URL: https://downscrs.xyz/
Submission: On October 07 via manual from GB — Scanned from DE

Summary

This website contacted 11 IPs in 2 countries across 9 domains to perform 24 HTTP transactions. The main IP is 172.64.163.25, located in United States and belongs to CLOUDFLARENET, US. The main domain is downscrs.xyz.
TLS certificate: Issued by R3 on September 3rd 2021. Valid for: 3 months.
This is the only time downscrs.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 172.64.163.25 13335 (CLOUDFLAR...)
1 192.243.59.12 39572 (ADVANCEDH...)
1 172.217.16.130 15169 (GOOGLE)
8 172.217.23.110 15169 (GOOGLE)
1 3 142.250.185.66 15169 (GOOGLE)
2 172.67.189.120 13335 (CLOUDFLAR...)
1 172.217.23.99 15169 (GOOGLE)
1 142.250.184.230 15169 (GOOGLE)
1 104.21.46.210 13335 (CLOUDFLAR...)
1 130.211.31.231 15169 (GOOGLE)
24 11
Domain Requested by
8 www.youtube.com downscrs.xyz
www.youtube.com
6 downscrs.xyz downscrs.xyz
3 googleads.g.doubleclick.net 1 redirects pagead2.googlesyndication.com
www.youtube.com
2 superonclick.com downscrs.xyz
1 discovernative.com downscrs.xyz
1 ufpcdn.com superonclick.com
1 static.doubleclick.net www.youtube.com
1 fonts.gstatic.com www.youtube.com
1 pagead2.googlesyndication.com downscrs.xyz
1 urgesick.com downscrs.xyz
24 10

This site contains links to these domains. Also see Links.

Domain
discovernative.com
Subject Issuer Validity Valid
*.downscrs.xyz
R3
2021-09-03 -
2021-12-02
3 months crt.sh
urgesick.com
R3
2021-08-26 -
2021-11-24
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh
*.google.com
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-06-11 -
2022-06-10
a year crt.sh
*.gstatic.com
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh
*.doubleclick.net
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh
discovernative.com
Sectigo RSA Domain Validation Secure Server CA
2021-03-04 -
2022-03-04
a year crt.sh

This page contains 4 frames:

Primary Page: https://downscrs.xyz/
Frame ID: C69DB4EB6263EAC774D676A84E8B8FAD
Requests: 11 HTTP requests in this frame

Frame: https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
Frame ID: C5FD37BAD67347FBD01B3A9CEB2DAD63
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211005/r20190131/zrt_lookup.html
Frame ID: 00884E3F13E80401F345532799EC7A07
Requests: 1 HTTP requests in this frame

Frame: https://ufpcdn.com/script/identify.html?frmt=0
Frame ID: 651B4A296389F9472CB4B0E9ED53C1CB
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
  • wp-embed\.min\.js\?ver=([\d.]+)

Overall confidence: 100%
Detected patterns
  • <(?:param|embed|iframe)[^>]+youtube(?:-nocookie)?\.com/(?:v|embed)

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Page Statistics

24
Requests

100 %
HTTPS

0 %
IPv6

9
Domains

10
Subdomains

11
IPs

2
Countries

787 kB
Transfer

2738 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 16
  • https://googleads.g.doubleclick.net/pagead/id HTTP 302
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

24 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
downscrs.xyz/
9 KB
4 KB
Document
General
Full URL
https://downscrs.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.163.25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
662029f3718d3bf60503924e5a1956c1d9266f8f532ace6f13ed42e9ac0cde6f

