Submitted URL: http://ww1.downscrs.xyz/
Effective URL: https://ww1.downscrs.xyz/
Submission: On January 16 via manual from IN — Scanned from DE

Summary

This website contacted 11 IPs in 2 countries across 9 domains to perform 26 HTTP transactions. The main IP is 2606:4700:e0::ac40:6d1c, located in United States and belongs to CLOUDFLARENET, US. The main domain is ww1.downscrs.xyz.
TLS certificate: Issued by R3 on December 29th 2021. Valid for: 3 months.
This is the only time ww1.downscrs.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Apex Domain
Subdomains
Transfer
9 downscrs.xyz
ww1.downscrs.xyz
64 KB
8 youtube.com
www.youtube.com — Cisco Umbrella Rank: 91
703 KB
4 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 44
static.doubleclick.net — Cisco Umbrella Rank: 341
6 KB
2 superonclick.com
superonclick.com — Cisco Umbrella Rank: 150084
6 KB
1 discovernative.com
discovernative.com — Cisco Umbrella Rank: 167609
71 B
1 ufpcdn.com
ufpcdn.com — Cisco Umbrella Rank: 100451
2 KB
1 gstatic.com
fonts.gstatic.com
16 KB
1 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 94
51 KB
1 urgesick.com
urgesick.com
26 9
Domain Requested by
9 ww1.downscrs.xyz 1 redirects ww1.downscrs.xyz
8 www.youtube.com ww1.downscrs.xyz
www.youtube.com
3 googleads.g.doubleclick.net 1 redirects pagead2.googlesyndication.com
www.youtube.com
2 superonclick.com ww1.downscrs.xyz
1 discovernative.com ww1.downscrs.xyz
1 ufpcdn.com superonclick.com
1 static.doubleclick.net www.youtube.com
1 fonts.gstatic.com www.youtube.com
1 pagead2.googlesyndication.com ww1.downscrs.xyz
1 urgesick.com ww1.downscrs.xyz
26 10

This site contains links to these domains. Also see Links.

Domain
discovernative.com
Subject Issuer Validity Valid
*.downscrs.xyz
R3
2021-12-29 -
2022-03-29
3 months crt.sh
urgesick.com
R3
2021-12-25 -
2022-03-25
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2021-12-08 -
2022-03-02
3 months crt.sh
*.google.com
GTS CA 1C3
2021-12-08 -
2022-03-02
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2021-12-08 -
2022-03-02
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-06-11 -
2022-06-10
a year crt.sh
*.doubleclick.net
GTS CA 1C3
2021-12-08 -
2022-03-02
3 months crt.sh
discovernative.com
Sectigo RSA Domain Validation Secure Server CA
2021-03-04 -
2022-03-04
a year crt.sh

This page contains 4 frames:

Primary Page: https://ww1.downscrs.xyz/
Frame ID: 2374D6C435BD0DD9DE06BF96E5532743
Requests: 13 HTTP requests in this frame

Frame: https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
Frame ID: AFEF96DFAB5D4E0B2C34D6C2397330C9
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220112/r20190131/zrt_lookup.html
Frame ID: 873B34B6DF1B06B6C14DDDC96B4838D6
Requests: 1 HTTP requests in this frame

Frame: https://ufpcdn.com/script/identify.html?frmt=0
Frame ID: 97AC9377AACF18A5D2E20AADED2D6AF2
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://ww1.downscrs.xyz/ HTTP 301
    https://ww1.downscrs.xyz/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
  • wp-embed\.min\.js\?ver=([\d.]+)

Overall confidence: 100%
Detected patterns
  • <(?:param|embed|iframe)[^>]+youtube(?:-nocookie)?\.com/(?:v|embed)

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Page Statistics

26
Requests

96 %
HTTPS

80 %
IPv6

9
Domains

10
Subdomains

11
IPs

2
Countries

847 kB
Transfer

2967 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ww1.downscrs.xyz/ HTTP 301
    https://ww1.downscrs.xyz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 16
  • https://googleads.g.doubleclick.net/pagead/id HTTP 302
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

