urlscan.io logo urlscan.io
SecurityTrails logo

thecloak.com Open in urlscan Pro
208.97.154.88  Public Scan

Go To Rescan Add Verdict Report
URL: http://thecloak.com/
Submission: On April 15 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 2 countries across 9 domains to perform 22 HTTP transactions. The main IP is 208.97.154.88, located in United States and belongs to DREAMHOST-AS, US. The main domain is thecloak.com.
This is the only time thecloak.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

2    208.97.154.88 (United States)

ASN26347 (DREAMHOST-AS, US)
PTR: vps42863.dreamhostps.com
thecloak.com
1    2606:4700:3031::6815:1b8e (United States)

ASN13335 (CLOUDFLARENET, US)
tshirthell.com
2    2606:4700:3037::ac43:8eeb (United States)

ASN13335 (CLOUDFLARENET, US)
tshirthell.com
www.tshirthell.com
6    2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
1    2606:4700:20::681a:f2 (United States)

ASN13335 (CLOUDFLARENET, US)
www.hide-my-ip.com
1    2606:4700:20::681a:1f2 (United States)

ASN13335 (CLOUDFLARENET, US)
www.hide-my-ip.com
3    2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
3    2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
partner.googleadservices.com
1    2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
1    2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
3    2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
Apex Domain
Subdomains		 Transfer
9 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 105
tpc.googlesyndication.com — Cisco Umbrella Rank: 138
204 KB
4 google.com
www.google.com — Cisco Umbrella Rank: 2
adservice.google.com — Cisco Umbrella Rank: 73
4 KB
3 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 35
10 KB
3 tshirthell.com
tshirthell.com
www.tshirthell.com
33 KB
2 hide-my-ip.com
www.hide-my-ip.com
65 KB
2 thecloak.com
thecloak.com
54 KB
1 google.de
adservice.google.de — Cisco Umbrella Rank: 9047
531 B
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 925
603 B
1 gstatic.com
www.gstatic.com
6 KB
22 9
Domain Requested by
6 pagead2.googlesyndication.com thecloak.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
3 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
3 googleads.g.doubleclick.net pagead2.googlesyndication.com
3 www.google.com 1 redirects thecloak.com
tpc.googlesyndication.com
2 www.hide-my-ip.com 1 redirects thecloak.com
2 tshirthell.com 2 redirects
2 thecloak.com thecloak.com
1 adservice.google.com pagead2.googlesyndication.com
1 adservice.google.de pagead2.googlesyndication.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 www.gstatic.com thecloak.com
1 www.tshirthell.com thecloak.com
22 12

This site contains links to these domains. Also see Links.

Domain
www.tshirthell.com
www.hide-my-ip.com
Subject Issuer Validity Valid
www.google.com
GTS CA 1C3		 2023-03-28 -
2023-06-20		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-03-28 -
2023-06-20		 3 months crt.sh
*.googleadservices.com
GTS CA 1C3		 2023-03-28 -
2023-06-20		 3 months crt.sh
*.google.de
GTS CA 1C3		 2023-03-28 -
2023-06-20		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-03-28 -
2023-06-20		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2023-03-28 -
2023-06-20		 3 months crt.sh

This page contains 6 frames:

Primary Page: http://thecloak.com/
Frame ID: A18E72BB22FEC5D32E4556C67CA6445D
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230412/r20190131/zrt_lookup.html
Frame ID: F1DF3A69B3642F80DF980E1110931BA5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6176759882842617&output=html&h=90&slotname=5298496561&adk=2836448035&adf=2653041513&pi=t.ma~as.5298496561&w=728&lmt=1564835220&format=728x90&url=http%3A%2F%2Fthecloak.com%2F&wgl=1&dt=1681524048963&bpp=5&bdt=105&idt=100&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&correlator=2345780270489&frm=20&pv=2&ga_vid=1441458489.1681524049&ga_sid=1681524049&ga_hid=2059842818&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=756&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759842%2C44759875%2C31073823&oid=2&pvsid=2977981944307219&tmod=935882292&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=bsT0pBt4wA&p=http%3A//thecloak.com&dtd=117
Frame ID: 8CB5266C02DEF8C976EC305C7EB5C3BF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6176759882842617&output=html&adk=1812271804&adf=3025194257&lmt=1564835220&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=356x540_l%7C356x540_r&format=0x0&url=http%3A%2F%2Fthecloak.com%2F&ea=0&pra=7&wgl=1&dt=1681524048982&bpp=3&bdt=124&idt=105&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&nras=1&correlator=2345780270489&frm=20&pv=1&ga_vid=1441458489.1681524049&ga_sid=1681524049&ga_hid=2059842818&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759842%2C44759875%2C31073823&oid=2&pvsid=2977981944307219&tmod=935882292&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=2&uci=a!2&fsb=1&dtd=113
Frame ID: 7C804B94DF51375228F187EFD6571452
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B8F30C86292F3770ED3BE63966C3D6D1
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D3AE1BD08B24AAE3084DEF696725454E
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Page Statistics

