuTAzDTTuYLw78mI1DuUG3veu0gGGQabZTdvx4kP1jMMdZt9xl5LVwQE4-RcCamksyQdRAviv3C0A8IcBUsQy7wu6gt5vMuuA55SDBNdQvT86mHzeWcaQ-CPCXflZ0WFhmo7zJ6_ubV_TqQA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 prod_studio_01_242_configurablemodule.js Show response
s0.2mdn.net/879366/ Frame 4E13 30 KB
10 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/prod_studio_01_242_configurablemodule.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_242.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68a1eb809781154c2c6dd9ef157e3ffa54c45afade2bb70edd006707d28c3a7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7244335152788954732/index.html?e=69&leftOffset=0&topOffset=0&c=79yfj91IHf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 21:39:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32615
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10358
x-xss-protection: 0
last-modified: Thu, 06 Feb 2020 15:49:49 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 06 Oct 2023 21:39:58 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame DC54 42 B
64 B 82ms
81ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss34qBh95qI6j93NjdmI0dpM34qAnASrsKp26FCMH8TIkEjzF2FwWQgDFDEncaXhps8FkZCHHEzpw41Eo23Gn58OrCXOz5z5kHPJTfz84Vd1VdEmAyf3NytU5mxGKalMxpcVGEFK5qwJQlK&sai=AMfl-YRDO7dPWMGky6nQV_DGDSBBOrhPCcHucyUj8WzBI3g8o6k-wU6XZ5P8-dym6BH9nlpp4GPwgMkn1SjwTZ0SQGrMnpHKRdOQqma-zsltCHswxatVxrZ5TQGvp_PT3bOHJzYAEY0pLLT_rI9c&sig=Cg0ArKJSzAxewWQkLGGMEAE&cid=CAQSSwDICaaNiRGbKKalPii-ESszbfn5yrUlP-PKVLDqV7pdnV0cAczNUbWqcBLF2cROyhlfB-HMYpzkNO9YctcOgzy7GhrMEUTcFmfffBgB&id=lidar2&mcvt=1011&p=0,0,250,300&mtos=0,0,1011,1011,1011&tos=0,0,1011,0,0&v=20231004&bin=7&avms=nio&bs=0,0&mc=0.52&if=1&vu=1&app=0&itpl=20&adk=1536346496&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696574612185&rpt=451&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6F9F 0
0 82ms
81ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvnfNOEVorat6jvxTfmS1W64nhlf-ZF-OIJTp3exP3RZZ9shEZtCB4LVSToMJWBPAWh016tmvJWzjVqO_a-OQCnpUBQObQVOw3FBG8aJY0SQYFxoaesW6wU5zT5U_bnmqDcHKMYDTAN9Nvo_iHs8k598P_zQVwiK0eylHt7APDbYPUxUiUaPmVVbZW_3D96ITwYTCuctoIjggQL9M6Uz3IkhO7WUeAbujxI5v1HWFGsayhO8cudfsi6d8hfm-b4vwpXcTznbitcr6119CDQJtLzFFiSPeUcw6oOxsDXhWeja7I2g6Rf_X4_kMDqth5rrzOg3jnHp0kyB_jrDaQSr2ckJOd7v7tQPtVCQeqm3FkqWcl681w9qnNse3jG0A0ZOiZpoZvM-6k6NYSF6gj7wD4IxwoJ26Mbi83IjRyR_NmnupEhHWcwzYl3YXYAX7ziCk3e-qaMwVHlp_LOVQGjE_WnMmAPzFSwtM7siLulUrNcBXhrLDCiQvD-bMJmdh2OUyXNMLYEhY6_mdpZlHmAy1mCR6GU1-TeNwADx_oJa8kdepRMj091gtMG_Pl0epUBQn3lvU0M39wrnj98iQrXN8WQ5njzstM9qW_SyMXbqeiHyFdT7bejoCB17lVrP1_0OqJkAufs9lDou0i1sZX5xFpC3m1EmtTbozEYkojQ0L7pRZnQNhv7Xocos2q9m0TCsnGKscgyieyiGww0dtxmnU6h6cVDNOalgTX78qhRcLcNh87p71claGDwUVNnqwmPF0V2KjqR6LYWA9hRM_njM7QbJx8DqjD5zd0RlhCxyNECBJALAhDKUuEN5a1sa5EDeFhsRJ2V7-B5QL9mJj3J6D72_dER9pg-6vx1jmpjPZjm7LROhdgjwzz6_J66VvgU9ofky5ZfAL0dVXECBivfEWDixL0QOSaL-h3mlCtTXppMCSxCm7W0iOnHjt8YO6ON1zU-DZxxe2X1qb8sWV-MxIo9sm4Lzt1_WJhnzenbp7qfOowf_S9T1nPqZUkwBIDzss1PoE-vR6UAR-0GtiF_Vu1A0RDmv31SjEnxpF0cQnswIiZp3uMgROvlftivs63wdYhZ-Di0ofxWPrNjCGmwZgU3bKw1FTnHE_Mi7xhGP3kA_RY3kgSIyonyynbVanBj1JlSBYtmqTbxXO5_19c7MccxGY3VYFBoK246dlwvpLyvJlu3n6nZ-WQNl3R3dehjkwuGKEcDH8uYAKX1ajIbcH726rBJSZu88uYaX6MGCxI4TDRH8w4OdwcaOw-bO79KNQKH8UJUww8z-5y875DFUTBhksEI3brdH5N0Yqh08S5W2C56VtYCdQ&sai=AMfl-YRfrVSLEpTzM-AI0Z1NWG4pSVuUvoRxLHKcOIdHSRFVgsY0JXheeLM2uhyqJqEDLweJ_jHskq4rgOv2uzCpjp666nkeqCJDRiyTGaODbQNFnUbMsVUiA4-sYw72jddHQObt8piTHlLfLFrsLnMG2Mr2ZvJILBAKQGmGbiVNOB7rpe0dsyw4O11cwddZJduy1hexqYze1cmsgZrZbOKNro1AUyaXDICr0NPGQlw9-Qqo_Xt2skWqEcdD_U1NxmwZKBBa-lfVaDCN01jueRI4taQb8maR&sig=Cg0ArKJSzB43NC7z0yAXEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=683&vt=11&dtpt=518&dett=3&cstd=153&cisv=r20231004.44861&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 replay_W.png
s0.2mdn.net/sadbundle/7244335152788954732/ Frame 4E13 2 KB
2 KB 52ms
42ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7244335152788954732/replay_W.png