Request headers

:method
GET
:authority
downscrs.xyz
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Thu, 07 Oct 2021 11:33:09 GMT
content-type
text/html; charset=UTF-8
link
<http://downscrs.xyz/index.php?rest_route=/>; rel="https://api.w.org/", <http://downscrs.xyz/index.php?rest_route=/wp/v2/pages/10602>; rel="alternate"; type="application/json", <http://downscrs.xyz/>; rel=shortlink
x-proxy-cache
HIT
set-cookie
uid=LbIFYmFe2vVW0XjgbOTyAg==; expires=Sat, 06-Nov-21 11:33:09 GMT; domain=$host; path=/
p3p
policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2FdCjxcdeW5x7OovbHbuUE6lUDCBm%2FHNI7KvBk2nhV4Bzdj0SUEfVQ5fKQQzzPu9laCvaJjQaq11JMvcQYRe7p%2BOSAAZGYuL%2Bx4StPXlmG6qa8Uio%2FxXk%2FbMxBSZQGA%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
69a6d020bb9d27bc-PRG
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
style.min.css?ver=5.8.1
downscrs.xyz/wp-includes/css/dist/block-library/
79 KB
11 KB
Stylesheet
General
Full URL
https://downscrs.xyz/wp-includes/css/dist/block-library/style.min.css?ver=5.8.1
Requested by
Host: downscrs.xyz
URL: https://downscrs.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.163.25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a

Request headers

:path
/wp-includes/css/dist/block-library/style.min.css?ver=5.8.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
downscrs.xyz
referer
https://downscrs.xyz/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://downscrs.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 07 Oct 2021 11:33:10 GMT
content-encoding
br
cf-cache-status
BYPASS
last-modified
Mon, 20 Sep 2021 08:43:40 GMT
server
cloudflare
x-microcachable
0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UJNkgCOa2vmo59lURb4WuhfRkJTwmkAHA90p82i1k1QcirczgyQ8OflsF5twGm%2FGAnvSw306wtS8%2BQM5guuykl7jOaoMKACO40Tjq6euitaDMJQwpqAEkojhIkbFqtI%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
content-type
text/css
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie
_mcnc=1; Max-Age=2; Path=/ uid=LbIFYmFe2vZGwXWRA6mFAg==; expires=Sat, 06-Nov-21 11:33:10 GMT; domain=$host; path=/
cf-ray
69a6d0214c1b27bc-PRG
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
style.css?ver=5.8.1
downscrs.xyz/wp-content/themes/ivideo/
2 KB
1 KB
Stylesheet
General
Full URL
https://downscrs.xyz/wp-content/themes/ivideo/style.css?ver=5.8.1
Requested by
Host: downscrs.xyz
URL: https://downscrs.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.163.25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb22ff6d3ebaa2ec79921696a704f2126bb7c5c5e52537dfb3b2e00e3ee34a63

Request headers

:path
/wp-content/themes/ivideo/style.css?ver=5.8.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
downscrs.xyz
referer
https://downscrs.xyz/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://downscrs.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 07 Oct 2021 11:33:10 GMT
content-encoding
br
cf-cache-status
BYPASS
last-modified
Mon, 20 Sep 2021 08:40:55 GMT
server
cloudflare
x-microcachable
0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I2U3spkLDz6MtKNVD%2BygUi5%2FFhVf%2B93vMNwoe0yx30EGYQlZhb3eRNoPqxUn44Bb3cl6uDXhVyxF%2BAeavDgEh2lGE0O2sFTNSUWkvmuDKgAWz182H2npv1ljanM0LDo%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
content-type
text/css
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie
_mcnc=1; Max-Age=2; Path=/ uid=LbIFYmFe2vZRXncgCZwaAg==; expires=Sat, 06-Nov-21 11:33:10 GMT; domain=$host; path=/
cf-ray
69a6d0214c1c27bc-PRG
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
invisible.js
downscrs.xyz/cdn-cgi/challenge-platform/h/g/scripts/
38 KB
14 KB
Script
General
Full URL
https://downscrs.xyz/cdn-cgi/challenge-platform/h/g/scripts/invisible.js
Requested by
Host: downscrs.xyz
URL: https://downscrs.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.163.25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5df7a95611bf3e1dbd6bb3aab7ed73b98c84806233888bc5650c97d9c0b916be

