www.up21.xyz Open in urlscan Pro
2606:4700:3037::6815:5752 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.up21.xyz/
Effective URL:
https://www.up21.xyz/
Submission: On November 24 via manual (November 24th 2021, 9:17:05 pm UTC) from US — Scanned from DE

Summary HTTP 84 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 15 IPs in 3 countries across 11 domains to perform 84 HTTP transactions. The main IP is 2606:4700:3037::6815:5752, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.up21.xyz.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 11th 2021. Valid for: a year.

This is the only time www.up21.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 19	2606:4700:303... 2606:4700:3037::6815:5752	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1 1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
1	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
13	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
19	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
1 2	142.250.74.198 142.250.74.198	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
2 4	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
84	15

19 2606:4700:3037::6815:5752 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.up21.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
up21.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland) 1 redirects

ASN2635 (AUTOMATTIC, US)

www.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i0.wp.com

i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.74.198 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
31	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	396 KB
19	up21.xyz 1 redirects www.up21.xyz up21.xyz	132 KB
13	doubleclick.net 1 redirects googleads.g.doubleclick.net ad.doubleclick.net	124 KB
8	gstatic.com www.gstatic.com fonts.gstatic.com	73 KB
7	google.com 2 redirects adservice.google.com www.google.com	2 KB
3	googletagservices.com www.googletagservices.com	110 KB
3	google.de adservice.google.de	1 KB
2	googleapis.com fonts.googleapis.com	2 KB
1	googleadservices.com partner.googleadservices.com	634 B
1	wp.com i1.wp.com	7 KB
1	gravatar.com 1 redirects www.gravatar.com	321 B
84	11

	Domain	Requested by
19	tpc.googlesyndication.com	www.up21.xyz googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
17	up21.xyz	www.up21.xyz up21.xyz
12	pagead2.googlesyndication.com	www.up21.xyz pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
11	googleads.g.doubleclick.net	pagead2.googlesyndication.com www.up21.xyz googleads.g.doubleclick.net
6	www.gstatic.com	googleads.g.doubleclick.net
4	www.google.com	2 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
3	www.googletagservices.com	googleads.g.doubleclick.net
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
2	fonts.gstatic.com	fonts.googleapis.com
2	fonts.googleapis.com	googleads.g.doubleclick.net
2	ad.doubleclick.net	1 redirects googleads.g.doubleclick.net
2	www.up21.xyz	1 redirects
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	i1.wp.com	www.up21.xyz
1	www.gravatar.com	1 redirects
84	16

This site contains links to these domains. Also see Links.

Domain
www.kleeja.xyz
up21.xyz
kleeja.net

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-11` - `2022-06-10`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh

This page contains 15 frames:

Primary Page: https://www.up21.xyz/
Frame ID: 54B205FD507326DBD4945251EA5D21F8
Requests: 32 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20190131/zrt_lookup.html
Frame ID: 449F8357BAE74700A42A3ABEF2221F14
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9707157708013635&output=html&h=280&slotname=6338967592&adk=884537737&adf=1845021574&pi=t.ma~as.6338967592&w=930&fwrn=4&fwrnh=100&lmt=1637788620&rafmt=1&psa=0&format=930x280&url=https%3A%2F%2Fwww.up21.xyz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637788620399&bpp=4&bdt=735&idt=87&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&correlator=3858745597373&frm=20&pv=2&ga_vid=432152600.1637788620&ga_sid=1637788620&ga_hid=2079631533&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=335&ady=180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753657%2C31062890&oid=2&pvsid=3695968104361273&pem=844&tmod=964625108&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=nhy48Fr35D&p=https%3A//www.up21.xyz&dtd=101
Frame ID: 3291EE2B069ED0ED4E69A09DEA953A40
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9707157708013635&output=html&h=280&slotname=6338967592&adk=884537737&adf=1868731166&pi=t.ma~as.6338967592&w=930&fwrn=4&fwrnh=100&lmt=1637788620&rafmt=1&psa=0&format=930x280&url=https%3A%2F%2Fwww.up21.xyz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637788620403&bpp=1&bdt=739&idt=104&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&prev_fmts=930x280&correlator=3858745597373&frm=20&pv=1&ga_vid=432152600.1637788620&ga_sid=1637788620&ga_hid=2079631533&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=335&ady=775&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753657%2C31062890&oid=2&pvsid=3695968104361273&pem=844&tmod=964625108&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=nXlh11KbKE&p=https%3A//www.up21.xyz&dtd=108
Frame ID: 31FE85F6DE59A96C6FFABE1F5E119629
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9707157708013635&output=html&adk=1812271804&adf=3025194257&lmt=1637788620&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.up21.xyz%2F&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637788620675&bpp=1&bdt=1011&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D23984af82c9f0662-22e6c49af2cb001b%3AT%3D1637788620%3ART%3D1637788620%3AS%3DALNI_MbvhE29aNx2bTO9BKH9hv5tSz-8jw&prev_fmts=930x280%2C930x280&nras=1&correlator=3858745597373&frm=20&pv=1&ga_vid=432152600.1637788620&ga_sid=1637788620&ga_hid=2079631533&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753657%2C31062890&oid=2&pvsid=3695968104361273&pem=844&tmod=964625108&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&dtd=9
Frame ID: 976A87FCEF007691CB57415BFE1F5192
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5378696943970669340/970x250/banner/index.html
Frame ID: 4DBD3CCF5122A238B889A7C086F34960
Requests: 6 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B26668477.317496569;dc_pre=CLa-6If2sfQCFR_quwgdlecDkg;dc_trk_aid=510048854;dc_trk_cid=159895174;ord=2492632514;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=
Frame ID: 3720F82928D7B287B5C36DDF4B0F1730
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 2A0FECACCC2F2A0AD44DDC4AD87FC33F
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: E528CBA3B9ED75F0E984EB93BC2C8766
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1
Frame ID: 6E97B66F218BA37944F8BC37025F3B56
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/W74_wbIuhH6bObXj0uCjode8PwiBrxgOKnAqo6ShAmY.js
Frame ID: 862CF3EEDD71BCE28B8A59E776B84598
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/load_preloaded_resource_fy2019.js
Frame ID: EB8FD585735CDED9E8EABD0A9748674B
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/W74_wbIuhH6bObXj0uCjode8PwiBrxgOKnAqo6ShAmY.js
Frame ID: C0558A2ED35DC4E4E99359F5ECEB9843
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 1FCD310FF839D3AA5CFD83B14F2211AC
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 5F693DC851150173783D876524E09A95
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

