2u.pw Open in urlscan Pro
2606:4700:3108::ac42:2b72 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://2u.pw/R49ES
Effective URL:
https://2u.pw/R49ES
Submission: On February 10 via manual (February 10th 2023, 4:43:25 pm UTC) from US — Scanned from DE

Summary HTTP 66 Redirects Behaviour Indicators

Summary

This website contacted 18 IPs in 4 countries across 14 domains to perform 66 HTTP transactions. The main IP is 2606:4700:3108::ac42:2b72, located in United States and belongs to CLOUDFLARENET, US. The main domain is 2u.pw.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 14th 2022. Valid for: a year.

This is the only time 2u.pw was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 22	2606:4700:310... 2606:4700:3108::ac42:2b72	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:400d:80c::200a	15169 (GOOGLE) (GOOGLE)
1	54.39.20.207 54.39.20.207	16276 (OVH) (OVH)
1	2606:4700::68... 2606:4700::6810:3865	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:400d:80a::2003	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400d:80e::2008	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:400d:802::2002	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400d:803::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:80b::2001	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:400d:80c::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400d:803::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400d:807::2002	15169 (GOOGLE) (GOOGLE)
66	18

22 2606:4700:3108::ac42:2b72 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

2u.pw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:80c::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.39.20.207 (Beauharnois, Canada)

ASN16276 (OVH, FR)
PTR: edge02.devgrid.net

api.miniature.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3865 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:80a::2003 (Ireland)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:80e::2008 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:400d:802::2002 (Ireland)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:803::2002 (Ireland)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:80b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:80c::2004 (Ireland) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:803::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:807::2002 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	2u.pw 2 redirects 2u.pw	166 KB
17	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 105 tpc.googlesyndication.com — Cisco Umbrella Rank: 140	237 KB
7	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 196	28 KB
6	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 29	38 KB
5	gstatic.com fonts.gstatic.com www.gstatic.com	78 KB
3	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 67 www.google.com — Cisco Umbrella Rank: 2	2 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 32	2 KB
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 186	48 KB
1	google.de adservice.google.de — Cisco Umbrella Rank: 8800	531 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 854	599 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2453	247 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 41	77 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 925	6 KB
1	miniature.io api.miniature.io	23 KB
66	14

	Domain	Requested by
22	2u.pw	2 redirects 2u.pw static.cloudflareinsights.com
10	pagead2.googlesyndication.com	2u.pw pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
7	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net
7	cdnjs.cloudflare.com	2u.pw
6	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
3	www.gstatic.com	googleads.g.doubleclick.net
2	www.google.com	1 redirects tpc.googlesyndication.com
2	fonts.gstatic.com	fonts.googleapis.com
2	fonts.googleapis.com	2u.pw googleads.g.doubleclick.net
1	www.googletagservices.com	googleads.g.doubleclick.net
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	region1.google-analytics.com	www.googletagmanager.com
1	www.googletagmanager.com	2u.pw
1	static.cloudflareinsights.com	2u.pw
1	api.miniature.io	2u.pw
66	17

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-14` - `2023-06-14`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh

This page contains 9 frames:

Primary Page: https://2u.pw/R49ES
Frame ID: BFB5F14765A77D0713643BAD293D24F7
Requests: 37 HTTP requests in this frame

Frame: https://2u.pw/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1676044800
Frame ID: DBEFB55F183BD9F2EBC5747ECE5FC3F1
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230207/r20190131/zrt_lookup.html
Frame ID: B826BF0C037B9F6DAED639BEA46B582A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2584973940963728&output=html&adk=293675617&adf=814277786&lmt=1676047402&plat=1%3A16777216%2C2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x810_r&format=0x0&url=https%3A%2F%2F2u.pw%2FR49ES&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676047402623&bpp=4&bdt=1337&idt=185&shv=r20230207&mjsv=m202302020101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6082201758744&frm=20&pv=2&ga_vid=1309867206.1676047403&ga_sid=1676047403&ga_hid=802557459&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C31072226%2C31072296%2C21065724&oid=2&pvsid=2595683066498867&tmod=2030564263&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=206
Frame ID: 6F6F25561AB771A810A014207938F56B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2584973940963728&output=html&h=280&slotname=2057390652&adk=3095248126&adf=544870902&pi=t.ma~as.2057390652&w=728&fwrn=4&fwrnh=100&lmt=1676047402&rafmt=1&format=728x280&url=https%3A%2F%2F2u.pw%2FR49ES&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676047402627&bpp=2&bdt=1341&idt=209&shv=r20230207&mjsv=m202302020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6082201758744&frm=20&pv=1&ga_vid=1309867206.1676047403&ga_sid=1676047403&ga_hid=802557459&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C31072226%2C31072296%2C21065724&oid=2&pvsid=2595683066498867&tmod=2030564263&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=GOpTxIk0YQ&p=https%3A//2u.pw&dtd=213
Frame ID: 25DB655E5650D5E82007E4F8FF48D223
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 498AC6F0077530939D28E15712897733
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 92B23D55F715D9D6CC744C0BEFE5F90A
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: A7261D78337846192269058F465B504B
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/qd5KMEVePpT1ECIYP18qBYKfQjivfqNOtA0cTjFsQVM.js
Frame ID: 599E1507879017E0AABD43CB915C9D5C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sales indoor - 2UPW | اختصار الروابط

Page URL History Show full URLs

http://2u.pw/R49ES HTTP 301
https://2u.pw/R49ES Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Clipboard.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

clipboard(?:-([\d.]+))?(?:\.min)?\.js

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Osano (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cookieconsent\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery DevBridge Autocomplete (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

/jquery\.devbridge-autocomplete/([0-9.]+)/jquery\.autocomplete(?:.min)?\.js

Page Statistics

66
Requests

98 %
HTTPS

94 %
IPv6

14
Domains

17
Subdomains

18
IPs

4
Countries

704 kB
Transfer

1894 kB
Size

9
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://2u.pw/R49ES HTTP 301
https://2u.pw/R49ES Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://2u.pw/R49ES/i HTTP 302
https://api.miniature.io/?width=800&height=600&screen=1024&url=https%3A%2F%2Fdocs.google.com%2Fforms%2Fd%2F1MN8J8eCKyltY4o6Q2GqGqrz9xlsSi1q-wF9JEQMUntY%2Fedit

Request Chain 62

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

66 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request R49ES Show response
2u.pw/
Redirect Chain

http://2u.pw/R49ES
https://2u.pw/R49ES

14 KB
6 KB

856ms
834ms

Document
text/html

2606:4700:3108::ac42:2b72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://2u.pw/R49ES

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23d4f07d80b8892ad0d2a5d6fce809976f976287b1000cf63f40698f8533fe57

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 79764d9cdb7a30f0-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 10 Feb 2023 16:43:21 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x0GPZlY0xfLy0mBmNT%2FOE9WWRIlSDIO9snB%2FYpkFhQm5oyxlbLu%2B9cHUyg2gMseOC72KU3JdBeWVw3RtyDffTy4RIIVfH641vbJ07sZujD8o72yz0OgE537pwwVrwhBu1%2Fkq"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-turbo-charged-by: LiteSpeed