22
Requests

73 %
HTTPS

92 %
IPv6

9
Domains

12
Subdomains

11
IPs

2
Countries

374 kB
Transfer

753 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://tshirthell.com/img/affiliate_section/banners/topshirts_720x90_1.jpg HTTP 301
  • https://tshirthell.com/img/affiliate_section/banners/topshirts_720x90_1.jpg HTTP 301
  • https://www.tshirthell.com/img/affiliate_section/banners/topshirts_720x90_1.jpg
Request Chain 3
  • http://www.hide-my-ip.com/images/affiliate/728x90.jpg HTTP 301
  • https://www.hide-my-ip.com/images/affiliate/728x90.jpg
Request Chain 4
  • http://www.google.com/cse/brand?form=cse-search-box&lang=en HTTP 301
  • https://www.gstatic.com/prose/brandjs.js

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
thecloak.com/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://thecloak.com/
Protocol
HTTP/1.1
Server
208.97.154.88 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS
vps42863.dreamhostps.com
Software
Apache /
Resource Hash
56200c78878674c9dfe934496e46487f20e59567d33d4fbb21e7b4583e1b84b3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=600
Connection
Upgrade, Keep-Alive
Content-Encoding
gzip
Content-Length
1133
Content-Type
text/html
Date
Sat, 15 Apr 2023 02:00:48 GMT
ETag
"89a-58f359779e981-gzip"
Expires
Sat, 15 Apr 2023 02:10:48 GMT
Keep-Alive
timeout=5, max=100
Last-Modified
Sat, 03 Aug 2019 12:27:00 GMT
Server
Apache
Upgrade
h2
Vary
Accept-Encoding,User-Agent
topshirts_720x90_1.jpg
www.tshirthell.com/img/affiliate_section/banners/
Redirect Chain
  • http://tshirthell.com/img/affiliate_section/banners/topshirts_720x90_1.jpg
  • https://tshirthell.com/img/affiliate_section/banners/topshirts_720x90_1.jpg
  • https://www.tshirthell.com/img/affiliate_section/banners/topshirts_720x90_1.jpg
31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.tshirthell.com/img/affiliate_section/banners/topshirts_720x90_1.jpg
Requested by
Host: thecloak.com
URL: http://thecloak.com/
Protocol
H2
Server
2606:4700:3037::ac43:8eeb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0af7ab96bc6271c718b6fd0b37967176cd88c50d94cab6ea8b4e5b6596bcd735
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://thecloak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 02:00:50 GMT
strict-transport-security
max-age=300; includeSubDomains; preload
cf-cache-status
MISS
last-modified
Wed, 29 Oct 2014 20:11:58 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uDlascdbJ12sxbxCJ4wy9FayMY9EpeHnWysLqXkiM1fC1UbfBAv5czEfNb%2Bm6%2Fs7u1mrSOCg%2BYgrg1w1hGOASep%2B2ya1kUqtiLXHO3gm6T%2BemevQ0YQPGmJ5BJ25EQcS9i%2FKytbRNByat0Hd%2BmwOlw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=1800
accept-ranges
bytes
cf-ray
7b8098e07a1c9214-FRA
content-length
31707