26 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
ww1.downscrs.xyz/
Redirect Chain
  • http://ww1.downscrs.xyz/
  • https://ww1.downscrs.xyz/
9 KB
4 KB
Document
General
Full URL
https://ww1.downscrs.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6d1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
52595350c9e49b79c721e08c18e65865edf7a829f1b7543691c6ac8ce851ea2d

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Sun, 16 Jan 2022 08:13:04 GMT
content-type
text/html; charset=UTF-8
link
<http://ww1.downscrs.xyz/index.php?rest_route=/>; rel="https://api.w.org/", <http://ww1.downscrs.xyz/index.php?rest_route=/wp/v2/pages/10602>; rel="alternate"; type="application/json", <http://ww1.downscrs.xyz/>; rel=shortlink
x-proxy-cache
HIT
p3p
policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lJehwyt8sdig16lthMWoOUoqwHBoA4PFLbid23ow531M4V%2Fa75TotkFXpt7uXX4MCVVxwfecU3ka3205wvviutiViQuUCVOYpw1Iq1lZYHo9kPwWFEzyeWCSF2yAHQxjO2cRRVOINtjaJzYq6tgE"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6ce5e1e7bfb04e8b-FRA
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

Date
Sun, 16 Jan 2022 08:13:04 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
max-age=3600
Expires
Sun, 16 Jan 2022 09:13:04 GMT
Location
https://ww1.downscrs.xyz/
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EQ2ivom%2FI%2BFJHzUwnTuzaAJ8wtPImPMX%2B2XUqAUJmwLgl%2BDp8uimVXX5R%2FiWcq8BIjPKn2hcTcVx3cdeglJCqjtRIzxD2a2b%2B%2FwWpGjfmESp7Af%2FAzG2l4NYlsD7HGrZ0LGskqXyCA9FL52Cjr6p"}],"group":"cf-nel","max_age":604800}
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
6ce5e1e5beb45c50-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
style.min.css?ver=5.8.2
ww1.downscrs.xyz/wp-includes/css/dist/block-library/
79 KB
11 KB
Stylesheet
General
Full URL
https://ww1.downscrs.xyz/wp-includes/css/dist/block-library/style.min.css?ver=5.8.2
Requested by
Host: ww1.downscrs.xyz
URL: https://ww1.downscrs.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6d1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ww1.downscrs.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 08:13:04 GMT
content-encoding
br
cf-cache-status
BYPASS
last-modified
Mon, 20 Sep 2021 08:43:40 GMT
server
cloudflare
x-microcachable
0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tc971V7NK2ahT4UfZTHy2WaWUQPSnuXrEf2k0ePu%2Bn0blgf3M92kiUfzc8BSKWdZx95DzIzE80UZihKgsR75LPuXg2LTfIlyNHQY%2FPNCzbvbnlrsWsOQJKNbQlKnI0WqmdqSTq7BVt0QR8sue2Gz"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
content-type
text/css
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6ce5e1e828a84e8b-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
style.css?ver=5.8.2
ww1.downscrs.xyz/wp-content/themes/ivideo/
2 KB
1 KB
Stylesheet
General
Full URL
https://ww1.downscrs.xyz/wp-content/themes/ivideo/style.css?ver=5.8.2
Requested by
Host: ww1.downscrs.xyz
URL: https://ww1.downscrs.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6d1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb22ff6d3ebaa2ec79921696a704f2126bb7c5c5e52537dfb3b2e00e3ee34a63