Redirect headers

CF-RAY: 79764d9c7820364f-FRA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Fri, 10 Feb 2023 16:43:20 GMT
Expires: Fri, 10 Feb 2023 17:43:20 GMT
Location: https://2u.pw/R49ES
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZjSfzOd5tecbT79zPzUy7ayVjcqLZwqlw0vdV8e8R2H8wUItU%2BfZBzoSdobcFg%2FJHg%2F6Hqf7x5%2BMoQTwjFg34qb3FzF%2BVpV5gdBCuN9UyLywAqwHR8nTCDiAnaSNEQuScBJQ"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Server-Timing: cf-q-config;dur=7.9999999798019e-06
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 bootstrap.min.css
2u.pw/static/css/ 89 KB
16 KB 24ms
21ms Stylesheet
text/css 2606:4700:3108::ac42:2b72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://2u.pw/static/css/bootstrap.min.css
Requested by: Host: 2u.pw
URL: https://2u.pw/R49ES
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3108::ac42:2b72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fa9a3880a0d54a4bd990e2f63278be581b068336f34a39863e47ba65774d82d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/R49ES
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2202563
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sun, 14 Aug 2022 21:31:09 GMT
server: cloudflare
etag: W/"16322-62f9699d-519bd43f4b6e014c;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hOcfGzcAtnf8aRF5m4zw74ox7IKW9%2FCvdhHShyJEbOFYFW5C620f5ik8oIvBQ3haXBfj6ToQnq9B8tMjSyyKcF9Q1N2x5Gc9rXgiQ0Z1vW1errK9EXeAXg9Qxp0%2F%2FEpOqgfi"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
platform: hostinger
cf-ray: 79764da21abd30f0-FRA
expires: Fri, 06 Jan 2023 09:44:30 GMT

GET
H2 200 style.css
2u.pw/themes/cleanex68/ 66 KB
12 KB 22ms
21ms Stylesheet
text/css 2606:4700:3108::ac42:2b72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://2u.pw/themes/cleanex68/style.css
Requested by: Host: 2u.pw
URL: https://2u.pw/R49ES
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3108::ac42:2b72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 736442f06007c0f94fda57f6c64507d79e8158a92d89e8b13da7f2fb8c425307

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/R49ES
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 798706
cf-polished: origSize=79651
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sun, 14 Aug 2022 21:31:09 GMT
server: cloudflare
etag: W/"13723-62f9699d-7db72dee5b3f77e3;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bU2qIs7wNUoQrvgxt%2BBWVXNGYzmzzenFNn0z6C6EFenMsbEOu%2BGecz8nYk6M308bla%2B%2BtMMyKerwCeqmTAy71aqT%2BWRPaO6%2FBIVSNxds3bZjU5wrI93%2FoEaq86qFtwJhfpoZ"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
platform: hostinger
cf-ray: 79764da21ac030f0-FRA
expires: Mon, 06 Feb 2023 12:09:37 GMT

GET
H2 200 components.min.css
2u.pw/static/css/ 19 KB
3 KB 21ms
19ms Stylesheet
text/css 2606:4700:3108::ac42:2b72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://2u.pw/static/css/components.min.css

Requested by

Host: 2u.pw
URL: https://2u.pw/R49ES

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c19df610d2b937c34facbe5517c48054fd3695a18e69fa1ac94084aa61d5079

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/R49ES
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 798705
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sun, 04 Jul 2021 14:03:53 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Peyf7d0BKuKktzT2suMRg8Gs6yVjd6%2F%2BFbEE%2B25pf6ynHwxaI40WEsrdCuLPo9v82Pm3%2FIaIq%2FOt2u8iGOalTKZ5hj6Z4JkialTWkUZlCgFhMg8aJOdlVgAkLw08AEDt8rJh"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 79764da21ac130f0-FRA
expires: Tue, 31 Jan 2023 19:10:20 GMT

GET
H2 200 fa-all.min.css
2u.pw/static/css/ 56 KB
12 KB 27ms
26ms Stylesheet
text/css 2606:4700:3108::ac42:2b72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://2u.pw/static/css/fa-all.min.css

Requested by

Host: 2u.pw
URL: https://2u.pw/R49ES

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74d66add22660b12e57cf4a9e1c2fe4fcc8708e052ec75b62b1e9428968fc90d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/R49ES
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2202563
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sun, 04 Jul 2021 14:03:53 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FUZoo6eBdpvEZE7i%2FvKafltKq1uOc7t0d63KGJfNPk%2FoBYfVxP%2FBYrtsxPTExuGgZ7ZK%2FRe5JusB7nkcsbeXlyIS6ox1BQ92Cg5ST50N1gc4%2FxIX%2FekRA7y82mLZ8hHC2r2W"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 79764da21ac230f0-FRA
expires: Fri, 06 Jan 2023 11:05:26 GMT

GET
H2 200 cookieconsent.min.css
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/ 4 KB
2 KB 32ms
13ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css?v=3.0.3

Requested by

Host: 2u.pw
URL: https://2u.pw/R49ES

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1362112
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 948
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-f62"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t87SHrdonVxuBLwymgcWHFysQZYmZx21oFmaLoB%2BYCOBkVL8KaxAzzrqh5vK1k9lzt%2B9W0Ojurh%2BoB1N5rpCRIdXSPWRDmcUFBI6%2FO0SeG5tlwNIrtIW0nH04bHSGzeCCE%2BJu1a6Ce1BGdGn20SUmm0Z"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79764da239fd30e8-FRA
expires: Wed, 31 Jan 2024 16:43:21 GMT

GET
H2 200 css
fonts.googleapis.com/ 532 B
803 B 117ms
42ms Stylesheet
text/css 2a00:1450:400d:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Noto+Sans+Arabic

Requested by

Host: 2u.pw
URL: https://2u.pw/R49ES

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

56a63c371309ec7dbf0942ccae507b30de140df862a0619a5d84db772a2b76a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 10 Feb 2023 16:43:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 10 Feb 2023 16:43:21 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 10 Feb 2023 16:43:21 GMT

GET
H2

200

/
api.miniature.io/
Redirect Chain

https://2u.pw/R49ES/i
https://api.miniature.io/?width=800&height=600&screen=1024&url=https%3A%2F%2Fdocs.google.com%2Fforms%2Fd%2F1MN8J8eCKyltY4o6Q2GqGqrz9xlsSi1q-wF9JEQMUntY%2Fedit

23 KB
23 KB

386ms
96ms

Image
image/png

54.39.20.207
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.miniature.io/?width=800&height=600&screen=1024&url=https%3A%2F%2Fdocs.google.com%2Fforms%2Fd%2F1MN8J8eCKyltY4o6Q2GqGqrz9xlsSi1q-wF9JEQMUntY%2Fedit
Requested by: Host: 2u.pw
URL: https://2u.pw/R49ES
Protocol: H2
Server: 54.39.20.207 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: edge02.devgrid.net
Software: openresty /
Resource Hash: 45024d41846a2594d90f9942d9e3b4f068eed7e2b33761e53a4aca99a372e720

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:22 GMT
server: openresty
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
x-response-type: content
cache-control: max-age=86400
access-control-allow-headers: X-Requested-With

Redirect headers

date: Fri, 10 Feb 2023 16:43:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: no-cache
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://api.miniature.io/?width=800&height=600&screen=1024&url=https%3A%2F%2Fdocs.google.com%2Fforms%2Fd%2F1MN8J8eCKyltY4o6Q2GqGqrz9xlsSi1q-wF9JEQMUntY%2Fedit
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0qwbvqXRRCZJauhASScurIS3j%2FfV3%2FBZ%2FcaChLO%2FE8C534O1tzF1unNyeYX0gXQV0lN6nFZuOpwgrWli%2FENSfhkL6E8DBx5f00g0RzWqMjZRQxvZ5dvjpj9U54ylce0BCGzU"}],"group":"cf-nel","max_age":604800}
cache-control: no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
cf-ray: 79764da23d81927f-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3 200 rocket-loader.min.js Show response
2u.pw/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 11ms
10ms Script
application/javascript 2606:4700:3108::ac42:2b72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://2u.pw/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: 2u.pw
URL: https://2u.pw/R49ES