Redirect headers

date
Sat, 15 Apr 2023 02:00:49 GMT
strict-transport-security
max-age=300; includeSubDomains; preload
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oHBVyqZfrkkGcUi4LP9K6OOgC%2BkfpP57y9RaCf3tYG8sf7xmQJhrKVg%2FgZdkQpGWEPulkStBI%2BjZdgX84PHDhj%2B8DpCtbD5Gv2NuMrjI6w8iQF2TpbvsM3Sr8m6fcm%2F%2B7nNUQHvX7Gb3Xybd"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
location
https://www.tshirthell.com/img/affiliate_section/banners/topshirts_720x90_1.jpg
cache-control
max-age=1800
cf-ray
7b8098db78319214-FRA
Me%20on%20the%20green.jpg
thecloak.com/ 		52 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://thecloak.com/Me%20on%20the%20green.jpg
Requested by
Host: thecloak.com
URL: http://thecloak.com/
Protocol
HTTP/1.1
Server
208.97.154.88 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS
vps42863.dreamhostps.com
Software
Apache /
Resource Hash
1d1de8d5732df3e21bffa00e23b40aa55f55653cd4dbb2ce25600e71c5f49a0e

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://thecloak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date
Sat, 15 Apr 2023 02:00:48 GMT
Last-Modified
Sat, 03 Aug 2019 12:25:34 GMT
Server
Apache
ETag
"cff2-58f3592556cfb"
Vary
User-Agent
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
53234
Expires
Mon, 15 May 2023 02:00:48 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		137 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: thecloak.com
URL: http://thecloak.com/
Protocol
HTTP/1.1
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
eecb2cb963b281ce41347be92dfb07c5c56c5d756fc3afa39f2c038a285ab98e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://thecloak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date
Sat, 15 Apr 2023 02:00:48 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
P3P
policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cross-Origin-Resource-Policy
cross-origin
Content-Disposition
attachment; filename="f.txt"
Content-Length
50845
X-XSS-Protection
0
Server
cafe
ETag
12593109814098639609
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
private, max-age=3600
Timing-Allow-Origin
*
Expires
Sat, 15 Apr 2023 02:00:48 GMT
728x90.jpg
www.hide-my-ip.com/images/affiliate/
Redirect Chain
  • http://www.hide-my-ip.com/images/affiliate/728x90.jpg
  • https://www.hide-my-ip.com/images/affiliate/728x90.jpg
63 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hide-my-ip.com/images/affiliate/728x90.jpg
Requested by
Host: thecloak.com
URL: http://thecloak.com/
Protocol
H2
Server
2606:4700:20::681a:1f2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e5d96ac591bde87d0c1c13116552cde49edeb9728cb684615811da33d21a2ec9

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://thecloak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 02:00:50 GMT
cf-cache-status
MISS
last-modified
Sat, 17 May 2014 02:05:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IhRdxvUZE%2F9v1YKNXAbBrkOHlFqoKLGafshVR8R%2FL33TLT0nC%2FfxrHml7%2B%2B5avNgUH711Gwxyx39nsB5hIp0FRWFHdQH4g45FV%2BJeGveltE5GUcFb65pbv%2BZ3qZ7ZQOh93PHEedr7bhhp90ALnrc1w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=691200
access-control-allow-credentials
true
accept-ranges
bytes
cf-ray
7b8098dd3d33bb59-FRA
content-length
65005

Redirect headers

Date
Sat, 15 Apr 2023 02:00:49 GMT
CF-Cache-Status
MISS
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kAbi6%2FvX6bAGekcshxDiNuR2OfF0xzQayi5JuVBw5uch%2BkwNcL3TexYBLlBkM9SLSYmDSVEnrt%2F6odNYx9r25z%2FN2Jr%2Fwm%2BUNIfVwU3TX2FGZZVoBy5Q60rfiBONh22Exbte%2FzSO9t2bwJj7HtoBbA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type
text/html; charset=iso-8859-1
Location
https://www.hide-my-ip.com/images/affiliate/728x90.jpg
Cache-Control
max-age=691200
Vary
Accept-Encoding
Connection
keep-alive
CF-RAY
7b8098d9bf20694c-FRA
brandjs.js
www.gstatic.com/prose/
Redirect Chain
  • http://www.google.com/cse/brand?form=cse-search-box&lang=en
  • https://www.gstatic.com/prose/brandjs.js
14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/prose/brandjs.js
Requested by
Host: thecloak.com
URL: http://thecloak.com/
Protocol
H2
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6395e6f9f6fbcd953f0ffa40615094c565d86c265fb5028e64dd2dc872b5ce69
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://thecloak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Fri, 14 Apr 2023 22:18:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
13363
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5807
x-xss-protection
0
last-modified
Tue, 06 Apr 2021 15:14:29 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type
text/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
expires
Sat, 15 Apr 2023 22:18:05 GMT