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efd7fb1977e980fd4c64c471510efdd9928cff69cac253b0387d3ffefbd5870d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7244335152788954732/index.html?e=69&leftOffset=0&topOffset=0&c=79yfj91IHf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 07:28:12 GMT
x-content-type-options: nosniff
age: 515721
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1954
x-xss-protection: 0
last-modified: Thu, 09 Jul 2020 14:43:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 29 Sep 2024 07:28:12 GMT

GET
H3 200 cta.png
s0.2mdn.net/sadbundle/7244335152788954732/ Frame 4E13 215 B
249 B 53ms
43ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7244335152788954732/cta.png

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ffd4a691acac9fe2f5aaaef66d17fb06d64e86912e8de5bd8a9417ec20b295d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7244335152788954732/index.html?e=69&leftOffset=0&topOffset=0&c=79yfj91IHf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 21:01:21 GMT
x-content-type-options: nosniff
age: 121332
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 215
x-xss-protection: 0
last-modified: Thu, 09 Jul 2020 14:43:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 03 Oct 2024 21:01:21 GMT

GET
H3 200 logo.png
s0.2mdn.net/sadbundle/7244335152788954732/ Frame 4E13 1 KB
1 KB 53ms
43ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7244335152788954732/logo.png

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df69480a1ec3743b5729eb3b79f548db24af74e3f11aabfd2a6fea234149e2fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7244335152788954732/index.html?e=69&leftOffset=0&topOffset=0&c=79yfj91IHf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 04:02:22 GMT
x-content-type-options: nosniff
age: 528071
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1188
x-xss-protection: 0
last-modified: Thu, 09 Jul 2020 14:43:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 29 Sep 2024 04:02:22 GMT

GET
H3 200 line.png
s0.2mdn.net/sadbundle/7244335152788954732/ Frame 4E13 4 KB
4 KB 52ms
42ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7244335152788954732/line.png

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d87402d6ac551a34ac003e6a7d04f34ae884bc2c5df5c125467ba85c272c2651

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7244335152788954732/index.html?e=69&leftOffset=0&topOffset=0&c=79yfj91IHf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 05:27:42 GMT
x-content-type-options: nosniff
age: 522951
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4353
x-xss-protection: 0
last-modified: Thu, 09 Jul 2020 14:43:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 29 Sep 2024 05:27:42 GMT

GET
H3 200 Shape2.png
s0.2mdn.net/sadbundle/7244335152788954732/ Frame 4E13 2 KB
2 KB 53ms
43ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7244335152788954732/Shape2.png

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

709bf1c22b15bd9ff7981deab9112c0c5ee46c739185136badff746b1fe8a970

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7244335152788954732/index.html?e=69&leftOffset=0&topOffset=0&c=79yfj91IHf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 15:14:16 GMT
x-content-type-options: nosniff
age: 574157
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1589
x-xss-protection: 0
last-modified: Thu, 09 Jul 2020 14:43:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 28 Sep 2024 15:14:16 GMT

GET
H3 200 Shape1.png
s0.2mdn.net/sadbundle/7244335152788954732/ Frame 4E13 2 KB
2 KB 58ms
51ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7244335152788954732/Shape1.png

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3249828ec2c09501b92eb25fee620624229b621d4cb1cf1d13bbf4884fdc6a58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7244335152788954732/index.html?e=69&leftOffset=0&topOffset=0&c=79yfj91IHf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:46:04 GMT
x-content-type-options: nosniff
age: 57449
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1572
x-xss-protection: 0
last-modified: Thu, 09 Jul 2020 14:43:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Oct 2024 14:46:04 GMT

GET
H3 200 15264718595529391435
s0.2mdn.net/simgad/ Frame 4E13 7 KB
7 KB 50ms
43ms Image
image/jpeg 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/15264718595529391435

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c2b75841735784408946e7c4eb157b135d9a0b2c03c80d0b69274a4856a7151

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7244335152788954732/index.html?e=69&leftOffset=0&topOffset=0&c=79yfj91IHf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 04:01:37 GMT
x-content-type-options: nosniff
age: 9716
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7039
x-xss-protection: 0
last-modified: Fri, 24 Jul 2020 08:21:49 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 05 Oct 2024 04:01:37 GMT

GET
H3 200 bg.png
s0.2mdn.net/sadbundle/7244335152788954732/ Frame 4E13 2 KB
2 KB 52ms
45ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7244335152788954732/bg.png