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ww1.downscrs.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 08:13:04 GMT
content-encoding
br
cf-cache-status
BYPASS
last-modified
Mon, 20 Sep 2021 08:40:55 GMT
server
cloudflare
x-microcachable
0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0ljEnbHcG6fJlCGfOURPPHCWt25BL2z%2F7XgxTzxqscp4KnnuXFV8%2Bbdfu44UarywIZHaB1Npi2yohnnwVt9mfQS9eSPY0Bu6BIfeqh%2BFwvJgNO1V55paNTkMFlk4fydlyN5WY7bmPRKMWFqpzeQb"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
content-type
text/css
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6ce5e1e828aa4e8b-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
invisible.js
ww1.downscrs.xyz/cdn-cgi/challenge-platform/h/b/scripts/
44 KB
16 KB
Script
General
Full URL
https://ww1.downscrs.xyz/cdn-cgi/challenge-platform/h/b/scripts/invisible.js
Requested by
Host: ww1.downscrs.xyz
URL: https://ww1.downscrs.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6d1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b4014c003b449522f11c0c157866d9abbb9097362d17c536f50f1ea8741fb47

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ww1.downscrs.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 08:13:08 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZOZ6zSrH1e0fxGQtYjuPkpLNuY%2BG3g1rZFGzoLB5iZZAa0SCG%2BsNgX9l3UJpkSN%2Bn77mIz0VyXAWbaPOE1a1ExhibVopvu6xqV0ECmuBX0Qs%2BQHOzMFtncq%2FuBmQ5mk0r%2FlZ6dwwHa4ivMB4ny3V"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=604800, public
x-control-type-options
nosniff
cf-ray
6ce5e1e828ad4e8b-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
wp-embed.min.js?ver=5.8.2
ww1.downscrs.xyz/wp-includes/js/
1 KB
1 KB
Script
General
Full URL
https://ww1.downscrs.xyz/wp-includes/js/wp-embed.min.js?ver=5.8.2
Requested by
Host: ww1.downscrs.xyz
URL: https://ww1.downscrs.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6d1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ww1.downscrs.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 08:13:04 GMT
content-encoding
br
cf-cache-status
BYPASS
last-modified
Thu, 29 Apr 2021 17:06:39 GMT
server
cloudflare
x-microcachable
0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s9psI5nv33J0rRMyjPGQpzSuQwOlI0%2FnDHL%2BG7fo%2BGH0ywn1kkTA6xo4QXJM9oZTQwE9SpjD5R2TSO6XDzQIrwHf0n82sl9hR3IXM6WvwbgJcnb0Ky5As1q49LLnhWRt6GcSSdCymB4r1FLBc4Fd"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
content-type
application/javascript
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6ce5e1e828ac4e8b-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
68881dd8b72caf0194422455d0b10d44.js
urgesick.com/68/88/1d/
0
0
Script
General
Full URL
https://urgesick.com/68/88/1d/68881dd8b72caf0194422455d0b10d44.js
Requested by
Host: ww1.downscrs.xyz
URL: https://ww1.downscrs.xyz/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.17.6 /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ww1.downscrs.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

access-control-allow-origin
*
date
Sun, 16 Jan 2022 08:13:05 GMT
server
nginx/1.17.6
content-type
application/javascript
content-length
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
146 KB
51 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: ww1.downscrs.xyz
URL: https://ww1.downscrs.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
94d87c975893b50fbf42dc1c1120c9f248d995e2bc04ae3537d639bb4b9c9fd3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ww1.downscrs.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 08:13:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
51977
x-xss-protection
0
server
cafe
etag
13395523613476428935
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sun, 16 Jan 2022 08:13:04 GMT
white_sand.png
ww1.downscrs.xyz/wp-content/themes/ivideo/images/
21 KB
21 KB
Image
General
Full URL
https://ww1.downscrs.xyz/wp-content/themes/ivideo/images/white_sand.png
Requested by
Host: ww1.downscrs.xyz
URL: https://ww1.downscrs.xyz/wp-content/themes/ivideo/style.css?ver=5.8.2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6d1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10055ac3c9d72bba0edcf7813858f543e085183da9a554fe1cded14a7dc1b00f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ww1.downscrs.xyz/wp-content/themes/ivideo/style.css?ver=5.8.2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 08:13:04 GMT
cf-cache-status
BYPASS
last-modified
Mon, 20 Jul 2015 14:56:46 GMT
server
cloudflare
x-microcachable
0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y0opT9HVS6f4wIcnEyytfvjw6qIDMD34vnB90DD0o8P0XupmopUzxGnWTEyuByvoxXM8fY7xza476yOUZNzNGPOijzgV9oCbfSuSasg6BE%2BzBily1GeHwaftPnIQijxRSqWD1vEXzpTtVJVdA1Y6"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
content-type
image/png
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6ce5e1e899764e8b-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
21591
qMYi6WkMnec?rel=0&showinfo=0
www.youtube.com/embed/ Frame AFEF
52 KB
23 KB
Document
General
Full URL
https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
Requested by
Host: ww1.downscrs.xyz
URL: https://ww1.downscrs.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
91417fb0c56102a0b3604318926aa42112d650d6a182805d44a19374b32a413d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ww1.downscrs.xyz/