Redirect headers

Date
Sat, 15 Apr 2023 01:34:49 GMT
X-Content-Type-Options
nosniff
Server
sffe
Age
1559
Content-Type
text/html; charset=UTF-8
Location
https://www.gstatic.com/prose/brandjs.js
Cache-Control
public, max-age=1800
Content-Length
237
X-XSS-Protection
0
Expires
Sat, 15 Apr 2023 02:04:49 GMT
branding.png
www.google.com/cse/static/images/1x/en/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/cse/static/images/1x/en/branding.png
Requested by
Host: thecloak.com
URL: http://thecloak.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://thecloak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Mon, 10 Apr 2023 12:06:39 GMT
x-content-type-options
nosniff
age
395649
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1372
x-xss-protection
0
last-modified
Mon, 25 May 2020 08:30:00 GMT
server
sffe
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
expires
Tue, 09 Apr 2024 12:06:39 GMT
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304120201/ 		348 KB
117 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304120201/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6176759882842617&plah=thecloak.com&bust=31073823
Requested by
Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c9b8a73a814d852b59cd6204a6142fa7be2436b8cf322a9d9ab7d0eac279dc9e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://thecloak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 02:00:48 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
119200
x-xss-protection
0
server
cafe
etag
1026223281767087634
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Sat, 15 Apr 2023 02:00:48 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20230412/r20190131/ Frame F1DF 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20230412/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://thecloak.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
22403
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4549
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 14 Apr 2023 19:47:26 GMT
etag
2378337311435320485
expires
Fri, 28 Apr 2023 19:47:26 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
cookie.js
partner.googleadservices.com/gampad/ 		391 B
603 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=thecloak.com&callback=_gfp_s_&client=ca-pub-6176759882842617
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304120201/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6176759882842617&plah=thecloak.com&bust=31073823
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3e9fe96d66bba6aa0866cbf79d8989f8fc175fb24fd7a5beefe3c8eba3b9c4dd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://thecloak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 02:00:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
252
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ 		107 B
531 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=thecloak.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304120201/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6176759882842617&plah=thecloak.com&bust=31073823
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://thecloak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 02:00:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
456 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=thecloak.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304120201/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6176759882842617&plah=thecloak.com&bust=31073823
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://thecloak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 02:00:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 8CB5 		436 B
410 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6176759882842617&output=html&h=90&slotname=5298496561&adk=2836448035&adf=2653041513&pi=t.ma~as.5298496561&w=728&lmt=1564835220&format=728x90&url=http%3A%2F%2Fthecloak.com%2F&wgl=1&dt=1681524048963&bpp=5&bdt=105&idt=100&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&correlator=2345780270489&frm=20&pv=2&ga_vid=1441458489.1681524049&ga_sid=1681524049&ga_hid=2059842818&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=436&ady=756&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759842%2C44759875%2C31073823&oid=2&pvsid=2977981944307219&tmod=935882292&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=bsT0pBt4wA&p=http%3A//thecloak.com&dtd=117
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304120201/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6176759882842617&plah=thecloak.com&bust=31073823
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4cd546325fa42c7181e25c51a616ddcd3a1f5b7578f3fc9aa1f7f49bc64d0d3b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://thecloak.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
211
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 15 Apr 2023 02:00:49 GMT
expires
Sat, 15 Apr 2023 02:00:49 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 7C80 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6176759882842617&output=html&adk=1812271804&adf=3025194257&lmt=1564835220&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=356x540_l%7C356x540_r&format=0x0&url=http%3A%2F%2Fthecloak.com%2F&ea=0&pra=7&wgl=1&dt=1681524048982&bpp=3&bdt=124&idt=105&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&nras=1&correlator=2345780270489&frm=20&pv=1&ga_vid=1441458489.1681524049&ga_sid=1681524049&ga_hid=2059842818&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759842%2C44759875%2C31073823&oid=2&pvsid=2977981944307219&tmod=935882292&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=2&uci=a!2&fsb=1&dtd=113