Request headers

:path
/cdn-cgi/challenge-platform/h/g/scripts/invisible.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
downscrs.xyz
referer
https://downscrs.xyz/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://downscrs.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 07 Oct 2021 11:33:09 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F8Tr1ZaRjcBv%2FP1zJ0a%2FvATI6aZgEVDZjTrawa54%2BdKgyHAL5I5J5XR3fwekNwA%2FIYvsVysChYzpiI1Eb5LLwjurzXJR8syUscAIlcM6M8vx6g9iTUlTnfhPk5A%2FcLk%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=604800, public
x-control-type-options
nosniff
cf-ray
69a6d0214c1e27bc-PRG
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
wp-embed.min.js?ver=5.8.1
downscrs.xyz/wp-includes/js/
1 KB
1 KB
Script
General
Full URL
https://downscrs.xyz/wp-includes/js/wp-embed.min.js?ver=5.8.1
Requested by
Host: downscrs.xyz
URL: https://downscrs.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.163.25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

:path
/wp-includes/js/wp-embed.min.js?ver=5.8.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
downscrs.xyz
referer
https://downscrs.xyz/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://downscrs.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 07 Oct 2021 11:33:10 GMT
content-encoding
br
cf-cache-status
BYPASS
last-modified
Thu, 29 Apr 2021 17:06:39 GMT
server
cloudflare
x-microcachable
0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OQ1sdcTJgYNWOd12PE%2ByQ4%2B4tzAPd2BugMHYr7GrFng4mve%2BII3Z7s3sJLHq%2BzaYT83e3hrrT3NHH%2FtMJafVVAwOQk7Cr98bw9kZlBtkVNqFwMO7AsepNjSl6nSHOoQ%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
content-type
application/javascript
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie
_mcnc=1; Max-Age=2; Path=/ uid=LbIFYmFe2vZas3mgbZg4Ag==; expires=Sat, 06-Nov-21 11:33:10 GMT; domain=$host; path=/
cf-ray
69a6d0214c1d27bc-PRG
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
68881dd8b72caf0194422455d0b10d44.js
urgesick.com/68/88/1d/
0
0
Script
General
Full URL
https://urgesick.com/68/88/1d/68881dd8b72caf0194422455d0b10d44.js
Requested by
Host: downscrs.xyz
URL: https://downscrs.xyz/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.17.6 /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://downscrs.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 07 Oct 2021 11:33:10 GMT
server
nginx/1.17.6
content-type
application/javascript
content-length
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
145 KB
51 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: downscrs.xyz
URL: https://downscrs.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
f2cd841d65819277a0aab05564e55314c7122b9f9bc953f7567450c1b44941fc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://downscrs.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 07 Oct 2021 11:33:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
51335
x-xss-protection
0
server
cafe
etag
7692668133321374726
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 07 Oct 2021 11:33:10 GMT
white_sand.png
downscrs.xyz/wp-content/themes/ivideo/images/
21 KB
22 KB
Image
General
Full URL
https://downscrs.xyz/wp-content/themes/ivideo/images/white_sand.png
Requested by
Host: downscrs.xyz
URL: https://downscrs.xyz/wp-content/themes/ivideo/style.css?ver=5.8.1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.163.25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10055ac3c9d72bba0edcf7813858f543e085183da9a554fe1cded14a7dc1b00f