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:2b72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/R49ES
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 09 Feb 2023 12:46:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"63e4eb3a-302c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6IVlfDbrIzmpPP9VVl3Yn6bVE5uQn62Dmn6PBEs5SsigGzBBUk%2FKVEVKJCF0C1fOz9jGvmeJUUJSzx2hTOh5I0jR9plA6kMFvGld1DHlzJea2NgmNGClWP4cbLmh5iszkHzt"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 79764da23d83927f-FRA
expires: Sun, 12 Feb 2023 16:43:21 GMT

GET
H2 200 vaafb692b2aea4879b33c060e79fe94621666317369993 Show response
static.cloudflareinsights.com/beacon.min.js/ 17 KB
6 KB 59ms
43ms Script
text/javascript 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
Requested by: Host: 2u.pw
URL: https://2u.pw/R49ES
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3

Request headers

Referer: https://2u.pw/
Origin: https://2u.pw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:21 GMT
content-encoding: gzip
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
server: cloudflare
etag: W/2022.10.1
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 79764da2590f2bd7-FRA

GET
H2 200 nwpxtLGrOAZMl5nJ_wfgRg3DrWFZWsnVBJ_sS6tlqHHFlhQ5l3sQWIHPqzCfyGyfuXqA.woff2
fonts.gstatic.com/s/notosansarabic/v18/ 27 KB
27 KB 83ms
20ms Font
font/woff2 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosansarabic/v18/nwpxtLGrOAZMl5nJ_wfgRg3DrWFZWsnVBJ_sS6tlqHHFlhQ5l3sQWIHPqzCfyGyfuXqA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans+Arabic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61924af235b4d15643a54de7334e042d95edbd1b518a0fe705855d715ef15797

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://2u.pw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Thu, 09 Feb 2023 16:54:50 GMT
x-content-type-options: nosniff
age: 85711
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27156
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:04:08 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Feb 2024 16:54:50 GMT

GET
H3 200 glyphicons-halflings-regular.woff
2u.pw/static/fonts/ 23 KB
23 KB 24ms
23ms Font
font/woff 2606:4700:3108::ac42:2b72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://2u.pw/static/fonts/glyphicons-halflings-regular.woff

Requested by

Host: 2u.pw
URL: https://2u.pw/static/css/bootstrap.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:2b72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://2u.pw/static/css/bootstrap.min.css
Origin: https://2u.pw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 791326
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 23320
last-modified: Sun, 04 Jul 2021 14:03:53 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: font/woff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bXbyAjnY1NFOm%2FfcYqsVamvWZVyfcDOvpp9oHiVsg00arkwtNnOujTN21AchwhjOs%2F5R%2FG1Efcg9GfBsCAkdN6sRYjVdT2R8SzLzWVep9Qb7dwljegFhRvVHOSmV8y4inL%2Bg"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=432000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 79764da2febb927f-FRA

GET
H3 200 main.js Show response
2u.pw/themes/cleanex68/assets/js/ 794 B
792 B 27ms
27ms Script
application/x-javascript 2606:4700:3108::ac42:2b72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://2u.pw/themes/cleanex68/assets/js/main.js
Requested by: Host: 2u.pw
URL: https://2u.pw/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3108::ac42:2b72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 08ec63812b5c543fbc24b98cf05328d849347f0dc0b2cbdf9bc463435b5ad1f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/R49ES
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 796973
cf-polished: origSize=892
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sun, 14 Aug 2022 21:31:09 GMT
server: cloudflare
etag: W/"37c-62f9699d-b2855adef66422ed;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tPeY14JPNL0F1huI5VN14xxnFXh03l%2B8R3Gqmn%2F8AspWJ58ivsKSyZ5MyrbPpGXFEQyYCqeWvg9uaSDplNVbZY2U7W0IepMiJjWls1N4fdmHvYwguJgabKUOV6od9Ww7tl8P"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
platform: hostinger
cf-ray: 79764da30ed3927f-FRA
expires: Mon, 06 Feb 2023 12:41:22 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 146 KB
49 KB 95ms
54ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2584973940963728

Requested by

Host: 2u.pw
URL: https://2u.pw/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5ca05a5394ff4d4974d6ac3bde7629c0261c8403eaf2ab463da552c7a33218dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2u.pw/
Origin: https://2u.pw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49932
x-xss-protection: 0
server: cafe
etag: 163421870474824677
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 10 Feb 2023 16:43:21 GMT

GET
H3 200 server.js Show response
2u.pw/static/ 8 KB
3 KB 27ms
24ms Script
application/javascript 2606:4700:3108::ac42:2b72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://2u.pw/static/server.js

Requested by

Host: 2u.pw
URL: https://2u.pw/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:2b72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a7c3e55eaa9ecaa4ca4a2ebffc199b1d3b5c4c568e832a107811ca61db66bcbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/R49ES
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 570972
cf-polished: origSize=12439
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sun, 04 Jul 2021 14:03:53 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yjmTCqkqSXW2ZY8cX15fx6BwpTTaYYvJgUUms2d7Yeul0pxeGBBbUGxo7WZASA%2BqT4y90FhRw0hO0ynyNwa%2Fi4%2BaBh4TX92n%2BAB3TX%2BzWe0q%2Fvp%2FFHpSLbGezWRgsLQ0Y0Ad"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 79764da30ed9927f-FRA
expires: Sat, 11 Feb 2023 00:08:11 GMT

GET
H3 200 application.js Show response
2u.pw/static/ 15 KB
5 KB 27ms
25ms Script
application/javascript 2606:4700:3108::ac42:2b72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://2u.pw/static/application.js

Requested by

Host: 2u.pw
URL: https://2u.pw/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:2b72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

171ca22825d9d3284a7e20e85120854bc2bf6fb15b821ce6bed382f14ff51c29

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/R49ES
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 569353
cf-polished: origSize=20067
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sun, 04 Jul 2021 14:03:53 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dfl82B84FcFT6R%2BkDexnda45NWN1puXf%2F4%2F%2FjKZGeLtTl70ZhfaUSjp%2BkSSGiM0IAVA%2B%2Fj7yRBTUwtNipWbjcDQ0f4n1IAhudeLAV8XSquVou66RjSwmvV2FED3shsjY4dT5"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 79764da30edb927f-FRA
expires: Mon, 30 Jan 2023 16:29:49 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 218 KB
77 KB 115ms
51ms Script
application/javascript 2a00:1450:400d:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-DWHT9BK0F8

Requested by

Host: 2u.pw
URL: https://2u.pw/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8dfa44186f88c359a2b2e79781647f589ebcef0fe3b8c22e1471eb7fb2cda53f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:21 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 78009
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 10 Feb 2023 16:43:21 GMT

GET
H2 200 pace.js Show response
cdnjs.cloudflare.com/ajax/libs/pace/0.4.17/ 25 KB
5 KB 15ms
12ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/pace/0.4.17/pace.js?v=0.4.17

Requested by

Host: 2u.pw
URL: https://2u.pw/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a898f00aabf0e5632b47a59e092c4662c8cbda0c33ea6d0d424cbced57e3ee72

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1353965
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5158
last-modified: Mon, 04 May 2020 16:13:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03f40-621b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ufitQJATBueHdL4VLtXj3YJy9UCX%2FCA4339uB674MOCyquC0ZoNeBak649JOGYfzqso%2FYqP3QXmAcQuI2eDE%2FvdTED2jyn2ChfbEFoYp4XM4cZO2aoNLOa96%2BeEaZb33Xz0ZCpPgL6%2FhZS9EgL%2Bf4Xyv"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79764da30afd30e8-FRA
expires: Wed, 31 Jan 2024 16:43:21 GMT