Response headers

content-type
text/html; charset=utf-8
x-content-type-options
nosniff
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Sun, 16 Jan 2022 08:13:04 GMT
strict-transport-security
max-age=31536000
report-to
{"group":"ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"}]}
cross-origin-opener-policy-report-only
same-origin; report-to="ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
content-encoding
br
server
ESF
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
www-player-webp.css
www.youtube.com/s/player/18da33ed/ Frame AFEF
340 KB
47 KB
Stylesheet
General
Full URL
https://www.youtube.com/s/player/18da33ed/www-player-webp.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08f71e3dfe76ba6bd96a9474751c9baaf5fd53a3ca529cc6dd8bfb2efdfce74e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 13 Jan 2022 15:46:37 GMT
content-encoding
br
x-content-type-options
nosniff
age
231987
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47601
x-xss-protection
0
last-modified
Thu, 13 Jan 2022 01:19:38 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Fri, 13 Jan 2023 15:46:37 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame AFEF
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 11 Jan 2022 17:06:41 GMT
x-content-type-options
nosniff
age
399984
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 11 Jan 2023 17:06:41 GMT
www-embed-player.js
www.youtube.com/s/player/18da33ed/www-embed-player.vflset/ Frame AFEF
276 KB
85 KB
Script
General
Full URL
https://www.youtube.com/s/player/18da33ed/www-embed-player.vflset/www-embed-player.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bfd1c401f85a0fd4319ecc0bcb96ab96857dde344d688d72cdc7a2e76771d2e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 13 Jan 2022 15:45:42 GMT
content-encoding
br
x-content-type-options
nosniff
age
232042
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
87025
x-xss-protection
0
last-modified
Thu, 13 Jan 2022 01:19:38 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Fri, 13 Jan 2023 15:45:42 GMT
base.js
www.youtube.com/s/player/18da33ed/player_ias.vflset/de_DE/ Frame AFEF
2 MB
538 KB
Script
General
Full URL
https://www.youtube.com/s/player/18da33ed/player_ias.vflset/de_DE/base.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
425af8c8a91e02519947b7ba05781052c0decfb8703586f047ec492938deece7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 13 Jan 2022 15:46:37 GMT
content-encoding
br
x-content-type-options
nosniff
age
231987
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
550271
x-xss-protection
0
last-modified
Thu, 13 Jan 2022 01:19:38 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Fri, 13 Jan 2023 15:46:37 GMT
fetch-polyfill.js
www.youtube.com/s/player/18da33ed/fetch-polyfill.vflset/ Frame AFEF
8 KB
3 KB
Script
General
Full URL
https://www.youtube.com/s/player/18da33ed/fetch-polyfill.vflset/fetch-polyfill.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sat, 15 Jan 2022 16:17:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
57335
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2830
x-xss-protection
0
last-modified
Thu, 13 Jan 2022 01:19:38 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sun, 15 Jan 2023 16:17:29 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220112/r20190131/ Frame 873B
11 KB
5 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220112/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
425b48211e0ebe795b6ead9ec2f1bcd9e04e9930a7dd30e08cdb2fef0bcb834c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ww1.downscrs.xyz/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4885
x-xss-protection
0
date
Sun, 16 Jan 2022 02:05:13 GMT
expires
Sun, 30 Jan 2022 02:05:13 GMT
cache-control
public, max-age=1209600
age
22072
etag
13671712056976469594
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
native_render.js
superonclick.com/script/
4 KB
3 KB
Script
General
Full URL
https://superonclick.com/script/native_render.js
Requested by
Host: ww1.downscrs.xyz
URL: https://ww1.downscrs.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:bd78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7965b4334f08b3c398843d721ab3b5535461f4183ec6bb0923d1ae092b9cfd51