Request headers

:path
/wp-content/themes/ivideo/images/white_sand.png
pragma
no-cache
cookie
_mcnc=1
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
downscrs.xyz
referer
https://downscrs.xyz/wp-content/themes/ivideo/style.css?ver=5.8.1
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://downscrs.xyz/wp-content/themes/ivideo/style.css?ver=5.8.1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 07 Oct 2021 11:33:10 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
21591
last-modified
Mon, 20 Jul 2015 14:56:46 GMT
server
cloudflare
x-microcachable
0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F7he7EO2nQJ9nO1qu0s3TUZvsSbBsGQRJiwrJmfpsSCtkOYWcl8Q7TJ%2F949oSGMrHTpKwgh8JnLM4pcLMr%2By7LeJVqip14QQisX6hWiSZSEBj08LW41l538qBOYZ8%2BY%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
set-cookie
_mcnc=1; Max-Age=2; Path=/ uid=LbIFYmFe2vZSdXeLC/K7Ag==; expires=Sat, 06-Nov-21 11:33:10 GMT; domain=$host; path=/
accept-ranges
bytes
cf-ray
69a6d021bfd727b4-PRG
qMYi6WkMnec?rel=0&showinfo=0
www.youtube.com/embed/ Frame C5FD
49 KB
22 KB
Document
General
Full URL
https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
Requested by
Host: downscrs.xyz
URL: https://downscrs.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.110 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f14.1e100.net
Software
ESF /
Resource Hash
534e766115f627838281d0a570025e3c364c77f752730bc2d63fb86bcad8f7e2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.youtube.com
:scheme
https
:path
/embed/qMYi6WkMnec?rel=0&showinfo=0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://downscrs.xyz/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://downscrs.xyz/

Response headers

content-type
text/html; charset=utf-8
x-content-type-options
nosniff
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Thu, 07 Oct 2021 11:33:10 GMT
strict-transport-security
max-age=31536000
permissions-policy
ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
cross-origin-opener-policy-report-only
same-origin; report-to="AZM8irYOyGiHPUipdmT4ndw90h_PnG3TnL0unA"
report-to
{"group":"AZM8irYOyGiHPUipdmT4ndw90h_PnG3TnL0unA","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8irYOyGiHPUipdmT4ndw90h_PnG3TnL0unA"}]}
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
content-encoding
br
server
ESF
x-xss-protection
0
set-cookie
YSC=FZqiaiSVmb8; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none VISITOR_INFO1_LIVE=hggEQeR3Rbg; Domain=.youtube.com; Expires=Tue, 05-Apr-2022 11:33:10 GMT; Path=/; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20211005/r20190131/ Frame 0088
10 KB
5 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20211005/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
e59f39fd9be6b3737942676248d273b23f94ab60f7b7e608230d6a107dccb7ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20211005/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://downscrs.xyz/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://downscrs.xyz/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Wed, 06 Oct 2021 20:10:53 GMT
expires
Wed, 20 Oct 2021 20:10:53 GMT
content-type
text/html; charset=UTF-8
etag
10398570473303663775
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4601
x-xss-protection
0
age
55337
cache-control
public, max-age=1209600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
native_render.js
superonclick.com/script/
4 KB
2 KB
Script
General
Full URL
https://superonclick.com/script/native_render.js
Requested by
Host: downscrs.xyz
URL: https://downscrs.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.189.120 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7965b4334f08b3c398843d721ab3b5535461f4183ec6bb0923d1ae092b9cfd51