رفع الملفات - المناهج الدراسية

Page URL History Show full URLs

http://www.up21.xyz/ HTTP 301
https://www.up21.xyz/ Page URL

Page Statistics

84
Requests

98 %
HTTPS

80 %
IPv6

11
Domains

16
Subdomains

15
IPs

3
Countries

846 kB
Transfer

2199 kB
Size

5
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: http://www.kleeja.xyz/
Title: Kleeja

Search URL Search Domain Scan URL

URL: https://up21.xyz/
Title: رفع الملفات - المناهج الدراسية

Search URL Search Domain Scan URL

URL: https://kleeja.net/
Title: Kleeja

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.up21.xyz/ HTTP 301
https://www.up21.xyz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

https://www.gravatar.com/avatar/d41d8cd98f00b204e9800998ecf8427e?s=100&d=https%3A%2F%2Fup21.xyz%2Fstyles%2Fdefault2%2Fimages%2Fuser_avater.png HTTP 302
https://i1.wp.com/up21.xyz/styles/default2/images/user_avater.png?ssl=1

Request Chain 30

https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B26668477.317496569;dc_trk_aid=510048854;dc_trk_cid=159895174;ord=2492632514;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B26668477.317496569;dc_pre=CLa-6If2sfQCFR_quwgdlecDkg;dc_trk_aid=510048854;dc_trk_cid=159895174;ord=2492632514;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=

Request Chain 52

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 59

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

84 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.up21.xyz/
Redirect Chain

http://www.up21.xyz/
https://www.up21.xyz/

9 KB
4 KB

140ms
92ms

Document
text/html

2606:4700:3037::6815:5752
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.up21.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6815:5752 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.0.33

Resource Hash

e23f462090fdbc138a86a7d09adbf1d873b073f94d134ef7f7ece3c459bd62a5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Wed, 24 Nov 2021 21:16:59 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.0.33
cache-control: private, no-cache="set-cookie"
expires: 0
pragma: no-cache
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
vary: Accept-Encoding
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aCEhDKbeEC%2BSHHCisSivFj1YsnarBFCYzlpZCNac%2FDqsXc%2FbSZcP2sQhsbbBgBCWZYhShFiXowDlo1wK6%2FO27sZqeapwjzsjxtJTLBm1VCqagZZS77qtTEPw6GftuIVEnhfqkXF2z%2BFLP78%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6b35a9586f2b2c52-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

Date: Wed, 24 Nov 2021 21:16:59 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
location: https://www.up21.xyz/
content-security-policy: upgrade-insecure-requests
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RG3SZMMkxH%2Fi0bpDs9JW5L5veTCsLHLXKE4Tlo8mHow5Pt%2BAnV1gYg%2Bzn9NBA7XinEhYhUEz7tC7XbL5I97QH%2BVJ8x7EytdICQUs97yUQznz6v%2BapWVw5%2BoRUsAvECNEVCcuxa7sr%2BQeB3Y%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 6b35a9541fef7348-MRS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 stylesheet.css
up21.xyz/styles/default2/css/ 20 KB
6 KB 606ms
219ms Stylesheet
text/css 2606:4700:3037::6815:5752
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://up21.xyz/styles/default2/css/stylesheet.css