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ww1.downscrs.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-goog-hash
crc32c=rXethw==, md5=i4AdaMb2P574qaeqSEucdQ==
date
Sun, 16 Jan 2022 08:13:05 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1255
x-guploader-uploadid
ADPycdvoa8H_yL7lng1wpll3kZDUKdtyrMQHUfofmTSSw4FbaYvV70MglspfwFyZCZ1GC86N3MmGDqxEUa_j862MIEp3TxS09Q
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 13 Feb 2019 10:15:50 GMT
server
cloudflare
etag
W/"8b801d68c6f63f9ef8a9a7aa484b9c75"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nEprXWUdu%2BFj74ol5L4bvLWqwFsZgWuzU98ekVgC7FlCLSDpht6TR9bkjHbH%2BIqzn6NHY0gkLMqC6T5Afzmzdj2A2vhaTGd5iK6TPFRy0Zvl7gRj3SSIXsXgQql6kJGhgmkiicXHsC%2FKE6tn4cc8"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1550052950916101
access-control-allow-origin
*
content-type
application/javascript
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=14400
x-goog-stored-content-length
4285
cf-ray
6ce5e1ea4ed8695e-FRA
expires
Sun, 16 Jan 2022 08:35:55 GMT
native_server.js
superonclick.com/script/
9 KB
3 KB
Script
General
Full URL
https://superonclick.com/script/native_server.js
Requested by
Host: ww1.downscrs.xyz
URL: https://ww1.downscrs.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:bd78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e282545f9f7c4117db91f8a2c33e5a1dad31f3c6edbe74b9776c1f8b85c166bd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ww1.downscrs.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-goog-hash
crc32c=RAjq/g==, md5=Udh+nr2DH8yragFgeaYHkw==
date
Sun, 16 Jan 2022 08:13:05 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1259
x-guploader-uploadid
ADPycdt9-0Neg4qFlc1_qS1vxIkTfSADI55e8o4DTVjsirsAtnZdG2zERZgfrvWjZCvKfo0PVKip84u1VR0PJqBrt3wCn5XggA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 13 Feb 2019 10:15:52 GMT
server
cloudflare
etag
W/"51d87e9ebd831fccab6a016079a60793"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LkQUMmwAcIht%2FCGCJpAdNCDAi5A%2FviURzDwSErc5TLt3GdhZOnI81puZowG0FAm0ry6yyiWcg3ndQ5BxNKiHaeXXJp%2BMqHT02nGHj%2F969ezadVctAmenv98zUYFsUUMwDl62pP77shFCX2wquEig"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1550052952705094
access-control-allow-origin
*
content-type
application/javascript
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=14400
x-goog-stored-content-length
9260
cf-ray
6ce5e1ea4edf695e-FRA
expires
Sun, 16 Jan 2022 07:58:04 GMT
id?slf_rd=1
googleads.g.doubleclick.net/pagead/ Frame AFEF
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/id
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
100 B
146 B
XHR
General
Full URL
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
Protocol
H3
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
86ea650a565cf3d49c3ab57e362cc705da57b7c4328d49ef6cbae7adc6b8cc07
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 08:13:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
120
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Sun, 16 Jan 2022 08:13:05 GMT
x-content-type-options
nosniff
access-control-allow-origin
https://www.youtube.com
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad_status.js