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d120d863505b45eb25ceac322f5a334acdc9139734bd1a16ed3bae076563d55e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7244335152788954732/index.html?e=69&leftOffset=0&topOffset=0&c=79yfj91IHf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 07:10:47 GMT
x-content-type-options: nosniff
age: 516766
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1778
x-xss-protection: 0
last-modified: Thu, 09 Jul 2020 14:43:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 29 Sep 2024 07:10:47 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame DC54 43 B
215 B 127ms
124ms Image
image/gif 2600:1f18:1aca:4280:b389:27e6:6658:a58d
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1686300&asId=b2c0e3e3-ed9f-f872-e785-01e8466eafef&tv=%7Bc:qfoONq,pingTime:-10,time:889,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtMTIwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE3LjAuNTkzOC4xNDkgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1696574613808%7C%7C6acd1319007b3de321ddaab72da67ca5%7C%7C8e5269e98501ac65ff2ab303e742fcb1%7C%7Cd75c48731d97a8cc1de71bb6b20b5b16%7C%7C463b73350131a9861b38bfcc24de5afe%7C%7C7b5ac983ffb3b213dd97e70db4610476%7C%7C3e819e7b19b4664add5bb887f72e0f12%7C%7C606d6c9cf2e0e492dd59318178084ee2%7C%7C1663701684%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9501431160750931&output=html&h=255&slotname=6950575133&adk=1536346496&adf=1801062927&pi=t.ma~as.6950575133&w=300&lmt=1696567411&format=300x255&url=https%3A%2F%2Fwww.tiantianzhibo.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696574610952&bpp=1&bdt=1989&idt=275&shv=r20231004&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C250x250&nras=1&correlator=3473466491471&frm=20&pv=1&ga_vid=230693676.1696574611&ga_sid=1696574611&ga_hid=1034204444&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=925&ady=1070&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759927%2C44759876%2C31077327%2C31078301%2C31078466&oid=2&pvsid=1595443399956531&tmod=960840171&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=Q746UBZpGo&p=https%3A//www.tiantianzhibo.net&dtd=279
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:b389:27e6:6658:a58d Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:33 GMT
server: nginx
x-server-name: dt16.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D8EE 42 B
64 B 79ms
79ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuWDg4K_NC4H6ClaVCvLBHrSHKeyJYsKPDN-TRAFdUYCTCMv7kdh6tfjbiTH_bshDHifGFQ-lfuDKFEnmAukBgNZThU2vETRdCDe_-WBut02SHg7wcve7aA0Ohfdy8zccamvqPgOK9b_diN&sai=AMfl-YT7n1n0lTZOF4tHO_SivgIxxbjyddPmkoT7_cgGE04YCapZ5GXJ8CCZFjhKEJtL-RVhuKxAN-88CEiu4VAsVoeS67jMtdSLRr4WvuP0EdHj3uNbHKgthUp41-o7oS37av9dj4fOjsjXC5NT6Q&sig=Cg0ArKJSzCvreL2K55RSEAE&cid=CAQSTADICaaN7uQyi5JKljaSPWncWq6q1wPP9uFTGJ9faGtvCWmePSa7lA5MbC2FG9SXiy0eV0Lh6_mscRx-kW9IFfa_BMzplG4DUnEqGLMYAQ&id=lidar2&mcvt=1032&p=0,0,124,1005&mtos=215,886,1032,1032,1032&tos=215,671,146,0,0&v=20231004&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696574612281&rpt=469&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 4E13 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 35D2 0
24 B 82ms
82ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BPshclKwfZd-jN9WYjuwP47CIoA8AAAAAOAHgBAI&bg=!EhGlEV7NAAYMG8UMLBs7ADQBe5WfOE9uCX_kRIBKduy5R83FbjceOKOD529tWx2chXSA80p6NNX3mRMt18nhbca3wYkRAgAAALFSAAAACWgBBwoAqwCSuFzN2etbzNlYqx0oFNjBcKmjMPOUADsfbzeYojQML7YdfelI8_cns0qsMed9kN0d9tdZmfaxy0qw0WAbl1PuN89PJLNZk2bj28kcnhNTEMSLohCdnWlfKF_N4zluppGHviF0O_ksWaNPjr4Vi0FmNmkiCO555-U_tDNNDkeDdkFxsKvald8G1FyWd--Lg7_3qQmvGYdCF4Au2gX2s01EzKRIFUlRenSEQpkC3XXvybCG3flqdVhwiQ9lLoo1LTXIpVm-Chv5clAh6028tBjqoQa0yzXAG7JJGy3Uip-ZHheB5laREticWQ0u8EzLAPakgBVEJz74TXZuZsuN5CRzWHgh9vWQvSEX_HwK-3YPWUJLkDY0syBfxhhlhgLbGQDlvfC-4A0ZA7Vc9ZdXI936A-tnPlMfo72vTuPy_V2HBCq8MHUB__uV1YBvchV-bge8yKNVcKdWgqObt9RNe41aRiAthSH33-a-ZOA4YcrFSDsKaeb_Gd-fhvPXAoxgWyzdIGcmjZLf9gSjP6fSQ2kioI1-DM0xrcuJqP09cVcJ7PlSVcY1u_-CB6Vi8HdRJLxszBkJ5JIWPuC1xDoN2LTK4nDddRm_AvlIrt2JqyXXwl0sMCHhOCL2lKBtsAGA3BbsfoEBLNLRSWjF_VVhexVMQz3vuaGVXhi-urKpRjgH79QQT24UxdjYpNedxl42MyaAYz6VdYkUKjPwntXbzNQXlv2yGzdh7B6k5gneLKlvsEwwZiXZk5gLKMMLJJqnTiKROxEr1U8JwVzPKns_bPat1eeGuwoh2k96s00Xq0hVxRfvyJJ6ZC69MIyGyNCUQ1gn2F4FelNrHGQ9YQXldB8W-ICvE-8KEvDSrmxCUcEHpMyn_EFWLxDmLFY_YR3EQpwzB7xPraSzv8kVsj7YSrtzvITkUB7W1zJEQP1U8hJv05vVL4aM7FYWyIdyQOTFJKcAHXbQG9naL8x85NK3WRKRXr0-85XY7xktJz69lOwhDUGbaFnY4coq10MGfrVTG1MHCAHTDIs1mSu2JDdk-OY-ntjseA9LyrGDh3XT4qou5Z3VRXJ_k34x2QWoit5aTjkF8L6QnGIKttfnzTkEFZbTcLhLhO8pauzHMqBQOFVQV6QOYhtR2NvAnECJFdALYwvtUF0HP6FxEJyegQ_g_4T8ebOz8xcJy4feUwhLfvt2YOoQzjr5VDPJATg