Requested by

Host: www.up21.xyz
URL: https://www.up21.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6815:5752 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

435cac89f3499a15e2f15d7a8c856e3206e21894bdf0eea0b1f8dfd0e6bbb2d9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:17:00 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 131548
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Wed, 09 Dec 2020 16:41:03 GMT
server: cloudflare
etag: W/"50a1-5fd0fe1f-370bf82a1026559b;gz"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ohll%2FCOewkiLxTEQC2O7aw%2Be%2BdCW45UGQA3FRcL6RcRY3GqdqHVC%2Blt1YbGjfMc7IxXeB86cU5MdITtnOVO9RW0UbxztKe%2B6TP80lCpaAR%2FFKNUK9PIDHUpx71kt3lqc0IMBHVdB%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
content-security-policy: upgrade-insecure-requests
cf-ray: 6b35a95b8da10fe6-MRS
expires: Tue, 30 Nov 2021 08:44:32 GMT

GET
H2 200 color.css
up21.xyz/styles/default2/css/ 16 KB
5 KB 575ms
188ms Stylesheet
text/css 2606:4700:3037::6815:5752
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://up21.xyz/styles/default2/css/color.css

Requested by

Host: www.up21.xyz
URL: https://www.up21.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6815:5752 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c054958d11ef890a9aae16d79ddc90908eedccdf3de4491d0159046f50102a9c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:17:00 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 190826
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Wed, 09 Dec 2020 16:41:02 GMT
server: cloudflare
etag: W/"4073-5fd0fe1e-8056b1202e72f0fe;gz"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hk%2BbfN3KudIu8FCyFLSknQDlhvXuC3OjzDTUa06pKWHl3YjwZdGFDbVKnV3up2gpdbWlhLyX6As3cniMw7YCRNVRraOPj6xXfR27LYI5etRDOd4lM8uNAakFwI%2F5SMeiWfUEp%2BTs1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
content-security-policy: upgrade-insecure-requests
cf-ray: 6b35a95b8da20fe6-MRS
expires: Mon, 29 Nov 2021 16:16:34 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
51 KB 81ms
48ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.up21.xyz
URL: https://www.up21.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e9ec29d43b2f96e10e709afa06debfa4620bf7f31981fbd08ab170761ca4ccd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:17:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51206
x-xss-protection: 0
server: cafe
etag: 4282624042640332041
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 24 Nov 2021 21:17:00 GMT

GET
H2

200

user_avater.png
i1.wp.com/up21.xyz/styles/default2/images/
Redirect Chain

https://www.gravatar.com/avatar/d41d8cd98f00b204e9800998ecf8427e?s=100&d=https%3A%2F%2Fup21.xyz%2Fstyles%2Fdefault2%2Fimages%2Fuser_avater.png
https://i1.wp.com/up21.xyz/styles/default2/images/user_avater.png?ssl=1

7 KB
7 KB

26ms
7ms

Image
image/webp

192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/up21.xyz/styles/default2/images/user_avater.png?ssl=1

Requested by

Host: www.up21.xyz
URL: https://www.up21.xyz/

Protocol

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

e03aa5c668dcff1060b2c532e77c6f086fb930b5f914b06a76bac345699a7e11

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Wed, 24 Nov 2021 21:17:00 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Oct 2021 15:31:59 GMT
server: nginx
etag: "483a754129ccc4d9"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://up21.xyz/styles/default2/images/user_avater.png>; rel="canonical"
content-length: 6834
expires: Thu, 26 Oct 2023 03:31:59 GMT

Redirect headers

x-nc: HIT mxp 2
date: Wed, 24 Nov 2021 21:17:00 GMT
last-modified: Tue, 23 Mar 2010 23:51:21 GMT
server: nginx
content-type: text/html; charset=utf-8
location: https://i1.wp.com/up21.xyz/styles/default2/images/user_avater.png?ssl=1
cache-control: max-age=300
link: <https://www.gravatar.com/avatar/d41d8cd98f00b204e9800998ecf8427e?s=100&d=https%3A%2F%2Fup21.xyz%2Fstyles%2Fdefault2%2Fimages%2Fuser_avater.png>; rel="canonical"
content-length: 0
expires: Wed, 24 Nov 2021 21:22:00 GMT

GET
H3 200 login.png
up21.xyz/styles/default2/images/ 483 B
1 KB 31ms
30ms Image
image/png 2606:4700:3037::6815:5752
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://up21.xyz/styles/default2/images/login.png

Requested by

Host: www.up21.xyz
URL: https://www.up21.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:5752 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