static.doubleclick.net/instream/ Frame AFEF
29 B
588 B
Script
General
Full URL
https://static.doubleclick.net/instream/ad_status.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/18da33ed/www-embed-player.vflset/www-embed-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 07:59:19 GMT
x-content-type-options
nosniff
age
826
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29
x-xss-protection
0
last-modified
Thu, 12 Dec 2013 23:40:16 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sun, 16 Jan 2022 08:14:19 GMT
qoe?cpn=-1nFupQ1gjR376hp&el=embedded&ns=yt&fexp=23983296%2C24001373%2C24002022%2C24002025%2C24002922%2C24004644%2C24007246%2C24027685%2C24080738%2C24082661%2C24116987%2C24129402%2C24135310%2C241364...
www.youtube.com/api/stats/ Frame AFEF
0
19 B
Ping
General
Full URL
https://www.youtube.com/api/stats/qoe?cpn=-1nFupQ1gjR376hp&el=embedded&ns=yt&fexp=23983296%2C24001373%2C24002022%2C24002025%2C24002922%2C24004644%2C24007246%2C24027685%2C24080738%2C24082661%2C24116987%2C24129402%2C24135310%2C24136440%2C24141079%2C24146770%2C24151680&cl=421412829&seq=1&event=streamingstats&docid=qMYi6WkMnec&cbr=Chrome&cbrver=97.0.4692.71&c=WEB_EMBEDDED_PLAYER&cver=1.20220112.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&vps=0.000:N,0.000:ER&cmt=0.000:0.000,0.000:0.000&error=0.000:auth:0.000:0;a6s.0&vis=0.000:0&bh=0.000:0.000
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/18da33ed/player_ias.vflset/de_DE/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Video Stats Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sun, 16 Jan 2022 08:13:05 GMT
x-content-type-options
nosniff
server
Video Stats Server
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
embed.js
www.youtube.com/s/player/18da33ed/player_ias.vflset/de_DE/ Frame AFEF
26 KB
7 KB
Script
General
Full URL
https://www.youtube.com/s/player/18da33ed/player_ias.vflset/de_DE/embed.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/18da33ed/player_ias.vflset/de_DE/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d72743788e3208d8963ecf1c530712eb02493222a40fde522a4e712473d9ac62
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 13 Jan 2022 15:48:37 GMT
content-encoding
br
x-content-type-options
nosniff
age
231868
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7632
x-xss-protection
0
last-modified
Thu, 13 Jan 2022 01:19:38 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Fri, 13 Jan 2023 15:48:37 GMT
data:truncated
data:truncated Frame AFEF
346 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0f5f4b730907675018b1e42156f20ad3744dac0ace5697fd8102f2c83ff1c08f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/png
identify.html?frmt=0
ufpcdn.com/script/ Frame 97AC
2 KB
2 KB
Document
General
Full URL
https://ufpcdn.com/script/identify.html?frmt=0
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/native_server.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:2ed2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ffb16355784a4a89472be6cb28c3408234ec0518326a3a1908797b8d8c78a76a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ww1.downscrs.xyz/