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 15264718595529391435
s0.2mdn.net/simgad/ Frame 4E13 7 KB
7 KB 47ms
47ms Image
image/jpeg 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/15264718595529391435

Requested by

Host: www.tiantianzhibo.net
URL: https://www.tiantianzhibo.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c2b75841735784408946e7c4eb157b135d9a0b2c03c80d0b69274a4856a7151

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7244335152788954732/index.html?e=69&leftOffset=0&topOffset=0&c=79yfj91IHf&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 04:01:37 GMT
x-content-type-options: nosniff
age: 9716
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7039
x-xss-protection: 0
last-modified: Fri, 24 Jul 2020 08:21:49 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 05 Oct 2024 04:01:37 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 146ms
145ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231004&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5bebf434f5f3c2d721903c29a8793af630ce2bc49b370123824ab0d43a68604b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tiantianzhibo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12040
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame DC54 43 B
215 B 136ms
135ms Image
image/gif 2600:1f18:1aca:4280:b389:27e6:6658:a58d
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1686300&asId=b2c0e3e3-ed9f-f872-e785-01e8466eafef&tv=%7Bc:qfoOQ0,time:1049,type:e,im:%7Bpci:%7Btdr:663%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:1050,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:363,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B710~0%5D,as:%5B710~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:131,fm:tRT0b1Z+11%7C12%7C1311%7C1312%7C13131%7C141*.1686300-75378989%7C1411%7C1412%7C14131%7C151%7C152%7C153%7C154%7C155%7C156%7C161%7C162%7C163%7C164%7C1711%7C1712%7C181,idMap:141*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:364,sis:604%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:b389:27e6:6658:a58d Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:34 GMT
server: nginx
x-server-name: dt03.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 61ms
61ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tiantianzhibo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 06 Oct 2023 06:43:34 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 5D07 13 KB
5 KB 42ms
40ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tiantianzhibo.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 41093
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 19:18:41 GMT
expires: Fri, 04 Oct 2024 19:18:41 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 87A1 829 B
997 B 50ms
49ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

49f2b8763f4845c64e98d41657c9ef4d07c48378399c7a357c48846631023e31

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-nNO3We5SrLyhk8ci5I6eRQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.tiantianzhibo.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-nNO3We5SrLyhk8ci5I6eRQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 06:43:34 GMT
expires: Fri, 06 Oct 2023 06:43:34 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 3C9F 16 B
209 B 99ms
98ms Fetch
application/json 13.43.175.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.43.175.127 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-43-175-127.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 06 Oct 2023 06:43:34 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 166ms
46ms Preflight 13.43.175.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.43.175.127 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-43-175-127.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Fri, 06 Oct 2023 06:43:34 GMT
server: nginx

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 87A1 0
0 73ms
73ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231004&jk=1595443399956531&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

GET
H3 200 YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js Show response
pagead2.googlesyndication.com/bg/ Frame 5D07 37 KB
14 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61e4cd17cd84adc5ed49ce361925ab89ed9210810bf03c51eb875b7f59d99127

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 18:57:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42361
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14663
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 18:57:33 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 5D07 0
11 B 39ms
39ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?j88Pyw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:43:34 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3C9F 0
26 B 75ms
74ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2240063934045&version=m202309260101&ct=77&x=1&cor=11501952871119522000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6F9F 0
26 B 74ms
73ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=433887507040&version=m202309260101&ct=132&x=1&cor=17382607199006830000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DC54 0
26 B 74ms
73ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5147060633222&version=m202309260101&ct=76&x=1&cor=3193844785935651000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 79ms
77ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231004&jk=1595443399956531&bg=!d3SldDvNAAbjlzx0w5c7ADQBe5WfODkrBjxI4-50yVxF6lh-6T54TDGqnH2qgsHtuViK-oaNHLo5uMQgxZT2LJL_PVksAgAAAE9SAAAAB2gBBwoAV9vcOnvZVYQPnOp4NO6qj2r4jeuFryzN6RqzhaU1QrfqLbjgfo4RbYdaL7K8j3JLw-GiwK52lAv9T8FkfjRG3YMAe1MUlESzpcOQ-Xbj8kn0CtcALliLpJkCvVdz7dkgbmAsONcKOjJhPESG5oNDcmZgK8PjJ8RkuW3HFxVlITsg5JH_sCQB5aSiHEdZD2IC5uMq7rF9xQG8-d8d_GuWQXBBhTz4UlYEFdXF4Mfq4HH2CWvAN0xOi_g0vVnd5sYYcb0E_PVn8lD8ecA6H7GZqxYk7Rjv310NViUTyddXpfID5IYfYu1Sv5i9CZkMIVd0kbN6C3SI17IxN0V4BcQ-SGenhELYKqt-vXSdhJP4ZjwuuJxdrcy5RdIYa2l6QmRLQY9GebMkPvx9gXG5gaa54hQ7sPMiZPp_3eNR38H3op4WXSwevRfNi6B9si3qxsQlAU--ylpLInj8Bin94ushoYF_8AZwcBUG4ni9R0asH2jYgpgLKTblYEr-luvzBUegCwqSBDPuIcw6ZJJ-WHSmcDwYuYJmqIHoecSM44ZBQbL1FGBQibDseGNhoVG8cfqlmHo5y3gQav9v80RSypaersy-9WO3UXpBSfT84ui-7JZn2A6Whs1gz2SM_ryDSIYsm2WX7bmGmzQWl1tC_qNYFuEVD8FpSH44hrLEnEqQ4F-RVx9fw7GGmJxHC4kl1toQpRX-MAaEbxpNJdWVSSdm1SwpxaHkNPc2KAv65-n3vwrPHURI0lNxiOQ09EWuqHyzTBfIPdy46UsC1EtYLhogLkfHyQeso2_hrCtjB6xFWLLZ2jsaJB6c2-f2a5Tw0dIJvxbtHB-DeY2vPnVReOmn-8Dob2MtdBm3VsXccCFMac12n3P5k6lHWYmejcc3jfusN3tzMB0VU0otlWxpK9GBnBbIPzNeLfiPrEwVTbw9hhZ5fUdPLlMCN04lY_To6m1yKlokyGZpKOPXyOlGXzZH2V5-LQc1zYkO6DWIbPxKjzZEhW1fGGZcVf5XX4ae2brh4X8BvTcU9MHkp5wlQa6OUBSm1S8NHx2E
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tiantianzhibo.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