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://downscrs.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-goog-hash
crc32c=rXethw==, md5=i4AdaMb2P574qaeqSEucdQ==
date
Thu, 07 Oct 2021 11:33:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2293
x-guploader-uploadid
ABg5-Ux3ugDbjZHv9rpPo7PWt7S1qud12-Vw4b8rTYh-k2UMds-oGdb-EGzLhtVd-VxsPwU_T52pajAPwTcwsdI7qDL8U18q4g
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 13 Feb 2019 10:15:50 GMT
server
cloudflare
etag
W/"8b801d68c6f63f9ef8a9a7aa484b9c75"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MBbqyk5%2B8kVTn0veef7TEYTuHNs%2B5CvWVNJbCBNuiMXSxe2nrsXCMq3%2F0CCAmxWtTj6oSJQeXhozvOOUp5kfiD3DghQoe9L8z%2FOKDubnjo5u2ABX25SJFF8iskU4SROCDD7R"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1550052950916101
access-control-allow-origin
*
content-type
application/javascript
cache-control
public, max-age=14400
x-goog-stored-content-length
4285
cf-ray
69a6d022a8f1694b-FRA
expires
Thu, 07 Oct 2021 11:17:02 GMT
native_server.js
superonclick.com/script/
9 KB
4 KB
Script
General
Full URL
https://superonclick.com/script/native_server.js
Requested by
Host: downscrs.xyz
URL: https://downscrs.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.189.120 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e282545f9f7c4117db91f8a2c33e5a1dad31f3c6edbe74b9776c1f8b85c166bd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://downscrs.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-goog-hash
crc32c=RAjq/g==, md5=Udh+nr2DH8yragFgeaYHkw==
date
Thu, 07 Oct 2021 11:33:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2293
x-guploader-uploadid
ADPycdt9-0Neg4qFlc1_qS1vxIkTfSADI55e8o4DTVjsirsAtnZdG2zERZgfrvWjZCvKfo0PVKip84u1VR0PJqBrt3wCn5XggA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 13 Feb 2019 10:15:52 GMT
server
cloudflare
etag
W/"51d87e9ebd831fccab6a016079a60793"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tfOj71RG52vQMigAONA3HhG6nMyA%2Fw6VtJy2GsZxjr5U1hCvm2tr0jzFbHxPKv52RHl59NsAsxZmmMKnanRm1sxCKPHw%2BJa4g5Ew0UwFJiLfbnXL5KZkyTvC25oxvgLoo4Ec"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1550052952705094
access-control-allow-origin
*
content-type
application/javascript
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=14400
x-goog-stored-content-length
9260
cf-ray
69a6d022a8f5694b-FRA
expires
Thu, 07 Oct 2021 11:28:46 GMT
www-player-webp.css
www.youtube.com/s/player/d33d444d/ Frame C5FD
332 KB
46 KB
Stylesheet
General
Full URL
https://www.youtube.com/s/player/d33d444d/www-player-webp.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.110 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f14.1e100.net
Software
sffe /
Resource Hash
5e634faa593de2f23eb01094d422f25d59063be4dda5e73868485e12c7ea74cb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 17:54:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
149931
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
46754
x-xss-protection
0
last-modified
Mon, 04 Oct 2021 00:23:33 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 05 Oct 2022 17:54:19 GMT
www-embed-player.js
www.youtube.com/s/player/d33d444d/www-embed-player.vflset/ Frame C5FD
202 KB
66 KB
Script
General
Full URL
https://www.youtube.com/s/player/d33d444d/www-embed-player.vflset/www-embed-player.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.110 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f14.1e100.net
Software
sffe /
Resource Hash
54c1c628db92dbc924f7cc8f4ed03dec8631677716d186c2506575d0adb4e66b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 06 Oct 2021 09:49:26 GMT
content-encoding
br
x-content-type-options
nosniff
age
92624
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