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304120201/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6176759882842617&plah=thecloak.com&bust=31073823
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5bf5f0c5a17ffc799ca11bbcec710d314c1751e5f2531a14266c47a1e1e435f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://thecloak.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
4829
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 15 Apr 2023 02:00:49 GMT
expires
Sat, 15 Apr 2023 02:00:49 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ 		15 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230412&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304120201/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6176759882842617&plah=thecloak.com&bust=31073823
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
11666dc286e69dff72376e89cd000c8864ae34474a2283670d989564bb29a5c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://thecloak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 02:00:50 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11227
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304120201/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6176759882842617&plah=thecloak.com&bust=31073823
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://thecloak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 02:00:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 15 Apr 2023 02:00:50 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B8F3 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://thecloak.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
20002
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 14 Apr 2023 20:27:28 GMT
expires
Sat, 13 Apr 2024 20:27:28 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame D3AE 		783 B
965 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
bccd6f9c9145b5f04eefad87abc14f0d93bebe8e7e6b92e34ec5347981edaa94
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-jlA9N2V5BwYAwvk4p1f4DA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://thecloak.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-length
515
content-security-policy
script-src 'report-sample' 'nonce-jlA9N2V5BwYAwvk4p1f4DA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sat, 15 Apr 2023 02:00:50 GMT
expires
Sat, 15 Apr 2023 02:00:50 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
kBq9KUdG_fSJS_g22hG5IJOh94ldGEt94wg22nyNOr4.js
pagead2.googlesyndication.com/bg/ Frame B8F3 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/kBq9KUdG_fSJS_g22hG5IJOh94ldGEt94wg22nyNOr4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
901abd294746fdf4894bf836da11b92093a1f7895d184b7de30836da7c8d3abe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Fri, 14 Apr 2023 23:46:26 GMT
content-encoding
br
x-content-type-options
nosniff
age
8064
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14442
x-xss-protection
0
last-modified
Tue, 11 Apr 2023 10:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 13 Apr 2024 23:46:26 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame D3AE 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230412&jk=2977981944307219&rc=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers
generate_204
tpc.googlesyndication.com/ Frame B8F3 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?xHR08A
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date
Sat, 15 Apr 2023 02:00:50 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230412&jk=2977981944307219&bg=!0NOl04fNAAZA7GLoYOw7ADkAdvg8Wqz7afPvXrcXdRagTP1tWIGgLOetBtdXVCdYGHl503UYtwFNpPZ4qYTa36gRzsaTIfUhYPsCAAAASVIAAAAIaAEHCgChn2Y7Ku6sT52RlAH0tNhMB5pGtgNO9RPbO9eiIA-ELC-TYgIG8msSMqPZ18OZxovJEQfKhYjp3I_vee43wknyr0w6lLAqxL2FFu5C8bT3NVozBL4WHQA0NfdmSx5cK3Jcvau0d3P2Ad9j4nkdyiVhZPKnsF88XlOomIYltGd4QGFlcSagUAz4aNheiJHXIAT4ggNTBbGxyhiju2RFWPXhrGeZAsnjrkb6T7k3rC0bfb7oC507dC4Soq6REKVZcWVIgxCdWAkAXItJOpiuaSQXjrpAmzvDGWvVwFzTUHid2sjEV-rEXcCQ_h_uiqqB7wRr5RNQGNuy6xS5LH85cb5H2xb-E2eE6tzlUlrQDhJkrkOACh8jt3OJvERs3Vtpsm5ZZ2PDEviWzbESYdGlkTnycfpcHbLwFneXjpq7MaOjqUA4QJqCm9gjv-QdN_YGrBB-44g4w4nVK95OrTxJCk05Bnk1InlgfgvJjSjlBP7qnjA5LZ1_tpz-9rR6rCA9bknTwdLpATYT53nVJgdgXZZPZBxDSk6KC6dK_84GmxHV-ZSXT-KKBPGs9tw1kJglC07NgMXbI-Td90TXCYDL1HZgWc4Nl0PP4XI0sV7M2obEsb6mYZpym306tTcs_l1p5E4y9DRs0Oe-VoGoyLuzgcIN1QHwQEbw8SVxh4PDri08rGJKkiRyvvkzGPqMlFkW3RR2aFi-X4bJ5U1AISmc-VnD0VUWChLtfOkCNJdkvEJVFjX5e0qDrN4xo9C-BeeWdrhJW_w5M_PgK6AKZ0YWspi14Sw7eQj2okXEwr7F_VJ72_NniM3HtWL2hDS2Gj42pvYXhJV5MWkc9eRDAI-uu7U1er9ZukDr8OHDI5KbBfQ-fYwOMG8qMK3W1oavfoXQMIlQH0wIcBDR_1dsydK7HcgoGjeC_4fyRGgdsLfa-gSm_swoDFmuNv15YSjdmn6x2Fz7tplwM2X9_kVSUXDBSQYKFwBHa8Q7lyJHlavawlq2Rx5qq51koC8EEecKOU3dM3qtgVsq48ZdzqF0GgjzOa_GW0J3GHodTMk53Z9s_UtaFuJkwaug6Xoi4IVqEtLWhhBxYN3hAfDqLz3IEjLkt9h4diXB_9tdSv1N9-p6mb8DXoKGIj1jytGiRuSYpX8_LPnYbnJE7YBk_bnPcKpVOA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://thecloak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 boolean| credentialless object| adsbygoogle object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac object| google_persistent_state_async boolean| google_measure_js_timing object| google_reactive_ads_global_state object| google_sa_queue function| google_process_slots boolean| google_apltlad function| google_spfd number| google_lpabyc number| google_unique_id object| google_sv_map object| google_ama_state number| google_rum_task_id_counter function| google_sa_impl object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken number| google_global_correlator object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages object| GoogleGcLKhOms object| google_image_requests