94052834c59df9aaf00edf46bd6d25b436f8857e9c8c6dbd1e5e71056793b2ea

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:17:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 96011
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 483
last-modified: Wed, 09 Dec 2020 16:41:20 GMT
server: cloudflare
etag: "1e3-5fd0fe30-7fe387f0267a14c3;;;"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=La9CCJNOADA5vV6UpGHhsOdzFHcuGANg2OjSqkuq4vioJPyTalW96RfviwtkzBzXywC2RTwy3w2qh4Cnjfme5wZzTk9k79oAtW7byWW12cPs%2FWc8lNk%2Fz66RSkDCPqxJdegkJhIp1w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
cf-ray: 6b35a95cebc3216f-DUS
expires: Tue, 30 Nov 2021 18:36:49 GMT

GET
H3 200 Smile.png
up21.xyz/styles/default2/images/ 524 B
1 KB 277ms
277ms Image
image/png 2606:4700:3037::6815:5752
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://up21.xyz/styles/default2/images/Smile.png

Requested by

Host: www.up21.xyz
URL: https://www.up21.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:5752 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb0ff882cd56bb534401fff7ad1604b48873ce7096a9802f7ac64d0d09bbba43

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:17:00 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 524
last-modified: Wed, 09 Dec 2020 16:41:24 GMT
server: cloudflare
etag: "20c-5fd0fe34-776dbab58d7e9c2a;;;"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yn%2FdP6G%2BUHYUKFYO8ueE3kvsnRSRBePQ%2BKld7LL4sACy9FjbEmzOrzcl0sOb1vzBp8c7%2BkXxIWmaSxKhDMfwt4IRRkj87fQl1PKwG57RTaRde%2F9ye%2BT%2FOPy6jqnTxNKUR%2BLcDbp9cw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
cf-ray: 6b35a95cebc6216f-DUS
expires: Wed, 01 Dec 2021 21:17:00 GMT

GET
H3 200 loading.gif
up21.xyz/styles/default2/images/ 11 KB
11 KB 274ms
274ms Image
image/gif 2606:4700:3037::6815:5752
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://up21.xyz/styles/default2/images/loading.gif

Requested by

Host: www.up21.xyz
URL: https://www.up21.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:5752 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5ae4fe8bf1ae5bf28f92eb3194297ded77c7c0c7c0b8aa9fde1d9c1b5349965

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:17:00 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 10819
last-modified: Wed, 09 Dec 2020 16:41:20 GMT
server: cloudflare
etag: "2a43-5fd0fe30-ff37493dbb36a257;;;"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BMubV96EpLDdMBAIXLjNJhUsoNwEG%2BSX1TmiOWK5iS1SgEU%2FPCW69ocWygwKr9ykTOtCDNRZ%2BQ9yyH5UyWD7A%2Fn%2FI%2FSt20xXvAeNX7Ots%2BpEggi32s2oTGh4HkmxEpIcBRcn5e6faA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
cf-ray: 6b35a95cebc8216f-DUS
expires: Wed, 01 Dec 2021 21:17:00 GMT

GET
H2 200 jquery.js Show response
up21.xyz/styles/default2/ 90 KB
33 KB 401ms
400ms Script
application/x-javascript 2606:4700:3037::6815:5752
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://up21.xyz/styles/default2/jquery.js

Requested by

Host: www.up21.xyz
URL: https://www.up21.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6815:5752 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:17:00 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 132823
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Wed, 09 Dec 2020 16:40:58 GMT
server: cloudflare
etag: W/"169d5-5fd0fe1a-2d68b168d3bf481;gz"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kUf3diDeoks%2FRl4Dfuv05CWyI9g76U1QhP6NwxoQfIJs6J50YsJHOQaryWstR%2BVHFpsMBBFOF82Z%2B4nMDAqnndc2vJcMGDWL%2FsU4mgFlhmPehob4g4ZbO1gOP8iq3Gok75A1H6xQQw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
content-security-policy: upgrade-insecure-requests
cf-ray: 6b35a95ccfd20fe6-MRS
expires: Tue, 30 Nov 2021 08:23:17 GMT

GET
H3 200 go.php
up21.xyz/ 43 B
736 B 280ms
280ms Image
image/gif 2606:4700:3037::6815:5752
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://up21.xyz/go.php?go=queue

Requested by

Host: www.up21.xyz
URL: https://www.up21.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:5752 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.0.33

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:17:00 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: PHP/7.0.33
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yl6jaMyHr8ytFOyyc5thbFcIiEtXAsx22PuhB1roxh3UKcSnO3h1YPEtKZnPJ4PLad9JJKxmrEK2%2BoLideBvLCbBnxNol95OhRHh%2F%2BAfJla%2BV7kjdkKxoOeU9VUH0Ll2GMD68yB7wA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache
x-turbo-charged-by: LiteSpeed
content-security-policy: upgrade-insecure-requests
cf-ray: 6b35a95cebca216f-DUS
expires: 0