67698
x-xss-protection
0
last-modified
Mon, 04 Oct 2021 00:23:33 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 06 Oct 2022 09:49:26 GMT
base.js
www.youtube.com/s/player/d33d444d/player_ias.vflset/de_DE/ Frame C5FD
2 MB
510 KB
Script
General
Full URL
https://www.youtube.com/s/player/d33d444d/player_ias.vflset/de_DE/base.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.110 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f14.1e100.net
Software
sffe /
Resource Hash
ba616e55cf6440f83064ab19764d2d329e6ff0b35c31269e47378ef5c94622d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 07:10:00 GMT
content-encoding
br
x-content-type-options
nosniff
age
188590
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
521776
x-xss-protection
0
last-modified
Mon, 04 Oct 2021 00:23:33 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 05 Oct 2022 07:10:00 GMT
fetch-polyfill.js
www.youtube.com/s/player/d33d444d/fetch-polyfill.vflset/ Frame C5FD
8 KB
3 KB
Script
General
Full URL
https://www.youtube.com/s/player/d33d444d/fetch-polyfill.vflset/fetch-polyfill.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.110 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f14.1e100.net
Software
sffe /
Resource Hash
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 07:05:50 GMT
content-encoding
br
x-content-type-options
nosniff
age
188840
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2830
x-xss-protection
0
last-modified
Mon, 04 Oct 2021 00:23:33 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 05 Oct 2022 07:05:50 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame C5FD
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f3.1e100.net
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 09:07:47 GMT
x-content-type-options
nosniff
age
181523
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 05 Oct 2022 09:07:47 GMT
id?slf_rd=1
googleads.g.doubleclick.net/pagead/ Frame C5FD
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/id
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
113 B
161 B
XHR
General
Full URL
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
ea4d74cf40e9813326433c58c54abb041c0d4ad7b2541ec5de3206847fcffcfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 07 Oct 2021 11:33:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
133
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Thu, 07 Oct 2021 11:33:10 GMT
x-content-type-options
nosniff
access-control-allow-origin
https://www.youtube.com
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad_status.js
static.doubleclick.net/instream/ Frame C5FD
29 B
608 B
Script
General
Full URL
https://static.doubleclick.net/instream/ad_status.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/d33d444d/www-embed-player.vflset/www-embed-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.230 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f6.1e100.net
Software
sffe /
Resource Hash
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 07 Oct 2021 11:23:00 GMT
x-content-type-options
nosniff
age
610
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29
x-xss-protection
0
last-modified
Thu, 12 Dec 2013 23:40:16 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 07 Oct 2021 11:38:00 GMT
identify.html?frmt=0
ufpcdn.com/script/ Frame 651B
2 KB
2 KB
Document
General
Full URL
https://ufpcdn.com/script/identify.html?frmt=0
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/native_server.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.46.210 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ffb16355784a4a89472be6cb28c3408234ec0518326a3a1908797b8d8c78a76a