GET
H2 200 jquery.autocomplete.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.devbridge-autocomplete/1.4.10/ 13 KB
4 KB 16ms
13ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.devbridge-autocomplete/1.4.10/jquery.autocomplete.min.js?v=1.1.5

Requested by

Host: 2u.pw
URL: https://2u.pw/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6ff6d4624a5c8140cbc19107aa372a233907f8e6e4d55d002d20cae682a575f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 580043
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3860
last-modified: Mon, 04 May 2020 16:11:46 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec2-331b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jtyYZ5zsfEfblq8Osz8Wd4o3kKdY2T%2FvVVwko82zpouWsCnp8Kt%2FvFOKpzM80oqjgNoaKyrQOOpF%2Fsvd3JJkl0ExTKtM31pOHY8BrjArzv3%2F%2FE2NoZNyvbRFmbSrGYINSbAbMd8%2FTRR5YFys2lyaQZDc"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79764da30afe30e8-FRA
expires: Wed, 31 Jan 2024 16:43:21 GMT

GET
H2 200 cookieconsent.min.js Show response
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/ 19 KB
6 KB 17ms
15ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js?v=3.0.3

Requested by

Host: 2u.pw
URL: https://2u.pw/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1508964
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5676
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-4d5a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PzzJiDUm1T77rP2sYIHCzljmQpdkxwwsYB0nsWDggSe283sT9z2aiC4OaeopDbxqevqxh2Ocnv3oOSwMVH26disN0C%2FV%2BYfKohlQIUNECnH%2BauiTBStaxcJ1igbw5IBhinCZDqox8M08jSFAIpru46jo"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79764da30aff30e8-FRA
expires: Wed, 31 Jan 2024 16:43:21 GMT

GET
H2 200 clipboard.min.js Show response
cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.5.15/ 10 KB
3 KB 16ms
14ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.5.15/clipboard.min.js?v=1.5.15

Requested by

Host: 2u.pw
URL: https://2u.pw/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08e5970dcee7ecf02ab04df2d6be02568a71594f4923491e9f3e8ae3306a853f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 83658
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2906
last-modified: Mon, 04 May 2020 16:09:13 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e29-2824"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p32broDtA01Y%2FTbQqmKaf6ReEg63m9vaxoRnbeO%2FnR6z5ONE2gRAtwq0VJ9g%2FoUfu6E0gdsT%2BTcGVazcs11LJfEHvwigHHNZH6vKlHBPE0IXCFEcekMuevCf7vSppf9iLlCG7txquCHHN6sijXB%2FIIZJ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79764da30b0030e8-FRA
expires: Wed, 31 Jan 2024 16:43:21 GMT

GET
H2 200 icheck.min.js Show response
cdnjs.cloudflare.com/ajax/libs/iCheck/1.0.1/ 4 KB
2 KB 17ms
14ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/iCheck/1.0.1/icheck.min.js?v=1.0.1

Requested by

Host: 2u.pw
URL: https://2u.pw/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6102d725c22f9bf27ef542ceae070843153f3e0926b89820a75f29b107e33cb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 580983
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1911
last-modified: Mon, 04 May 2020 16:11:10 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e9e-11a4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dLNAosHT%2FpyLwvqbE6FK1XVest3PZXnU%2F0lWodWwKgxgacBcNSdks3j791vSTcajuV2K7s78udYqRsj%2BIvvP%2F%2FEcR2NYygCxDWVlFzNdHb4k8nwfRK5kIJrjU1eneFakKxDX4vNKtJ%2BQWok7DwAA4tnW"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79764da30b0130e8-FRA
expires: Wed, 31 Jan 2024 16:43:21 GMT

GET
H2 200 chosen.jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/chosen/1.1.0/ 26 KB
6 KB 15ms
12ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/chosen/1.1.0/chosen.jquery.min.js?v=1.1.0

Requested by

Host: 2u.pw
URL: https://2u.pw/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c7e07dfb2d7437793e8b1ed577739a8bd55558df14aa7234714675ba53f71ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 81501
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5483
last-modified: Mon, 04 May 2020 16:09:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e23-6956"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h5Z32BeXO7WKKiQyeNahny9ERd%2B2f%2FZjGL%2FO%2FZbDo9iSSLHw%2BeARjCh%2FqxMhNWH99rbBDo5Y7awMnQYHvUQFH6R2HAfYLtsSCGbYXpgHRQBb5u9b4u3QCTL4WYLx1Kr%2BL6oKsw2v%2BeV6kqtjIj%2BO%2F9EX"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79764da30b0330e8-FRA
expires: Wed, 31 Jan 2024 16:43:21 GMT

GET
H3 200 application.fn.js Show response
2u.pw/static/ 3 KB
2 KB 27ms
25ms Script
application/javascript 2606:4700:3108::ac42:2b72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://2u.pw/static/application.fn.js

Requested by

Host: 2u.pw
URL: https://2u.pw/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:2b72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

877de2ffab95719d6ff1f1048fa912e70ee31879a2a31f868eb5b1770252d8fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/R49ES
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 569352
cf-polished: origSize=4495
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sun, 04 Jul 2021 14:03:53 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=idlmfqrBkGITmRC8bE%2Fmp0MejY%2BSpSkJyMbOp4A2xzxCvg%2BofnxC6FH64hw5Kdp5ePlzKQuxvoqZDWPC%2FYpILc4pgSNmP3BpN75aEAM1GZktZ16Zw3naR3hvJjGySgd%2B2dVK"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 79764da30edc927f-FRA
expires: Mon, 30 Jan 2023 16:29:49 GMT

GET
H3 200 bootstrap.min.js Show response
2u.pw/static/ 3 KB
2 KB 19ms
17ms Script
application/x-javascript 2606:4700:3108::ac42:2b72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://2u.pw/static/bootstrap.min.js
Requested by: Host: 2u.pw
URL: https://2u.pw/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3108::ac42:2b72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f7244cb694f7f667a5f3668a79844fc6159e3922363f0423d9b09872680f372

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/R49ES
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 796973
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sun, 14 Aug 2022 21:31:09 GMT
server: cloudflare
etag: W/"d61-62f9699d-c9eca7450c3301e;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BEfj9ASj1eXt7ruqT7g0e1nPGAYjeAAy1AgEZydgdlsIbY%2Bd3xRcFqwAJCgex5XXyiyBO4r5oJPa4kNs6h7b9UUrqkatHJav0wDgUbQOFkgUiV92SyXy97j7R6TTU7uIwnnN"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
platform: hostinger
cf-ray: 79764da30edd927f-FRA
expires: Tue, 31 Jan 2023 19:05:09 GMT

GET
H3 200 jquery.min.js Show response
2u.pw/static/js/ 82 KB
30 KB 27ms
25ms Script
application/javascript 2606:4700:3108::ac42:2b72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://2u.pw/static/js/jquery.min.js

Requested by

Host: 2u.pw
URL: https://2u.pw/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:2b72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05a8a5125b36da55ff02702436ee672fa3ddd45ccebd499a8fbff0461c8cba10

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/R49ES
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 796973
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sun, 04 Jul 2021 14:03:53 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N2vofX8pU9GujDCKYiYA5lLQn6U0Cc3%2Faz0fkF2WLwFTv2hl%2F95Vaq0GgV%2BKV96uCKGN1jzky%2BhkV57A6pN1MXfAYPbKvGY0UOufR%2F9bqS52KZozRBOIRGPX4EGvJ8G9UzuK"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 79764da30ede927f-FRA
expires: Mon, 30 Jan 2023 16:29:49 GMT