GET
H3 200 bg_body.png
up21.xyz/styles/default2/images/ 2 KB
2 KB 51ms
51ms Image
image/png 2606:4700:3037::6815:5752
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://up21.xyz/styles/default2/images/bg_body.png

Requested by

Host: up21.xyz
URL: https://up21.xyz/styles/default2/css/color.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:5752 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e326414b139cf8debde286208bd69325265ef5fb4d4ac4b0e9cb9902e299d07d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://up21.xyz/styles/default2/css/color.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:17:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 357013
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1547
last-modified: Wed, 09 Dec 2020 16:41:06 GMT
server: cloudflare
etag: "60b-5fd0fe22-9dd2d908806254d0;;;"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=opqSBBVRuY8WcMCql6Emg0ahtnVGKC5OyKWZD3806ule347N4Mr7jqgaV6xnTE8zueQbyS1sREfP4z5MibsxlVhNUfin2IIO9pmwMhJ0YO8NvpLlqwtbBeIxLZv6b4SoVCU5qrdrcA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
cf-ray: 6b35a95cebcd216f-DUS
expires: Sat, 27 Nov 2021 18:06:47 GMT

GET
H3 200 bg_main.png
up21.xyz/styles/default2/images/ 21 KB
22 KB 31ms
31ms Image
image/png 2606:4700:3037::6815:5752
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://up21.xyz/styles/default2/images/bg_main.png

Requested by

Host: up21.xyz
URL: https://up21.xyz/styles/default2/css/color.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:5752 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0f0dda1b8b71db4f82c685caac6121029b4a78c664f7470ea19f997e32d82e66

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://up21.xyz/styles/default2/css/color.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:17:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 357013
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 21624
last-modified: Wed, 09 Dec 2020 16:41:08 GMT
server: cloudflare
etag: "5478-5fd0fe24-55e4339f8a0707e2;;;"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W1x5ouPvMv4nbUJ3OYEnyA23Tb5ox5IMOuGX6uqh4TwJPOylQdLQVMDPz%2BOnZLUhtELtqlqvADjcDbsc5ISkaVVmq4%2FYhAjgSBXsG08EX4cskAfKTXpCztqX7dz4DCC0egf%2Bamaerw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
cf-ray: 6b35a95cebce216f-DUS
expires: Sat, 27 Nov 2021 18:06:47 GMT

GET
H3 200 logo.png
up21.xyz/styles/default2/images/ 8 KB
8 KB 30ms
30ms Image
image/png 2606:4700:3037::6815:5752
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://up21.xyz/styles/default2/images/logo.png

Requested by

Host: up21.xyz
URL: https://up21.xyz/styles/default2/css/color.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:5752 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46f2cc169455272711dce4e77c23fec4ee56319d7805f7ce51d1bfa5aed1c5a2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://up21.xyz/styles/default2/css/color.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:17:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 357013
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 7793
last-modified: Mon, 25 Oct 2021 09:04:31 GMT
server: cloudflare
etag: "1e71-6176731f-67aceebe44d9c43d;;;"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2Fuldyz8Vna%2BeFPJP2xb5v3yFS1G4MocmqJCP0yQNiQ%2Ff2td0px1xjGoyldjJ7OybvtKF0LxjuV%2BsDqgl29UWhH5yLYa3S9s6iXujaW7W1f9Sya8kn1R71%2BmeZ8NqYaHoOQNTv%2B4OQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
cf-ray: 6b35a95cebd0216f-DUS
expires: Sat, 27 Nov 2021 18:06:47 GMT

GET
H3 200 menu-bg.gif
up21.xyz/styles/default2/images/ 163 B
844 B 68ms
68ms Image
image/gif 2606:4700:3037::6815:5752
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://up21.xyz/styles/default2/images/menu-bg.gif

Requested by

Host: up21.xyz
URL: https://up21.xyz/styles/default2/css/color.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:5752 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e74e09a1f6beae56dc697aa6d2edff202baab9ff0609bf1b75f595d779da30a1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://up21.xyz/styles/default2/css/color.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:17:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 357013
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 163
last-modified: Wed, 09 Dec 2020 16:41:21 GMT
server: cloudflare
etag: "a3-5fd0fe31-e28a86192f17d3c5;;;"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0nqrxLlXN%2FzZrnWYDNxQDc1gol0oi26deydagZKYmmpHWsuWp0rty9zsZsLbQWqi60UeV6N7%2BCR2mI%2FmPN4YcHU4KX%2FaY7sMJKrl5OvP%2BLwtbHgC0e817S5MPMzddWDO4IsyIxNt%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
cf-ray: 6b35a95cebd1216f-DUS
expires: Sat, 27 Nov 2021 18:06:47 GMT