GET
H2 200 dt
dt.adsafeprotected.com/ Frame DC54 43 B
215 B 117ms
117ms Image
image/gif 2600:1f18:1aca:4280:b389:27e6:6658:a58d
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1686300&asId=b2c0e3e3-ed9f-f872-e785-01e8466eafef&tv=%7Bc:qfoPdY,pingTime:1,time:2535,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:363%7D,%7Bpiv:52,vs:pp,r:,t:1534%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:1534,n:0,pp:1001,pm:0%7D,slEvents:%5B%7Bsl:o,t:363,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1195~0,0~50%5D,as:%5B1195~300.250%5D%7D%7D,%7Bsl:pp,t:1534,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:52,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1000~50%5D,as:%5B1000~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:138,fm:tRT0b1Z+11%7C12%7C1311%7C1312%7C13131%7C141*.1686300-75378989%7C1411%7C1412%7C14131%7C151%7C152%7C153%7C154%7C155%7C156%7C161%7C162%7C163%7C164%7C1711%7C1712%7C181,idMap:141*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:364,sis:604%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:b389:27e6:6658:a58d Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:35 GMT
server: nginx
x-server-name: dt12.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 flecha.png
s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/images/ Frame 4CC9 1 KB
1 KB 39ms
39ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/images/flecha.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

316c626585650b118dc2ca02a311b72962a5d160f89a3b686a942548cea022d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/creative.html?e=69&leftOffset=0&topOffset=0&c=fQU9Qgy5vj&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 04:30:09 GMT
x-content-type-options: nosniff
age: 526408
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1035
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 10:56:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 29 Sep 2024 04:30:09 GMT

GET
H3 200 GothamNarrow-Medium.woff
s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/fonts/ Frame 4CC9 81 KB
81 KB 40ms
39ms Font
font/woff 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/fonts/GothamNarrow-Medium.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/css/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5d958be76e970124b20b9d17b84962fae1ad78a436652cf10194ac5fb3ab27f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/10284766571498831872/200x200_rtbretargeting/assets/css/style.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 10:51:00 GMT
x-content-type-options: nosniff
age: 589957
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 82744
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 10:56:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 28 Sep 2024 10:51:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame DC54 43 B
215 B 134ms
134ms Image
image/gif 2600:1f18:1aca:4280:b389:27e6:6658:a58d
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1686300&asId=b2c0e3e3-ed9f-f872-e785-01e8466eafef&tv=%7Bc:qfoQgu,pingTime:5,time:6535,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:363%7D,%7Bpiv:52,vs:pp,r:,t:1534%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:1534,n:0,pp:5001,pm:0%7D,slEvents:%5B%7Bsl:o,t:363,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1195~0,0~50%5D,as:%5B1195~300.250%5D%7D%7D,%7Bsl:pp,t:1534,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:52,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5000~50%5D,as:%5B5000~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:120,fm:tRT0b1Z+11%7C12%7C1311%7C1312%7C13131%7C141*.1686300-75378989%7C1411%7C1412%7C14131%7C151%7C152%7C153%7C154%7C155%7C156%7C161%7C162%7C163%7C164%7C1711%7C1712%7C181,idMap:141*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:364,sis:604%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:b389:27e6:6658:a58d Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 06:43:39 GMT
server: nginx
x-server-name: dt04.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sync.search.spotxchange.com
URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEKzhXH0WJ7SUn5X9MB5TIyM&google_cver=1

Domain: sync.search.spotxchange.com
URL: https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID

Verdicts & Comments Add Verdict or Comment

55 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

22 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-21 00:37:50	Name: IDE Value: AHWqTUno5iQOW8VhsIIzM037nwmG8X9wtampjnXldxCXjxOYzWONGuERDwQMyZ1S
.doubleclick.net/	1970-01-20 19:35:26	Name: APC Value: AfxxVi55sIUm9-EXxkKX5JwWJh9oldsC5nU1gwjUm-KzOb30vaejfQ
.casalemedia.com/	1970-01-21 00:01:50	Name: CMID Value: ZR.sky7JfNSkx3NHt17yjgAA
.casalemedia.com/	1970-01-20 17:25:50	Name: CMPS Value: 2146
.casalemedia.com/	1970-01-20 17:25:50	Name: CMPRO Value: 2146
.adnxs.com/	1970-01-20 17:25:50	Name: uuid2 Value: 909541046617803271
.tiantianzhibo.net/	1970-01-21 00:37:50	Name: __gads Value: ID=72146b1c207b02c9:T=1696574611:RT=1696574611:S=ALNI_MYQe7cXULIUNSNnRIY3DLAW1XIovA
.tiantianzhibo.net/	1970-01-21 00:37:50	Name: __gpi Value: UID=00000c8f7bb0a3a2:T=1696574611:RT=1696574611:S=ALNI_MZPrtGQ50n1XM-7Y80sdzsKA9pfrw
.adnxs.com/	1970-01-20 17:25:50	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GU%j+0)K!]taq8i_iqf!oN/@E'zz<Z0QMy).bgQ:OWoP#NxYN+sg`%7.V(:=z?5zl!kTD._PlZ[C[-kX-?K1is
.redintelligence.net/	1970-01-20 17:25:50	Name: 8lcfmzhxc8d6_uid Value: fbbec1722b4c1f07
.t23.intelliad.de/	1970-01-20 17:40:14	Name: iact Value: 0001E3BA04F0AC20E3F41CE74A6A49DD0B56
.t23.intelliad.de/	1970-01-20 17:40:14	Name: iaimp_42842 Value: 1696574612:42842:100:137:101:248:101:20231006064332641365a077404e8d
.doubleclick.net/	1970-01-20 15:16:18	Name: DSID Value: NO_DATA
.office-partner.de/	1970-01-21 00:52:14	Name: source Value: {"webgains_webgains":{"timestamp":1696574613134,"clickCookie":false}}
.googleadservices.com/	1970-01-20 17:25:50	Name: ar_debug Value: 1
.bluekai.com/	1970-01-20 19:35:26	Name: bkdc Value: phx
.bluekai.com/	1970-01-20 19:35:26	Name: bkpa Value: KJyN0AWvQY9xxBcENnRjOX5zuJLrWiD6AY/N5wfYqwA44fCWTIYJnDIcJBW945AkSTClpBgHnvA6VVHfZ06CKB+LgDq9y/fohfm39DO76snMXglmsD/dXQBCviEG
.bluekai.com/	1970-01-20 19:35:26	Name: bku Value: ts6O9JVLctV0k5y+
.de17a.com/	1970-01-20 23:54:38	Name: guid Value: 1.2895028002423546628
.w55c.net/	1970-01-21 00:47:55	Name: wfivefivec Value: EnVrAAcR1QOEyF5
.everesttech.net/	1970-01-21 00:01:50	Name: everest_g_v2 Value: g_surferid~ZR_slQAVrl0PsgBY
.w55c.net/	1970-01-20 15:59:26	Name: matchgoogle Value: 5