GET
H3 200 invisible.js Show response
2u.pw/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame DBEF 33 KB
14 KB 15ms
15ms Script
application/javascript 2606:4700:3108::ac42:2b72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://2u.pw/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1676044800
Requested by: Host: 2u.pw
URL: https://2u.pw/R49ES
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3108::ac42:2b72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dbce33b6b6c6ba95dd226a2d02b96262f061d43f77198ee60c55c2f23a7791af

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:21 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kAKJg4c6734B5iajEnwriN%2BOcu%2BlgoGWPN7Blc6U0dKSOl868XgQvxljtcGpXpTi8wwQZ8LG6ORzFU7A8JpDIeGghpSg5dT7SQtYY%2FlwdYba2kjQ26lSLarHNHSAvSH6gCcf"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 79764da30ee0927f-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 pica.js
2u.pw/cdn-cgi/challenge-platform/h/b/scripts/ Frame DBEF 21 KB
9 KB 12ms
12ms Other
application/javascript 2606:4700:3108::ac42:2b72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://2u.pw/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Requested by: Host: 2u.pw
URL: https://2u.pw/R49ES
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3108::ac42:2b72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d4e082c42c61ce287e6c53845e1b37efb631b6476dfccbad34f53b28025ef1da

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:21 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IM01SMB%2F4pclX8TZgV05tsAAHhPb4NZUcuhVWBJg6nFbpENEVnuL2%2FKzdxsjejo2vFr1C%2B6JaNfHNG20DfOyhTZGGjhyY62UnZFnnR6qBiUh4YHf41Z4DQvuS9Ua6MHLZxXR"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 79764da34f31927f-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H3 200 79764d9cdb7a30f0 Show response
2u.pw/cdn-cgi/challenge-platform/h/b/cv/result/ Frame DBEF 2 B
656 B 27ms
27ms XHR
text/plain 2606:4700:3108::ac42:2b72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://2u.pw/cdn-cgi/challenge-platform/h/b/cv/result/79764d9cdb7a30f0
Requested by: Host: 2u.pw
URL: https://2u.pw/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1676044800
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3108::ac42:2b72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 10 Feb 2023 16:43:21 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2tjn3L6Wj0Ny%2BHkbf8IWvd6NQVQwef58u7Aj9KLLdmFgLOZwIv3fiNrOFdmmGGRzvbrbmOwjpX%2F4wBqI%2B%2FDO96DTSYkWoplSrYb2C4iIti60NeUUVN67cuDr8oUucCTGtBdZ"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 79764da50951927f-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302020101/ 362 KB
119 KB 88ms
73ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302020101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2584973940963728&plah=2u.pw&bust=31072296

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2584973940963728

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee45121aa49f6f5192294cca55db6eba2a4834ec2c6bfb11f023909123179a84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121678
x-xss-protection: 0
server: cafe
etag: 9937572043808355799
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 10 Feb 2023 16:43:22 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230207/r20190131/ Frame B826 10 KB
5 KB 96ms
20ms Document
text/html 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230207/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2584973940963728

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2u.pw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 4809
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 10 Feb 2023 15:23:13 GMT
etag: 10353107486223812946
expires: Fri, 24 Feb 2023 15:23:13 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 invisible.js Show response
2u.pw/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame DBEF 31 KB
14 KB 14ms
13ms Script
application/javascript 2606:4700:3108::ac42:2b72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://2u.pw/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1676044800
Requested by: Host: 2u.pw
URL: https://2u.pw/R49ES
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3108::ac42:2b72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 59fef3498a144d5d17c89c4f97836510bd08473df49842e6e914de1473dfde36

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:22 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DoBm6VetYFRljOPkG2%2FRQG6pRirnkWAOcXTERzpQgIVV14Xi30EGKPeR57ZAdgkuqpuRh8ISRpPs3xCS2%2Fn2sJMtLVQBKFnd78zYmZC9sfnaJTuOSTp75KUSfcU027VNMlpb"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 79764daa8907927f-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H2 204 collect
region1.google-analytics.com/g/ 0
247 B 34ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-DWHT9BK0F8&gtm=45je3280&_p=802557459&cid=1309867206.1676047403&ul=en-us&sr=1600x1200&uaW=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1676047402&sct=1&seg=0&dl=https%3A%2F%2F2u.pw%2FR49ES&dt=Sales%20indoor%20-%202UPW%20%7C%20%D8%A7%D8%AE%D8%AA%D8%B5%D8%A7%D8%B1%20%D8%A7%D9%84%D8%B1%D9%88%D8%A7%D8%A8%D8%B7&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DWHT9BK0F8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Feb 2023 16:43:22 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://2u.pw
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 rum Show response
2u.pw/cdn-cgi/ 0
134 B 16ms
15ms XHR
text/plain 2606:4700:3108::ac42:2b72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://2u.pw/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:2b72 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://2u.pw/R49ES
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
content-type: application/json

Response headers

date: Fri, 10 Feb 2023 16:43:22 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://2u.pw
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 79764daac94e927f-FRA

GET
H3 200 pica.js
2u.pw/cdn-cgi/challenge-platform/h/b/scripts/ Frame DBEF 19 KB
8 KB 16ms
16ms Other
application/javascript 2606:4700:3108::ac42:2b72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://2u.pw/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3108::ac42:2b72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b5aec4aed4ba80ac34c0f0a576543b6a761ec3ffe6d0aee51e31a03d22294574

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:22 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ny%2FY3YgGHA8aWFpxERlCYh4UxI53o36nQrWQJG177CkjaGCsnjT1zOdHubpTMVSTtaT4vAu6kUWbag6kmuDlYODSJ4rUSMsSu%2BDX16EUwgc8xrq39a4PaLq7f0WL1dK%2BOVgx"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 79764daad96c927f-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 377 B
599 B 131ms
42ms Script
text/javascript 2a00:1450:400d:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=2u.pw&callback=_gfp_s_&client=ca-pub-2584973940963728

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302020101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2584973940963728&plah=2u.pw&bust=31072296

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3347a1866b5074aeb44720aba5b55be02153824db0d6c1e12e4905f9f1124762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 247
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 66ms
16ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=2u.pw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 50ms
14ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=2u.pw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2F2u.pw%2FR49ES&tn=DIV&cls=cc-window%20cc-floating%20cc-type-info%20cc-theme-classic%20cc-bottom%20cc-right%20cc-color-override-1971232268%20&ign=false&pw=1600&ph=1200&x=1575&y=1175

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Feb 2023 16:43:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2F2u.pw%2FR49ES&tn=DIV&cls=pace-progress&ign=false&pw=1600&ph=1200&x=0&y=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Feb 2023 16:43:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6F6F 0
188 B 110ms
109ms Document
text/html 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2584973940963728&output=html&adk=293675617&adf=814277786&lmt=1676047402&plat=1%3A16777216%2C2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x810_r&format=0x0&url=https%3A%2F%2F2u.pw%2FR49ES&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676047402623&bpp=4&bdt=1337&idt=185&shv=r20230207&mjsv=m202302020101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6082201758744&frm=20&pv=2&ga_vid=1309867206.1676047403&ga_sid=1676047403&ga_hid=802557459&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C31072226%2C31072296%2C21065724&oid=2&pvsid=2595683066498867&tmod=2030564263&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=206