GET
H3 200 current-bg.gif
up21.xyz/styles/default2/images/ 94 B
766 B 272ms
272ms Image
image/gif 2606:4700:3037::6815:5752
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://up21.xyz/styles/default2/images/current-bg.gif

Requested by

Host: up21.xyz
URL: https://up21.xyz/styles/default2/css/color.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:5752 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e133669e6105067f591e1cbf26d44116cf047b34971e5d20f06a7dd272e075f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://up21.xyz/styles/default2/css/color.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:17:00 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 94
last-modified: Wed, 09 Dec 2020 16:41:14 GMT
server: cloudflare
etag: "5e-5fd0fe2a-6be075b371f70e44;;;"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PlKIA3W8jj13ubvG%2BAGYS0cyk67BXYHHcDiqdIaLcsJD2O%2BixiEwSeXmXiTf9UqfQvFrs%2FlDXxjVb3VYGfXohbKJjQJnuB2EKzbIHR8pMypfuwvWyZooJ5Sl7uU2lvk32bC3B3MjMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
cf-ray: 6b35a95cebd2216f-DUS
expires: Wed, 01 Dec 2021 21:17:00 GMT

GET
H3 200 sidebar.png
up21.xyz/styles/default2/images/ 6 KB
7 KB 48ms
48ms Image
image/png 2606:4700:3037::6815:5752
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://up21.xyz/styles/default2/images/sidebar.png

Requested by

Host: up21.xyz
URL: https://up21.xyz/styles/default2/css/color.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:5752 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2ce4b50a8e7fe386e9fde8472ddad1e7ac002b6264a96f77d484eaffe1b6e1f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://up21.xyz/styles/default2/css/color.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:17:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 201576
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 6044
last-modified: Wed, 09 Dec 2020 16:41:24 GMT
server: cloudflare
etag: "179c-5fd0fe34-d206905dcaae7cdb;;;"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jI0uTLwDP9gMGL%2B0aibOFLyYzt7IO8dDbu%2FVi%2B31LbbIRFyrHiNheN2dLNcNK49lqplCfTgKsjtbff%2BsZXUbW%2F4NgTD9PStbwb6PVC3d60Tv1NRB1ernspBrfpYxyuQwu2mHPycpRA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
cf-ray: 6b35a95cebd3216f-DUS
expires: Mon, 29 Nov 2021 13:17:24 GMT

GET
H3 200 bg_dots.gif
up21.xyz/styles/default2/images/ 47 B
723 B 29ms
29ms Image
image/gif 2606:4700:3037::6815:5752
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://up21.xyz/styles/default2/images/bg_dots.gif

Requested by

Host: up21.xyz
URL: https://up21.xyz/styles/default2/css/color.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:5752 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

31f0fbf23d83b61c800345bc42194a33ac425318c33c29150a97c4ce7831353c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://up21.xyz/styles/default2/css/color.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:17:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 357013
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 47
last-modified: Wed, 09 Dec 2020 16:41:07 GMT
server: cloudflare
etag: "2f-5fd0fe23-eb3529ce8a4c372e;;;"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lBP5E4EK3SkmFQlGBPKFGk3MCzpxbxIOCuLLc2w5ZJE6YdgG5hKUfDI4ymjZ%2BAWhcubP31RRJI7ez09TEQvnzSCPNhW6PdjRxfTkEL30tlcTM9epE3nuoAxXbjXOjDtACikSKQ8%2BSw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
cf-ray: 6b35a95cebd4216f-DUS
expires: Sat, 27 Nov 2021 18:06:47 GMT

GET
H3 200 bg_tabbertab.png
up21.xyz/styles/default2/images/ 347 B
1 KB 270ms
270ms Image
image/png 2606:4700:3037::6815:5752
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://up21.xyz/styles/default2/images/bg_tabbertab.png

Requested by

Host: up21.xyz
URL: https://up21.xyz/styles/default2/css/stylesheet.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:5752 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

965a3f065f3c52441d35e9b1c25b280b54d227d4cc3a6987005f18a7aee725f2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://up21.xyz/styles/default2/css/stylesheet.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:17:00 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 347
last-modified: Wed, 09 Dec 2020 16:41:10 GMT
server: cloudflare
etag: "15b-5fd0fe26-54f01f7238ed5db2;;;"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NpeK5jlZPkBlc6JbMHSNRm%2F53GiGXZhw%2BnVCEWSk8wDEwZExz0GffXciUXpiU3MOOqvDPSDi0kv55H%2BhYVxctf3H5j1uRpYMCJaBMp%2FgSNMpkCWMMbqZQ4Blz%2BLxo5Kq7byIym%2BiNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
cf-ray: 6b35a95cebd6216f-DUS
expires: Wed, 01 Dec 2021 21:17:00 GMT

GET
H3 200 go_up.png
up21.xyz/styles/default2/images/ 21 KB
22 KB 281ms
280ms Image
image/png 2606:4700:3037::6815:5752
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://up21.xyz/styles/default2/images/go_up.png