Request headers

:method
GET
:authority
ufpcdn.com
:scheme
https
:path
/script/identify.html?frmt=0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://downscrs.xyz/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://downscrs.xyz/

Response headers

date
Thu, 07 Oct 2021 11:33:10 GMT
content-type
text/html
last-modified
Tue, 15 May 2018 06:39:25 GMT
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
set-cookie
__cf_bm=d4OGo6qGXxZ1JcfXJOOpq9GHCf7Jf7RRY5DsQKDcHYI-1633606390-0-AW2JWHbjibD3VrCqAAtia9PULIOK6IDUOilVvaOAMeoMLHYTuL24L0Tn36ibIGvXE5b36myAxKYIPftLc2BQAf8=; path=/; expires=Thu, 07-Oct-21 12:03:10 GMT; domain=.ufpcdn.com; HttpOnly; Secure; SameSite=None
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5jtxsvq0fifNYBkpZvaE8vUGjHXKsgBFLnfg8MJMGzgt%2Bb7e5zOuPi59j6m%2BeydOfLnKiBrBo3xYelcNvZGBWOhBZUkrC8tWbB3nC%2BH%2BO626pQTU6NKt0njzkHtP"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
69a6d024ad632784-PRG
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
qoe?event=streamingstats&cpn=eneHxB6miGouukIa&el=embedded&docid=qMYi6WkMnec&ns=yt&fexp=23983296%2C24001373%2C24002022%2C24002025%2C24002922%2C24004644%2C24007246%2C24064555%2C24080738%2C24082662%2C...
www.youtube.com/api/stats/ Frame C5FD
0
19 B
Ping
General
Full URL
https://www.youtube.com/api/stats/qoe?event=streamingstats&cpn=eneHxB6miGouukIa&el=embedded&docid=qMYi6WkMnec&ns=yt&fexp=23983296%2C24001373%2C24002022%2C24002025%2C24002922%2C24004644%2C24007246%2C24064555%2C24080738%2C24082662%2C24091242%2C24101841%2C24106092%2C24108232&cl=400598098&seq=1&cbr=Chrome&cbrver=93.0.4577.63&c=WEB_EMBEDDED_PLAYER&cver=1.20211003.0.0&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&vps=0.000:N,0.000:ER&cmt=0.000:0.000,0.000:0.000&error=0.000:auth:0.000:0;a6s.0&vis=0.000:0&bh=0.000:0.000
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/d33d444d/player_ias.vflset/de_DE/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.110 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f14.1e100.net
Software
Video Stats Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 07 Oct 2021 11:33:10 GMT
x-content-type-options
nosniff
server
Video Stats Server
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
embed.js
www.youtube.com/s/player/d33d444d/player_ias.vflset/de_DE/ Frame C5FD
25 KB
7 KB
Script
General
Full URL
https://www.youtube.com/s/player/d33d444d/player_ias.vflset/de_DE/embed.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/d33d444d/player_ias.vflset/de_DE/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.110 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f14.1e100.net
Software
sffe /
Resource Hash
1203891266a0051b0451504d6c1eff9ade51827e56ebc7995c2fc1aafba93d9f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 07:10:17 GMT
content-encoding
br
x-content-type-options
nosniff
age
188573
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7357
x-xss-protection
0
last-modified
Mon, 04 Oct 2021 00:23:33 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 05 Oct 2022 07:10:17 GMT
data:truncated
data:truncated Frame C5FD
346 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0f5f4b730907675018b1e42156f20ad3744dac0ace5697fd8102f2c83ff1c08f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
native.php?nwpsv=1&r=4910187&cbrandom=0.9045499744296903&cbWidth=1600&cbHeight=1200&cbtitle=EMBED%20STREAMING%20VIDEOS%20%7C%20Embed%20Streaming%20Videos&cbref=&cbdescription=&cbkeywords=&cbiframe=...
discovernative.com/script/
0
71 B
Script
General
Full URL
https://discovernative.com/script/native.php?nwpsv=1&r=4910187&cbrandom=0.9045499744296903&cbWidth=1600&cbHeight=1200&cbtitle=EMBED%20STREAMING%20VIDEOS%20%7C%20Embed%20Streaming%20Videos&cbref=&cbdescription=&cbkeywords=&cbiframe=0&&ufp=18775327665667797701423744222&callback=jsonp245444
Requested by
Host: downscrs.xyz
URL: https://downscrs.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.31.231 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
231.31.211.130.bc.googleusercontent.com
Software
openresty /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://downscrs.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 07 Oct 2021 11:33:10 GMT
via
1.1 google
server
openresty
alt-svc
clear
log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
www.youtube.com/youtubei/v1/ Frame C5FD
28 B
50 B
XHR
General
Full URL
https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/d33d444d/www-embed-player.vflset/www-embed-player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.110 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f14.1e100.net
Software
scaffolding on HTTPServer2 /
Resource Hash
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
application/json
X-YouTube-Utc-Offset
0
X-YouTube-Client-Name
56
Referer
https://www.youtube.com/embed/qMYi6WkMnec?rel=0&showinfo=0
X-YouTube-Client-Version
1.20211003.0.0
X-YouTube-Time-Zone
Etc/Unknown
X-Goog-Visitor-Id
CgtoZ2dFUWVSM1JiZyj2tfuKBg%3D%3D
X-YouTube-Ad-Signals
dt=1633606390305&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C980%2C490&vis=1&wgl=true&ca_type=image&bid=ANyPxKpjwDxuxEPGY__loXyPSIdTmiW9pZacQ9RgvtnwmWRue_MhM0ezPlp0vDyCdfQQK9Ds_kEqpO8EL-gbKTMFy7wv786aww

Response headers

date
Thu, 07 Oct 2021 11:33:12 GMT
content-encoding
br
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
vary
Origin, X-Origin, Referer
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31
x-xss-protection
0