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2u.pw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 10 Feb 2023 16:43:22 GMT
expires: Fri, 10 Feb 2023 16:43:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 55ms
54ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230207&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c3310222d966afb84f4bca398f220260e16bfca484ea04cd043320949c31775d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11068
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 25DB 91 KB
33 KB 989ms
989ms Document
text/html 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2584973940963728&output=html&h=280&slotname=2057390652&adk=3095248126&adf=544870902&pi=t.ma~as.2057390652&w=728&fwrn=4&fwrnh=100&lmt=1676047402&rafmt=1&format=728x280&url=https%3A%2F%2F2u.pw%2FR49ES&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676047402627&bpp=2&bdt=1341&idt=209&shv=r20230207&mjsv=m202302020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6082201758744&frm=20&pv=1&ga_vid=1309867206.1676047403&ga_sid=1676047403&ga_hid=802557459&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C31072226%2C31072296%2C21065724&oid=2&pvsid=2595683066498867&tmod=2030564263&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=GOpTxIk0YQ&p=https%3A//2u.pw&dtd=213

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

64c3c540b1134dffc629dd776dab42782b043a3b336a3a4d8f36d75b0c552f58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2u.pw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 33152
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 10 Feb 2023 16:43:23 GMT
expires: Fri, 10 Feb 2023 16:43:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 200 79764d9cdb7a30f0 Show response
2u.pw/cdn-cgi/challenge-platform/h/b/cv/result/ Frame DBEF 2 B
655 B 22ms
22ms XHR
text/plain 2606:4700:3108::ac42:2b72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://2u.pw/cdn-cgi/challenge-platform/h/b/cv/result/79764d9cdb7a30f0
Requested by: Host: 2u.pw
URL: https://2u.pw/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1676044800
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3108::ac42:2b72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 10 Feb 2023 16:43:23 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=StjE98E%2B8jRDDGjYWF1w87M6FKG%2FXpzjz2cMS8k4vXEYFyyPY2SzLF4xa7GZ4ZK43ZsCpcVWErkySWiyDV0fhiC5eeWDTyqtTQ2sCTAobvZ7fI7EAPnSmoz%2B6JNSv7g48edr"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 79764daccbe3927f-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 70ms
35ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 10 Feb 2023 16:43:23 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 498A 13 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2u.pw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 4974
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 10 Feb 2023 15:20:29 GMT
expires: Sat, 10 Feb 2024 15:20:29 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 92B2 783 B
1 KB 181ms
42ms Document
text/html 2a00:1450:400d:80c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

6e4d2fa96233c4de3e746df642d9340e09e301a8b21383bb6b199aa2fc343a49

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ipZysv5ZO_CoLgvFF07Vyw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://2u.pw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-ipZysv5ZO_CoLgvFF07Vyw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 10 Feb 2023 16:43:23 GMT
expires: Fri, 10 Feb 2023 16:43:23 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 qd5KMEVePpT1ECIYP18qBYKfQjivfqNOtA0cTjFsQVM.js Show response
pagead2.googlesyndication.com/bg/ Frame 498A 36 KB
14 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/qd5KMEVePpT1ECIYP18qBYKfQjivfqNOtA0cTjFsQVM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9de4a30455e3e94f51022183f5f2a05829f4238af7ea34eb40d1c4e316c4153

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 15:46:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3408
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14195
x-xss-protection: 0
last-modified: Mon, 30 Jan 2023 11:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 10 Feb 2024 15:46:35 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 498A 0
10 B 6ms
6ms Image
text/plain 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?w7m2ig
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:23 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 92B2 0
0 41ms
40ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230207&jk=2595683066498867&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 44ms
43ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230207&jk=2595683066498867&bg=!AQKlAlbNAAaq5O5FiuQ7ADkAdvg8WnzJigY0W0eTUuJBhKT_VqX3j4fWondKs39-UqbXo9rbTu23o3tlh2O6bxMNWLkI32HImd0CAAAAPlIAAAALaAEHCgAS_QI6C61CRgyu70ipaQ1Ol6AtmQKjdXs36M9K7IQY2kcEl74si6-yv1EHnPMXLdPqXYf23gSvsNyQmZpxzDLLWaX-yhDjC09c5s704smGiPE0TsSdcb3yM6WwxSXNkM8ESC-0KKCZDTomqZ3y7DLhjL6CRJEyoNOuCvpA7qH6y6C81EUiW_6V0wqyajOodVP5XRxQNmFWRWqQIRDqhiGtDI1ZWGQzFMdyFIU9iMiw6S1ZS_3AFL2jfSxbxU-X9VXOz-7_NxE2erjBzDNUoejX10yCbO9bejU8s0FESTCgE2NbCvrCdKJZD0aj5R7Vewi66uxEp4etYIg6DjAhhfJ6otvYNIFEZr4z6eJctE5h89KZNQjZOxixX2OZRKF0NIfG6A-Dalv95SgyMavX7qWzydjgrYi_OIwOXkOhedkxauQ2Zgvu-brQT7Qt2B9RyfAPDruTQIDQ-iMq8zRDJ0fExqiR3UG2gC232IgaqheMxtjgOAaAKr83xlKPEy-b4iUHoeX3c_e2b5R63FcOWkW1eksjgIDhquxsOIQv7YEpeUGe7ELqMWAHEgUdneHPrwHS9KQ-ZKPWVvzqYN2me-E0XGe_mxO7rOwyst2e-TnA7BWYyF8B8tx8Bi0uuL5grRz9b-45XTxW5IXKm4pkFGRSohwnid1no04yNNAy6rAiNAElTea22WFKxi8qnUoIMeO9me1hryyYZfBMJ6hNTLi2c21W80yKFz9_OULh9RQh-38q64U7j1Y4BunD4MoGAKpq-TVbkr_nmNBghbgMddZ333-zVUXGy3PD-7xlg7u0yD8kmIe4UCZLkWr8kK-he6vQN-q-dUq5LkHmWeZ9xY4Sib7CfQTL1NPSe0Y5kQtMD3bpG0JrZrhxRFS8-CjpWeLkDE-HRhyeKoLNuJfB7fT5W1oAxvMAl1_A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2u.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

GET
H2 200 8229fa5a5c3ebd24f3e2eb95db7eba72.js Show response
www.gstatic.com/mysidia/ Frame 25DB 9 KB
5 KB 95ms
20ms Script
text/javascript 2a00:1450:400d:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8229fa5a5c3ebd24f3e2eb95db7eba72.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2584973940963728&output=html&h=280&slotname=2057390652&adk=3095248126&adf=544870902&pi=t.ma~as.2057390652&w=728&fwrn=4&fwrnh=100&lmt=1676047402&rafmt=1&format=728x280&url=https%3A%2F%2F2u.pw%2FR49ES&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676047402627&bpp=2&bdt=1341&idt=209&shv=r20230207&mjsv=m202302020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6082201758744&frm=20&pv=1&ga_vid=1309867206.1676047403&ga_sid=1676047403&ga_hid=802557459&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C31072226%2C31072296%2C21065724&oid=2&pvsid=2595683066498867&tmod=2030564263&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=GOpTxIk0YQ&p=https%3A//2u.pw&dtd=213

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b597bf422617af67b2ffe3e420f0fd2d9a01a3b95020e368c57b2a131151158

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Wed, 08 Feb 2023 14:35:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 180447
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4209
x-xss-protection: 0
last-modified: Thu, 02 Feb 2023 22:14:51 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 09 May 2023 14:35:56 GMT

GET
H2 200 9e5698c686bc55900eb7505b234da968.js Show response
www.gstatic.com/mysidia/ Frame 25DB 10 KB
4 KB 96ms
22ms Script
text/javascript 2a00:1450:400d:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/9e5698c686bc55900eb7505b234da968.js?tag=text/vanilla_highlight