Requested by

Host: up21.xyz
URL: https://up21.xyz/styles/default2/css/stylesheet.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:5752 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6571808cd03d1d388f259b1b869851be7033edd254b9a39a88bd34ce30921573

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://up21.xyz/styles/default2/css/stylesheet.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:17:00 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 21351
last-modified: Wed, 09 Dec 2020 16:41:17 GMT
server: cloudflare
etag: "5367-5fd0fe2d-b898183216abba38;;;"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z5VFOmyD5be%2F%2FiBCgL0PMKezN9r7QL3fi5GzxVv%2F97wJxn9FG65mMrux2fm0FkzvSbSC%2F6OeAdL7%2BwDccLBrN8yftudgABCxUEupKCtlvm7Vt57iHrvABP5VccEJRgQF0NsffDvETA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
cf-ray: 6b35a95cebd7216f-DUS
expires: Wed, 01 Dec 2021 21:17:00 GMT

GET
H3 200 bg_footer.gif
up21.xyz/styles/default2/images/ 5 KB
6 KB 49ms
49ms Image
image/gif 2606:4700:3037::6815:5752
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://up21.xyz/styles/default2/images/bg_footer.gif

Requested by

Host: up21.xyz
URL: https://up21.xyz/styles/default2/css/color.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:5752 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eeda7dff0a4662660f259038635dedc5f1618f8e5f61f822a51355a3cfb0036f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://up21.xyz/styles/default2/css/color.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:17:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 357013
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 5348
last-modified: Wed, 09 Dec 2020 16:41:07 GMT
server: cloudflare
etag: "14e4-5fd0fe23-a5e8630f724b082f;;;"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nq0LHBwJXUkLFcYBr%2B4LAOYi3wBBwK4CX0YTS3e9gtzy6lDaU%2Bo45ri8QHTrpw5BPu8k08B87cAbYl4kM88PQH1dyCEPt4zzixMVwcKJJrI3McHU%2FEXJ1OlN6S1CF3gVA7yPVDfY3w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
cf-ray: 6b35a95d0c0a216f-DUS
expires: Sat, 27 Nov 2021 18:06:47 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/ 270 KB
97 KB 47ms
32ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9707157708013635&plah=www.up21.xyz

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8700cb851225d7650cc84bad4fd121d5d3d2a51986f7d1597d9a339c934fd189

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:17:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 99572
x-xss-protection: 0
server: cafe
etag: 12335083470939252961
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 24 Nov 2021 21:17:00 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211111/r20190131/ Frame 449F 11 KB
5 KB 31ms
6ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211111/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5cedd5abd94d64b07e3779451d057665572b89caa8b445a5e9efa42bad9c4274

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 24 Nov 2021 06:55:30 GMT
expires: Wed, 08 Dec 2021 06:55:30 GMT
content-type: text/html; charset=UTF-8
etag: 16478831307880631077
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4883
x-xss-protection: 0
age: 51690
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 198 B
634 B 68ms
16ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.up21.xyz&callback=_gfp_s_&client=ca-pub-9707157708013635

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9707157708013635&plah=www.up21.xyz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e4e0dfe3e3ba1e73078dcf6d7580bf669637d26e2489d1bea8b4bd3055861280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:17:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 189
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 39ms
16ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.up21.xyz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Nov 2021 21:17:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 40ms
16ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.up21.xyz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Nov 2021 21:17:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3291 120 KB
39 KB 479ms
464ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9707157708013635&output=html&h=280&slotname=6338967592&adk=884537737&adf=1845021574&pi=t.ma~as.6338967592&w=930&fwrn=4&fwrnh=100&lmt=1637788620&rafmt=1&psa=0&format=930x280&url=https%3A%2F%2Fwww.up21.xyz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637788620399&bpp=4&bdt=735&idt=87&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&correlator=3858745597373&frm=20&pv=2&ga_vid=432152600.1637788620&ga_sid=1637788620&ga_hid=2079631533&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=335&ady=180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753657%2C31062890&oid=2&pvsid=3695968104361273&pem=844&tmod=964625108&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=nhy48Fr35D&p=https%3A//www.up21.xyz&dtd=101

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53459739900b5a73dd3303a5e393324fc73b07a61b11f845632b08f404dca322