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.tiantianzhibo.net/statics/css/images/tub.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEKzhXH0WJ7SUn5X9MB5TIyM&google_cver=1 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://s0.2mdn.net/sadbundle/11949286355477378158/_export/text2.png Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5994599.fls.doubleclick.net
ad.doubleclick.net
adservice.google.com
adv.office-partner.de
ajax.googleapis.com
analytics.webgains.io
api.webgains.io
bifen4pc.qiumibao.com
cdn.track.production.webgains.team
cm.g.doubleclick.net
d5p.de17a.com
dclk-match.dotomi.com
dis.criteo.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900019.redintelligence.net
ib.adnxs.com
pagead2.googlesyndication.com
partner.googleadservices.com
pm.w55c.net
pv.medialead.de
s0.2mdn.net
static.adsafeprotected.com
static4style.qiumibao.com
sync-tm.everesttech.net
sync.search.spotxchange.com
sync.teads.tv
t23.intelliad.de
tags.bluekai.com
tiantianzhibo.net
tpc.googlesyndication.com
track.webgains.com
ups.analytics.yahoo.com
us-u.openx.net
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.tiantianzhibo.net
x.bidswitch.net
sync.search.spotxchange.com
104.18.19.11
104.18.26.193
118.178.110.57
13.43.154.56
13.43.175.127
142.250.185.194
142.250.185.70
142.250.186.130
142.250.186.134
144.76.91.199
145.239.193.130
151.101.130.49
172.217.18.2
178.250.7.11
18.66.147.98
185.89.210.244
213.155.156.169
23.35.237.56
240d:c010:18:1:38::1f
2600:1f18:1aca:4280:b389:27e6:6658:a58d
2600:9000:21f3:f000:8:48e:53c0:93a1
2606:4700:3030::6815:14de
2a00:1450:4001:800::2002
2a00:1450:4001:800::200a
2a00:1450:4001:806::2008
2a00:1450:4001:80b::2002
2a00:1450:4001:80e::2006
2a00:1450:4001:80f::2002
2a00:1450:4001:811::2002
2a00:1450:4001:81c::200a
2a00:1450:4001:827::2003
2a00:1450:4001:827::2004
2a00:1450:4001:82b::2003
2a00:1450:4001:830::2001
2a00:1450:4001:831::2002
2a02:fa8:8806:13::1400
2a0b:4d07:101::1
3.248.134.18
3.71.162.119
3.72.146.157
3.75.62.37
35.244.159.8
52.29.154.74
69.192.160.219
78.46.90.238
99.86.4.36
0008342dfdfb4978fd4cd8055aab6f753efb07673e13e1030e1c50de403065b0
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
0328ba17530dce26036b567b64a776c895302f166e2333795a62979da08f173a
041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
14da64b505b2a1568681040ae22449a1dc2498504f619260fe383ca1772c3b60
15179e81f131befdd6e603ba3ddca00b8cc4e43aa70583d9e7b41fd56698ebbb
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18b2f5f468e077f4b6a2e3d2a9244a7cd60913c5504b587159a00ca5d7bcdd62
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
284ad04845b7380ab09d988a65a8136842b4a297bd063889b5062f731389177c
288b76ecee7dad7a622743ee94c2d0b673137f1bdb4f9246d5899bcd980899d8
2937b1eff43b5494767cfff2fb7f26ea4f4568ff57ecdd70a661c3c7b1b77f86
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
316c626585650b118dc2ca02a311b72962a5d160f89a3b686a942548cea022d2
3249828ec2c09501b92eb25fee620624229b621d4cb1cf1d13bbf4884fdc6a58
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
3a965c47cdc93f20ec8e54a7245b166d7f02eb688401ded4f562c4d2e899bb99
3aefcb6a4eb0fed2de43b0bc2bc37a0309bfb5ab3c4bbb097ed0c2ba0459c742
3cfc9577a5bf4c99500dff97877038a42855564ac87df89ced1dfdd195f64448
3ea5ba483cc58c2ec804f0e6c814c0610a4f0c9da9619667712f1437302d70a1
40c8cae4925d67c7252386f0912a2ea85d1ae5fe50c4d207d935e655187ba614
429cecf19aa7548ea2dc394178245083a04791306fd31de16160f77505502a08
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
47c34c3cc8f3ba7d8726a9d479775908e31ad71aa4020cc51eba34375379b0ba
484ec1c347c17d7d3b98d5058aa5d90bb5c7315f3a67f44611e902de4be50831
4927978f916c67a75b089f975343a53f686c38f1fc69c11252c2d5c6a1eb1913
49f2b8763f4845c64e98d41657c9ef4d07c48378399c7a357c48846631023e31
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fbd1b523cf0619b4ffcfa228c48f7fb07154b01a6b23ba418ac7bc3ec1ac51e
4fcc2c45e5c8be67198b1d2c38bef90e3373e59b91be75e915711bfa7c10d22a
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
507ec173cf6ed9d4c318291e6568c3e1601c8909169be4eebb239a3122dabb45
5092f40278a4ea7dc668dfb480cbead9026329b474b6c30bdc47628b55d9fa65
50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9
517ef43cf053634b6afdd8cf0019a8ef0baa1926bedb1c01b56affd5728dc87a
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5bebf434f5f3c2d721903c29a8793af630ce2bc49b370123824ab0d43a68604b
5c2b75841735784408946e7c4eb157b135d9a0b2c03c80d0b69274a4856a7151
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5e3ddcd2f735522906457190e56f0eab272557406234ef7e5a19462391d767f8
5eb26501db1161e7014ebc2f284c78e58b229c75e3da2657793cec571678cbe7
605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce
6062ee42e44bc69c392b5d5b7c7cc129de45d6c74ab48bcc71370971901303c8
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
61e4cd17cd84adc5ed49ce361925ab89ed9210810bf03c51eb875b7f59d99127
62218c89aeba998ce96c351c07bba16f0f37d591eb24b3a5c954fae4adda5cc1
63d8b8c99fcaa3e93b596101e95cecff151d7751e190fb4a34a0ad148ad93867
68a1eb809781154c2c6dd9ef157e3ffa54c45afade2bb70edd006707d28c3a7c
6a2b72214cc983024d368bae7231532353964b1f5577ed6735cbc65ed21dc2d5
6a7b3c6dd66c88e7db6eeb6ca64342e2256a61bcd96889b2f6337aca61a0237a
6b2bc72955ec02bbd1db66838455813a41a37fc110a80b10a45ce2b9af39f12a
6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc
6cae06665d26b473f021a9a237bdda85b6c0a725529f6bc8c7f7853c1d5966dd
6cb6de4ede11071d20e1082219816a2bfb6758a033255620b5043c050c975958