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98a03cded6a2bd3976ad215e9f51af528f6be61edf3666ea4656e35a87f13687

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 11:46:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17813
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4467
x-xss-protection: 0
last-modified: Thu, 02 Feb 2023 22:14:51 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 11 May 2023 11:46:30 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 25DB 8 KB
991 B 44ms
42ms Stylesheet
text/css 2a00:1450:400d:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 10 Feb 2023 16:43:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 10 Feb 2023 16:05:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 10 Feb 2023 16:43:23 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230207/r20110914/client/ Frame 25DB 2 KB
765 B 7ms
6ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230207/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Thu, 09 Feb 2023 18:26:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80191
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 23 Feb 2023 18:26:52 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230207/r20110914/ Frame 25DB 22 KB
9 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230207/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0d0e2a4591bd097795566e5cb9caa6b293e0a4f8e675f28a0e320dc8f1690770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Thu, 09 Feb 2023 18:26:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80191
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9030
x-xss-protection: 0
server: cafe
etag: 14849286796705262889
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 23 Feb 2023 18:26:52 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230207/r20110914/client/ Frame 25DB 3 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230207/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 14:01:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9742
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Feb 2023 14:01:01 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230207/r20110914/client/ Frame 25DB 18 KB
7 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

95400c0abce893a943ceb22f1029b92506b3beda9415c0650bcfc3cb4e401868

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Thu, 09 Feb 2023 18:26:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80234
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7626
x-xss-protection: 0
server: cafe
etag: 5262822293969176042
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 23 Feb 2023 18:26:09 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 25DB 156 KB
48 KB 132ms
58ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b820dc122a80f08db00e452d97da2973b7e45407e11f2e97b043f97aa9a6bd3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 16:43:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48910
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1675860536307976"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 10 Feb 2023 16:43:23 GMT

GET
H2 200 8aec859a266e19fb42fee7f82edeac28.js Show response
www.gstatic.com/mysidia/ Frame 25DB 33 KB
14 KB 20ms
19ms Script
text/javascript 2a00:1450:400d:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8aec859a266e19fb42fee7f82edeac28.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07970172ef078d9a58aa9ed9e9b54dd1cfbfec021be21b0d0fc7484c5fd5a58a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 15:23:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4809
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14079
x-xss-protection: 0
last-modified: Thu, 02 Feb 2023 22:14:51 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 11 May 2023 15:23:14 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 25DB 0
0 63ms
63ms Fetch
text/html 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CdaoCKnTmY6fWNamD7APsxoaAAbDY9-ti6KmX6LURoZCsvbIJEAEgxdngFGCV4pCCoAegAd6NwK4ByAEBqAMByAPDBKoE1AFP0LPW90ECEm_cTId0G-NRfQ-GX7-3ySpTUNVsaEXAMbwBGBHXIfK188aQXZpt1UR49i6EoySXcX4PvGORa1_ZXXRp70RAThRW9GViQsiqin63uLnNRtvaAH4Ja77bkSa2R69RmCUQrtBVOkKY237ihihiQPWf8qAmVKrpb0KzrpjTyvjfh8dJBcHCGn58KfJnPNB5Rd_1TAk2mWqxP6bOPHYv8mYjDMOyh56G2rDixhzGuSce8jqqB0vlqqXjjAdz6aQmjLXZFGBdrS2oxN41cVTl-8AE5NGQiegDkgUECAQYAZIFBAgFGASgBmaAB4ryv9ECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQgpkV0ggRCIDhgHAQARgfMgLrAjoCgECACgHICwHYEwrQFQGAFwGyFxwKGggAEhRwdWItMjU4NDk3Mzk0MDk2MzcyOBgA&sigh=_iWm9BdrDMQ&uach_m=[UACH]&cid=CAQSGwDUE5ymiqY9zAM4xLjQUCDhBgh6NqLfm2ODxBgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2584973940963728&output=html&h=280&slotname=2057390652&adk=3095248126&adf=544870902&pi=t.ma~as.2057390652&w=728&fwrn=4&fwrnh=100&lmt=1676047402&rafmt=1&format=728x280&url=https%3A%2F%2F2u.pw%2FR49ES&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676047402627&bpp=2&bdt=1341&idt=209&shv=r20230207&mjsv=m202302020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6082201758744&frm=20&pv=1&ga_vid=1309867206.1676047403&ga_sid=1676047403&ga_hid=802557459&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C31072226%2C31072296%2C21065724&oid=2&pvsid=2595683066498867&tmod=2030564263&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=GOpTxIk0YQ&p=https%3A//2u.pw&dtd=213
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 10 Feb 2023 16:43:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 10 Feb 2023 16:43:24 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A726 143 B
166 B 20ms
19ms Document
text/html 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2584973940963728&output=html&h=280&slotname=2057390652&adk=3095248126&adf=544870902&pi=t.ma~as.2057390652&w=728&fwrn=4&fwrnh=100&lmt=1676047402&rafmt=1&format=728x280&url=https%3A%2F%2F2u.pw%2FR49ES&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676047402627&bpp=2&bdt=1341&idt=209&shv=r20230207&mjsv=m202302020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6082201758744&frm=20&pv=1&ga_vid=1309867206.1676047403&ga_sid=1676047403&ga_hid=802557459&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759875%2C44759926%2C31072226%2C31072296%2C21065724&oid=2&pvsid=2595683066498867&tmod=2030564263&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=GOpTxIk0YQ&p=https%3A//2u.pw&dtd=213
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1887
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 10 Feb 2023 16:11:56 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 25DB 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a44315a64fa8f1b33601828da1214ba3a05496e76ef8fa780790668fe2751936

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A726
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

49ms
49ms

Document
text/html

2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 10 Feb 2023 16:43:24 GMT
expires: Fri, 10 Feb 2023 16:43:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 10 Feb 2023 16:43:24 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 25DB 28 KB
28 KB 25ms
24ms Font
font/woff2 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Sat, 04 Feb 2023 23:18:07 GMT
x-content-type-options: nosniff
age: 494717
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 04 Feb 2024 23:18:07 GMT

GET
H3 200 qd5KMEVePpT1ECIYP18qBYKfQjivfqNOtA0cTjFsQVM.js Show response
pagead2.googlesyndication.com/bg/ Frame 599E 36 KB
14 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/qd5KMEVePpT1ECIYP18qBYKfQjivfqNOtA0cTjFsQVM.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9de4a30455e3e94f51022183f5f2a05829f4238af7ea34eb40d1c4e316c4153

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 15:46:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3409
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14195
x-xss-protection: 0
last-modified: Mon, 30 Jan 2023 11:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 10 Feb 2024 15:46:35 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 25DB 42 B
64 B 45ms
44ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstNIdzQJX_VYsywlf7iiLdbgTTylYYouVBsYGA2a9jbvhBuK9iUqmJcwPpqhzBo4m3aAD1pSCpd_Q2ORvlner7FhlVT8fhAXGsBBj9vjsKFvexFsgd4YP_nz8r2d6w_3TohE54w4g&sai=AMfl-YQQjfHHAUli79qzt8Hq5NxWuWtdfziWAX_c_3LIP6xgvCdlYGOGkW4n_YikVpdJ0TvxbjSq_7JVliEo&sig=Cg0ArKJSzKoUsONQyox_EAE&cid=CAQSGwDUE5ymiqY9zAM4xLjQUCDhBgh6NqLfm2ODxBgB&id=lidar2&mcvt=1000&p=0,0,280,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230208&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=3095248126&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1676047402841&rpt=1297&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Feb 2023 16:43:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