3 Cookies

Domain/Path Name / Value
.thecloak.com/ Name: __gads
Value: ID=79e6447c4e308834-22ab4e9e93dd001d:T=1681524049:RT=1681524049:S=ALNI_Mb5S1yxn1BpENikEP7z4JuMku1vDw
.thecloak.com/ Name: __gpi
Value: UID=00000be2b0a253df:T=1681524049:RT=1681524049:S=ALNI_MYNA6n7OLM7fqcJZLN-RAy4dJ1N5A
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
googleads.g.doubleclick.net
pagead2.googlesyndication.com
partner.googleadservices.com
thecloak.com
tpc.googlesyndication.com
tshirthell.com
www.google.com
www.gstatic.com
www.hide-my-ip.com
www.tshirthell.com
208.97.154.88
2606:4700:20::681a:1f2
2606:4700:20::681a:f2
2606:4700:3031::6815:1b8e
2606:4700:3037::ac43:8eeb
2a00:1450:4001:803::2002
2a00:1450:4001:808::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:811::2002
2a00:1450:4001:827::2004
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::2003
2a00:1450:4001:830::2002
0af7ab96bc6271c718b6fd0b37967176cd88c50d94cab6ea8b4e5b6596bcd735
11666dc286e69dff72376e89cd000c8864ae34474a2283670d989564bb29a5c1
1d1de8d5732df3e21bffa00e23b40aa55f55653cd4dbb2ce25600e71c5f49a0e
331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16
3e9fe96d66bba6aa0866cbf79d8989f8fc175fb24fd7a5beefe3c8eba3b9c4dd
4cd546325fa42c7181e25c51a616ddcd3a1f5b7578f3fc9aa1f7f49bc64d0d3b
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56200c78878674c9dfe934496e46487f20e59567d33d4fbb21e7b4583e1b84b3
5bf5f0c5a17ffc799ca11bbcec710d314c1751e5f2531a14266c47a1e1e435f6
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6395e6f9f6fbcd953f0ffa40615094c565d86c265fb5028e64dd2dc872b5ce69
901abd294746fdf4894bf836da11b92093a1f7895d184b7de30836da7c8d3abe
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
bccd6f9c9145b5f04eefad87abc14f0d93bebe8e7e6b92e34ec5347981edaa94
c9b8a73a814d852b59cd6204a6142fa7be2436b8cf322a9d9ab7d0eac279dc9e
ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5d96ac591bde87d0c1c13116552cde49edeb9728cb684615811da33d21a2ec9
eecb2cb963b281ce41347be92dfb07c5c56c5d756fc3afa39f2c038a285ab98e