6d422eaf41ab920c8ce99379cec61f704b1710b183c0a0523986906851e0a0ab
6ffd4a691acac9fe2f5aaaef66d17fb06d64e86912e8de5bd8a9417ec20b295d
700c5217840eb7f1cccc8f8baae216fe6ffdb92eeee3081162cda5c7bc11834a
709bf1c22b15bd9ff7981deab9112c0c5ee46c739185136badff746b1fe8a970
729bb9007929a8af5c6f300c99e7c5899043ed1734d39fd6f4e0361b94d1adbc
74c5b75c88e57d03779ef9e89a963f0cb193dfc883fe9175238e126648cef733
761cff5428e8aa5d947284cdaa6d9f6e9d0fe755909c364f807ee5c23ddb8dcd
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
7f8d937ac3c24cd9099dccaeb3e160dba15d6396b7f8ada3ca95f9ef24633aee
818cc940e4ef782c114f286b087fac335543bc859f96c8b300061e600a06eedf
832f288dad7df3bc002b8909cac5542228fee7d1c2ce702bd954f62c3ae55e57
85b6d784099d05cd2ffc14602e160cffcadfb3730dbdfcc483035e033fd6b961
868b089a28f353b2400d575b15c32d069775c99dca12e1202df34de355a6a272
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
87e8aa8992fa3dba3f33e62499636b649954671bf3a736cc8a1aa3cd581ffe7c
87fd76d11e870aa0b08892fd9ba118013edb649845bcb8cb97566c72958a810c
89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec
8d74d05591b5e2ba15ca43b6355158d8743b0b5db53011f29bc79fe4230659fc
8f134a359c4d6eddf5f209a60a7d36098e4b8b6d563d44d8c296f6a84f49bce9
8f41766b1dd9ed6325c83edeac764689f9d8d4c4a839faaef543806c6dcf1d2c
91d4a0d94d1fc1773e6638ef374749383abc08d3666c106d948fe5542a14d31b
92b477fc91ed2a27598ca42009b3c27b178b88cd12037280cc402ce7dd8738be
9885b190d6f056f14f6bf44a00726a486be992c20fb99df59aa67af416d0173c
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a5ca67c177b85e4d178c4ce564adf6e483f4950a15838ca3d80d93def7ff3986
a5d958be76e970124b20b9d17b84962fae1ad78a436652cf10194ac5fb3ab27f
a60ac4292585b85fdd66956dab66e3996c19b8d207e8e0a98449777de49c11c1
a61cd464213e709de1f3b0141359d24399e6c82302a34e4c558eca29aebe5ac7
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a7c6e322c214cc37657e2b389710e2990072f76451d4e91fefdfedd9f5c8379c
aa93cc5f2ab65481616b2c5076e6be58c02dba501475ee1afb6f4ac7379c9726
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b59df8f9102ba4d4ccf63c5026e2d85bee8cf0d226d68e20bd9ae010c146469f
b818254dfc983fb2732ecfc54815327606434288e6eb0c0c0b7e8523e14b6c9f
bc453cd657a49e4036098010b9a87e348ce83be958449f57a5e27ae7efe851df
bcc5de0f53784c98bf4b3345b43f7d95736bd096e7ce0b8132a0555624adc13a
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
bf4fe5a423509c3b94effef6a514afb7b6a5c64776cb359e923613e39a9e4899
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
c4cc3a5b356106ac98447f631b84e0627242c322110a3b825ec192f19987c326
c4ec171d8f202fb90c55007f2dc8ab43a7d089d5e7b717eb03b41fdb3907b261
c599f96659ce07649e90b86b90732f1293b042e212423e7366794ada841d688d
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
c9bb40cefe87d2b65103b30be083f0dc8f963f3c930f230d905b811b6eb82f47
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
cc5286df28e10000842177b318d4d58701dadbab093ca484bb10cc5a9c898b36
cd55cd172476309fc82f9d1a1b0274d43d39b4cce8e9e9b1f1984f35d2b434a9
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d08cdad175344acba124ab88b2afbeec7779e8ddf5c9cf456c1133b8885192ed
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d120d863505b45eb25ceac322f5a334acdc9139734bd1a16ed3bae076563d55e
d3c3a0002309ca38786fe073c87d221b969dec5b2e00e4eb7b4e60dae3177cf1
d6bf421fd12026d6c703b38414565985f8a4815139d48533f6e26e31a97f214f
d7effa4abb1004ac11058d1fc73b1ebb9cbf993bc96dd96be50ba81ba895bd69
d822f3c406b44748bac1021d8f25277d82c4371f39fa6e72b968e00e00fd3e07
d87402d6ac551a34ac003e6a7d04f34ae884bc2c5df5c125467ba85c272c2651
dac17b5c97549812c5fc58f1b43d6d80295a29af6e053a6ab530bf67ce53a5e0
db1ed4c00ec91ece111f3d29f0e6a38ea281fb2e2063bcdc79972f989cf8554b
dce7b450d83eab011fc1e663e1fe7a9e002740cb6c0fb92abb4b1e61c07fb71b
df69480a1ec3743b5729eb3b79f548db24af74e3f11aabfd2a6fea234149e2fa
e0309fd597700b89310de557575438fb73dbee569cf734340057c0884ce91c20
e09639315704980552b92eaae21f66af00a6e8a371f757f76b0b12420c2ed2a7
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8d101f3121dd9449ff5d53776dd97854206fa04d6348c8d2d29234954ee0d95
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ebbc5a058e3ad1b69f390cd69c67ebb5f2ad1227c71bd4982e73268612eff91c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef85ad42cd1a8321c8b6cdbe58f7dd39624f7bfd5fc191911294e8f85804f94b
ef8672ea195e04ae64b3cbe2e42070bc9849ef827be80218e33b6d5dfcbd65b1
efc2b5f3cfb42ac86c11900be6091d645853af46ab4f01bfba7280c3ac37ae02
efd7fb1977e980fd4c64c471510efdd9928cff69cac253b0387d3ffefbd5870d
f20c487da288a57a0f215a7913dd47d337d56d69c183883c5b5ae5d82edac8bd
f763b65857a176e47cd5d84c9af89d31bf68a195d8775a76cf2c696b6061314e
f8d919ff39876f94ebbf5a8d688058e1eff3cb0bb8ceff60c8762f2abb669cd0
fc5aaf324d93d80d48f715eef3035a4fa6c18f22403121725fdfb3fdaa046ed6
fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1

www.tiantianzhibo.net Open in urlscan Pro 2606:4700:3030::6815:14de Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

246 Requests

92 %HTTPS

41 %IPv6

32 Domains

47 Subdomains

43 IPs

10 Countries

2736 kBTransfer

7065 kBSize

22 Cookies

3 Outgoing links

Page URL History

Redirected requests

246 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.tiantianzhibo.net Open in urlscan Pro
2606:4700:3030::6815:14de Public Scan

Screenshot
Live screenshot

Full Image

246
Requests

92 %
HTTPS

41 %
IPv6

32
Domains

47
Subdomains

43
IPs

10
Countries

2736 kB
Transfer

7065 kB
Size

22
Cookies

246 HTTP transactions
7 data transactions