74 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
2u.pw/	1969-12-31 23:59:59	Name: PHPSESSID Value: 43e79602dec1ce30a22ce62516a332e4
2u.pw/	1970-01-20 09:34:09	Name: short_R49ES Value: 1
.2u.pw/	1970-01-20 19:10:07	Name: _ga Value: GA1.1.1309867206.1676047403
.2u.pw/	1970-01-20 19:10:07	Name: _ga_DWHT9BK0F8 Value: GS1.1.1676047402.1.0.1676047402.0.0.0
.2u.pw/	1970-01-20 18:55:43	Name: __gads Value: ID=3f61cdd4b8dd808f-229fa6dbafdb0033:T=1676047402:RT=1676047402:S=ALNI_MYoiplWdUm5ta3Fn8bs_dUsBgzGnA
.2u.pw/	1970-01-20 18:55:43	Name: __gpi Value: UID=000009a8723e8910:T=1676047402:RT=1676047402:S=ALNI_MZOOu1Y8Qy69pJ3E_M7-T6UqJuLjQ
.2u.pw/	1970-01-20 09:34:09	Name: __cf_bm Value: tvhWGaZPTwheRhNcbtnQVy5HFXKXghJZTlr.blErWX0-1676047403-0-ATcAyfYkBgfyfQZmAdY/l5YQRBEaIwvH+/gkjnCe7cZfHZhmcXHSJV3lnPKQx1y2lbKqjGCfMa7Fr/w915EGRyeEL8aVN8UWQQWXRZ5YQI5fHNpP7CXfo/LQHJdEFu5oSRtPbiDRHKUwqF5A3hZjam0=
.doubleclick.net/	1970-01-20 18:55:43	Name: IDE Value: AHWqTUmbSn2sLWf3jDqyo73-4Fx7Hwny4n_ORd8K2XbFG8EovWnzd8WPAgEMN5Wqm4A
.doubleclick.net/	1970-01-20 09:34:11	Name: DSID Value: NO_DATA

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2u.pw
adservice.google.com
adservice.google.de
api.miniature.io
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
partner.googleadservices.com
region1.google-analytics.com
static.cloudflareinsights.com
tpc.googlesyndication.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
2001:4860:4802:34::36
2606:4700:3108::ac42:2b72
2606:4700::6810:3865
2606:4700::6811:180e
2a00:1450:4001:80b::2001
2a00:1450:4001:811::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:831::2002
2a00:1450:400d:802::2002
2a00:1450:400d:803::2002
2a00:1450:400d:803::2003
2a00:1450:400d:807::2002
2a00:1450:400d:80a::2003
2a00:1450:400d:80c::2004
2a00:1450:400d:80c::200a
2a00:1450:400d:80e::2008
54.39.20.207
05a8a5125b36da55ff02702436ee672fa3ddd45ccebd499a8fbff0461c8cba10
07970172ef078d9a58aa9ed9e9b54dd1cfbfec021be21b0d0fc7484c5fd5a58a
08e5970dcee7ecf02ab04df2d6be02568a71594f4923491e9f3e8ae3306a853f
08ec63812b5c543fbc24b98cf05328d849347f0dc0b2cbdf9bc463435b5ad1f6
0d0e2a4591bd097795566e5cb9caa6b293e0a4f8e675f28a0e320dc8f1690770
0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3
171ca22825d9d3284a7e20e85120854bc2bf6fb15b821ce6bed382f14ff51c29
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1f7244cb694f7f667a5f3668a79844fc6159e3922363f0423d9b09872680f372
23d4f07d80b8892ad0d2a5d6fce809976f976287b1000cf63f40698f8533fe57
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3347a1866b5074aeb44720aba5b55be02153824db0d6c1e12e4905f9f1124762
3c19df610d2b937c34facbe5517c48054fd3695a18e69fa1ac94084aa61d5079
45024d41846a2594d90f9942d9e3b4f068eed7e2b33761e53a4aca99a372e720
456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56a63c371309ec7dbf0942ccae507b30de140df862a0619a5d84db772a2b76a6
59fef3498a144d5d17c89c4f97836510bd08473df49842e6e914de1473dfde36
5c7e07dfb2d7437793e8b1ed577739a8bd55558df14aa7234714675ba53f71ee
5ca05a5394ff4d4974d6ac3bde7629c0261c8403eaf2ab463da552c7a33218dd
6102d725c22f9bf27ef542ceae070843153f3e0926b89820a75f29b107e33cb2
61924af235b4d15643a54de7334e042d95edbd1b518a0fe705855d715ef15797
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
64c3c540b1134dffc629dd776dab42782b043a3b336a3a4d8f36d75b0c552f58
6b597bf422617af67b2ffe3e420f0fd2d9a01a3b95020e368c57b2a131151158
6e4d2fa96233c4de3e746df642d9340e09e301a8b21383bb6b199aa2fc343a49
736442f06007c0f94fda57f6c64507d79e8158a92d89e8b13da7f2fb8c425307
74d66add22660b12e57cf4a9e1c2fe4fcc8708e052ec75b62b1e9428968fc90d
877de2ffab95719d6ff1f1048fa912e70ee31879a2a31f868eb5b1770252d8fb
8dfa44186f88c359a2b2e79781647f589ebcef0fe3b8c22e1471eb7fb2cda53f
95400c0abce893a943ceb22f1029b92506b3beda9415c0650bcfc3cb4e401868
98a03cded6a2bd3976ad215e9f51af528f6be61edf3666ea4656e35a87f13687
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
a44315a64fa8f1b33601828da1214ba3a05496e76ef8fa780790668fe2751936
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a7c3e55eaa9ecaa4ca4a2ebffc199b1d3b5c4c568e832a107811ca61db66bcbb
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
a898f00aabf0e5632b47a59e092c4662c8cbda0c33ea6d0d424cbced57e3ee72
a9de4a30455e3e94f51022183f5f2a05829f4238af7ea34eb40d1c4e316c4153
af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674
b5aec4aed4ba80ac34c0f0a576543b6a761ec3ffe6d0aee51e31a03d22294574
b820dc122a80f08db00e452d97da2973b7e45407e11f2e97b043f97aa9a6bd3c
c3310222d966afb84f4bca398f220260e16bfca484ea04cd043320949c31775d
c6ff6d4624a5c8140cbc19107aa372a233907f8e6e4d55d002d20cae682a575f
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d4e082c42c61ce287e6c53845e1b37efb631b6476dfccbad34f53b28025ef1da
dbce33b6b6c6ba95dd226a2d02b96262f061d43f77198ee60c55c2f23a7791af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee45121aa49f6f5192294cca55db6eba2a4834ec2c6bfb11f023909123179a84
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
fa9a3880a0d54a4bd990e2f63278be581b068336f34a39863e47ba65774d82d7
fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e

2u.pw Open in urlscan Pro 2606:4700:3108::ac42:2b72 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

66 Requests

98 %HTTPS

94 %IPv6

14 Domains

17 Subdomains

18 IPs

4 Countries

704 kBTransfer

1894 kBSize

9 Cookies

0 Outgoing links

Page URL History

Redirected requests

66 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

2u.pw Open in urlscan Pro
2606:4700:3108::ac42:2b72 Public Scan

Screenshot
Live screenshot

Full Image

66
Requests

98 %
HTTPS

94 %
IPv6

14
Domains

17
Subdomains

18
IPs

4
Countries

704 kB
Transfer

1894 kB
Size

9
Cookies

66 HTTP transactions
1 data transactions