Verdicts & Comments Add Verdict or Comment

37 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| onbeforexrselect boolean| originAgentCluster function| __cf_worker_run_after_load function| __cf_run_after_load object| zoneNativeSett object| urls function| acPrefetch object| nativeInit object| nativeForPublishers object| wp object| google_js_reporting_queue number| google_srt object| google_logging_queue object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state boolean| _gfp_a_ object| adsbygoogle string| google_user_agent_client_hint object| _0x32b6 function| _0xda00 object| CTAHKA function| ufpAttach boolean| wait function| native_request object| _0x50db function| _0x48ba function| setupAd object| CTABPuNative object| __CF$cv$params string| zone object| adcashUfp function| jsonp245444

5 Cookies

Domain/Path Name / Value
.youtube.com/ Name: YSC
Value: FZqiaiSVmb8
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: hggEQeR3Rbg
.doubleclick.net/ Name: IDE
Value: AHWqTUkqUbfVtt_i6bUJNBQvZymXiZYu-VaoMK1DqLRZxZkBL2TI6SJRMJH4a5xm
.ufpcdn.com/ Name: __cf_bm
Value: d4OGo6qGXxZ1JcfXJOOpq9GHCf7Jf7RRY5DsQKDcHYI-1633606390-0-AW2JWHbjibD3VrCqAAtia9PULIOK6IDUOilVvaOAMeoMLHYTuL24L0Tn36ibIGvXE5b36myAxKYIPftLc2BQAf8=
downscrs.xyz/ Name: adcashufpv3
Value: 18775327665667797701423744222

1 Console Messages

Source Level URL
Text
network error URL: https://urgesick.com/68/88/1d/68881dd8b72caf0194422455d0b10d44.js
Message:
Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

discovernative.com
downscrs.xyz
fonts.gstatic.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
static.doubleclick.net
superonclick.com
ufpcdn.com
urgesick.com
www.youtube.com
104.21.46.210
130.211.31.231
142.250.184.230
142.250.185.66
172.217.16.130
172.217.23.110
172.217.23.99
172.64.163.25
172.67.189.120
192.243.59.12
0f5f4b730907675018b1e42156f20ad3744dac0ace5697fd8102f2c83ff1c08f
10055ac3c9d72bba0edcf7813858f543e085183da9a554fe1cded14a7dc1b00f
1203891266a0051b0451504d6c1eff9ade51827e56ebc7995c2fc1aafba93d9f
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
534e766115f627838281d0a570025e3c364c77f752730bc2d63fb86bcad8f7e2
54c1c628db92dbc924f7cc8f4ed03dec8631677716d186c2506575d0adb4e66b
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5df7a95611bf3e1dbd6bb3aab7ed73b98c84806233888bc5650c97d9c0b916be
5e634faa593de2f23eb01094d422f25d59063be4dda5e73868485e12c7ea74cb
662029f3718d3bf60503924e5a1956c1d9266f8f532ace6f13ed42e9ac0cde6f
7965b4334f08b3c398843d721ab3b5535461f4183ec6bb0923d1ae092b9cfd51
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
ba616e55cf6440f83064ab19764d2d329e6ff0b35c31269e47378ef5c94622d3
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
e282545f9f7c4117db91f8a2c33e5a1dad31f3c6edbe74b9776c1f8b85c166bd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e59f39fd9be6b3737942676248d273b23f94ab60f7b7e608230d6a107dccb7ac
ea4d74cf40e9813326433c58c54abb041c0d4ad7b2541ec5de3206847fcffcfa
eb22ff6d3ebaa2ec79921696a704f2126bb7c5c5e52537dfb3b2e00e3ee34a63
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
f2cd841d65819277a0aab05564e55314c7122b9f9bc953f7567450c1b44941fc
ffb16355784a4a89472be6cb28c3408234ec0518326a3a1908797b8d8c78a76a