Response headers

date
Sun, 16 Jan 2022 08:13:05 GMT
content-type
text/html
last-modified
Tue, 15 May 2018 06:39:25 GMT
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BIx2RpKcbxXCoQdzOQ5oUHlnMWiPl3%2FINTL3YkHEYcS2uGQUBIUSgD991lVKk3qNNTET1nYxOLPw9PdKiVVBEUUhSWUbtMrJ6h%2BHYoxb%2B57ZgFlJqtV3U9%2BZ%2BY9FM2ZpN9OwkEksfQAR"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6ce5e1ec59545b74-FRA
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
native.php?nwpsv=1&r=4910187&cbrandom=0.5118351889608934&cbWidth=1600&cbHeight=1200&cbtitle=EMBED%20STREAMING%20VIDEOS%20%7C%20Embed%20Streaming%20Videos&cbref=&cbdescription=&cbkeywords=&cbiframe=...
discovernative.com/script/
0
71 B
Script
General
Full URL
https://discovernative.com/script/native.php?nwpsv=1&r=4910187&cbrandom=0.5118351889608934&cbWidth=1600&cbHeight=1200&cbtitle=EMBED%20STREAMING%20VIDEOS%20%7C%20Embed%20Streaming%20Videos&cbref=&cbdescription=&cbkeywords=&cbiframe=0&&ufp=170163145315294576811805554505&callback=jsonp897515
Requested by
Host: ww1.downscrs.xyz
URL: https://ww1.downscrs.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.31.231 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
231.31.211.130.bc.googleusercontent.com
Software
openresty /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ww1.downscrs.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

access-control-allow-origin
*
date
Sun, 16 Jan 2022 08:13:05 GMT
via
1.1 google
server
openresty
alt-svc
clear
log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
www.youtube.com/youtubei/v1/ Frame AFEF
28 B
54 B
XHR
General
Full URL
https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/18da33ed/www-embed-player.vflset/www-embed-player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
application/json
X-YouTube-Utc-Offset
0
X-YouTube-Client-Name
56
Referer
https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
X-YouTube-Client-Version
1.20220112.01.00
X-YouTube-Time-Zone
Etc/Unknown
X-Goog-Visitor-Id
Cgs4MlljcVM2aFBJUSiQp4-PBg%3D%3D
X-YouTube-Ad-Signals
dt=1642320784341&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C980%2C490&vis=1&wgl=true&ca_type=image

Response headers

date
Sun, 16 Jan 2022 08:13:07 GMT
content-encoding
br
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
vary
Origin, X-Origin, Referer
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31
x-xss-protection
0
expires
Sun, 16 Jan 2022 08:13:07 GMT
pica.js
ww1.downscrs.xyz/cdn-cgi/challenge-platform/h/b/scripts/
23 KB
8 KB
Other
General
Full URL
https://ww1.downscrs.xyz/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Requested by
Host: ww1.downscrs.xyz
URL: https://ww1.downscrs.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6d1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a99c937572dd74c325d27999f2b507a9a78edacc05bbe3f2f282fd0049a04ebf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ww1.downscrs.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 08:13:08 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IP5B6r48Y5ndqeoG8PW5S%2B9bkCn8%2By1MHajpifOTPw8tqwaEaKZXhGOa0sFGpKmREvYiWn%2B3krOxpr6TZEVk%2B4%2F1gdGZDIyndETnAJNlJXwng5QHQ7nBflru1e9rU1KmimfJfMmWS5KnSvi1WDir"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=604800, public
x-control-type-options
nosniff
cf-ray
6ce5e200ef4c4e8b-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
result?req_id=6ce5e1e7bfb04e8b
ww1.downscrs.xyz/cdn-cgi/challenge-platform/h/b/cv/
2 B
581 B
XHR
General
Full URL
https://ww1.downscrs.xyz/cdn-cgi/challenge-platform/h/b/cv/result?req_id=6ce5e1e7bfb04e8b
Requested by
Host: ww1.downscrs.xyz
URL: https://ww1.downscrs.xyz/cdn-cgi/challenge-platform/h/b/scripts/invisible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6d1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
https://ww1.downscrs.xyz/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 16 Jan 2022 08:13:09 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jl7gzp%2F4%2FHTULlGNni7kSjxjbSam5oV1oabp55TrZUzSxoelW%2Bvvm7l8YsaFQCHI%2BDKf2dqMGuQIiWtCeTn%2FgOo647P0Jqc0hyPbe3qxB%2F9FmJ%2F1oljUcwhzDRwRVwk7tyc3%2B%2F21J4m%2FQLpr1HaJ"}],"group":"cf-nel","max_age":604800}
content-type
text/plain;charset=UTF-8
cf-ray
6ce5e2034c094e8b-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
2

Verdicts & Comments Add Verdict or Comment

38 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| onsecuritypolicyviolation object| onslotchange object| zoneNativeSett object| urls function| acPrefetch object| nativeInit object| nativeForPublishers object| wp object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state boolean| _gfp_a_ object| adsbygoogle string| google_user_agent_client_hint object| _0x50db function| _0x48ba function| setupAd object| CTABPuNative object| _0x32b6 function| _0xda00 object| CTAHKA function| ufpAttach boolean| wait function| native_request string| zone object| adcashUfp function| jsonp897515 object| __CF$cv$params function| __cf_worker_run_after_load function| __cf_run_after_load

4 Cookies

Domain/Path Name / Value
.youtube.com/ Name: YSC
Value: IlZib4lNuUU
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: 82YcqS6hPIQ
.ufpcdn.com/ Name: __cf_bm
Value: x0lwdceousjHJ4rBIHqSvY65e5Kl2gLHTVUildHt45Q-1642320785-0-AcujtJjgt8AxVEHzOT2sDaCQV04+vx+mOHiRYJYJ07S6hHzqc8XBnJvQBjdcz1HmY5zXOtqzNOvjaIhfJcISJkU=
ww1.downscrs.xyz/ Name: adcashufpv3
Value: 170163145315294576811805554505

1 Console Messages

Source Level URL
Text
network error URL: https://urgesick.com/68/88/1d/68881dd8b72caf0194422455d0b10d44.js
Message:
Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

discovernative.com
fonts.gstatic.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
static.doubleclick.net
superonclick.com
ufpcdn.com
urgesick.com
ww1.downscrs.xyz
www.youtube.com
130.211.31.231
192.243.59.13
2606:4700:3030::6815:2ed2
2606:4700:3037::ac43:bd78
2606:4700:e0::ac40:6d1c
2a00:1450:4001:801::2002
2a00:1450:4001:811::2002
2a00:1450:4001:811::2006
2a00:1450:4001:82b::200e
2a00:1450:4001:830::2003
08f71e3dfe76ba6bd96a9474751c9baaf5fd53a3ca529cc6dd8bfb2efdfce74e
0b4014c003b449522f11c0c157866d9abbb9097362d17c536f50f1ea8741fb47
0f5f4b730907675018b1e42156f20ad3744dac0ace5697fd8102f2c83ff1c08f
10055ac3c9d72bba0edcf7813858f543e085183da9a554fe1cded14a7dc1b00f
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
425af8c8a91e02519947b7ba05781052c0decfb8703586f047ec492938deece7
425b48211e0ebe795b6ead9ec2f1bcd9e04e9930a7dd30e08cdb2fef0bcb834c
52595350c9e49b79c721e08c18e65865edf7a829f1b7543691c6ac8ce851ea2d
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
7965b4334f08b3c398843d721ab3b5535461f4183ec6bb0923d1ae092b9cfd51
86ea650a565cf3d49c3ab57e362cc705da57b7c4328d49ef6cbae7adc6b8cc07
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
91417fb0c56102a0b3604318926aa42112d650d6a182805d44a19374b32a413d
94d87c975893b50fbf42dc1c1120c9f248d995e2bc04ae3537d639bb4b9c9fd3
a99c937572dd74c325d27999f2b507a9a78edacc05bbe3f2f282fd0049a04ebf
bfd1c401f85a0fd4319ecc0bcb96ab96857dde344d688d72cdc7a2e76771d2e0
d72743788e3208d8963ecf1c530712eb02493222a40fde522a4e712473d9ac62
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
e282545f9f7c4117db91f8a2c33e5a1dad31f3c6edbe74b9776c1f8b85c166bd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb22ff6d3ebaa2ec79921696a704f2126bb7c5c5e52537dfb3b2e00e3ee34a63
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ffb16355784a4a89472be6cb28c3408234ec0518326a3a1908797b8d8c78a76a