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5378696943970669340/970x250/banner/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5378696943970669340/970x250/banner/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLGrx4f2sfQCFc-p7QoduswGGw&gqi=zKueYYLKIIKrtgftxptA&layout=/sadbundle/%24csp%253Der3%24/5378696943970669340/970x250/banner/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5378696943970669340/970x250/banner/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5378696943970669340/970x250/banner/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLGrx4f2sfQCFc-p7QoduswGGw&gqi=zKueYYLKIIKrtgftxptA&layout=/sadbundle/%24csp%253Der3%24/5378696943970669340/970x250/banner/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 24 Nov 2021 21:17:00 GMT
server: cafe
content-length: 40205
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 24 Nov 2021 21:17:00 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 31FE 87 KB
31 KB 557ms
551ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9707157708013635&output=html&h=280&slotname=6338967592&adk=884537737&adf=1868731166&pi=t.ma~as.6338967592&w=930&fwrn=4&fwrnh=100&lmt=1637788620&rafmt=1&psa=0&format=930x280&url=https%3A%2F%2Fwww.up21.xyz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637788620403&bpp=1&bdt=739&idt=104&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&prev_fmts=930x280&correlator=3858745597373&frm=20&pv=1&ga_vid=432152600.1637788620&ga_sid=1637788620&ga_hid=2079631533&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=335&ady=775&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753657%2C31062890&oid=2&pvsid=3695968104361273&pem=844&tmod=964625108&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=nXlh11KbKE&p=https%3A//www.up21.xyz&dtd=108

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d2f8c3e6b6fb29a9d5234aff95a9553cd9ef9c857ee3538ea37f617fdd921199

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 24 Nov 2021 21:17:01 GMT
server: cafe
content-length: 31989
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 24 Nov 2021 21:17:01 GMT
cache-control: private

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 34ms
17ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.up21.xyz

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Nov 2021 21:17:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 35ms
17ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.up21.xyz

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Nov 2021 21:17:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 976A 149 KB
43 KB 337ms
332ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9707157708013635&output=html&adk=1812271804&adf=3025194257&lmt=1637788620&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.up21.xyz%2F&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637788620675&bpp=1&bdt=1011&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D23984af82c9f0662-22e6c49af2cb001b%3AT%3D1637788620%3ART%3D1637788620%3AS%3DALNI_MbvhE29aNx2bTO9BKH9hv5tSz-8jw&prev_fmts=930x280%2C930x280&nras=1&correlator=3858745597373&frm=20&pv=1&ga_vid=432152600.1637788620&ga_sid=1637788620&ga_hid=2079631533&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753657%2C31062890&oid=2&pvsid=3695968104361273&pem=844&tmod=964625108&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&dtd=9

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8b713e0f5bd42ca282d2330351b9e5578b0620f8820e0e61019316a5e7144d1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 24 Nov 2021 21:17:01 GMT
server: cafe
content-length: 43667
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 24 Nov 2021 21:17:01 GMT
cache-control: private

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5378696943970669340/970x250/banner/ Frame 4DBD 2 KB
2 KB 48ms
11ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5378696943970669340/970x250/banner/index.html

Requested by

Host: www.up21.xyz
URL: https://www.up21.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b21eeac4305e90d5f5714f8999d843e1d99cd320aae03dcfedda5d09f549e7bf

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin: *
content-length: 887
date: Tue, 23 Nov 2021 17:21:08 GMT
expires: Wed, 23 Nov 2022 17:21:08 GMT
last-modified: Wed, 20 Oct 2021 10:52:25 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
age: 100553
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3

200

B26668477.317496569;dc_pre=CLa-6If2sfQCFR_quwgdlecDkg;dc_trk_aid=510048854;dc_trk_cid=159895174;ord=2492632514;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= Show response
ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/ Frame 3720
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B26668477.317496569;dc_trk_aid=510048854;dc_trk_cid=159895174;ord=2492632514;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfu...
https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B26668477.317496569;dc_pre=CLa-6If2sfQCFR_quwgdlecDkg;dc_trk_aid=510048854;dc_trk_cid=159895174;ord=2492632514;dc_lat=;dc_rdid=;tag...

42 B
63 B

61ms
43ms

Fetch
image/gif

142.250.74.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B26668477.317496569;dc_pre=CLa-6If2sfQCFR_quwgdlecDkg;dc_trk_aid=510048854;dc_trk_cid=159895174;ord=2492632514;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9707157708013635&output=html&h=280&slotname=6338967592&adk=884537737&adf=1845021574&pi=t.ma~as.6338967592&w=930&fwrn=4&fwrnh=100&lmt=1637788620&rafmt=1&psa=0&format=930x280&url=https%3A%2F%2Fwww.up21.xyz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637788620399&bpp=4&bdt=735&idt=87&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&correlator=3858745597373&frm=20&pv=2&ga_vid=432152600.1637788620&ga_sid=1637788620&ga_hid=2079631533&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=335&ady=180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753657%2C31062890&oid=2&pvsid=3695968104361273&pem=844&tmod=964625108&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=nhy48Fr35D&p=https%3A//www.up21.xyz&dtd=101

Protocol

Server

142.250.74.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 21:17:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 24 Nov 2021 21:17:01 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B26668477.317496569;dc_pre=CLa-6If2sfQCFR_quwgdlecDkg;dc_trk_aid=510048854;dc_trk_cid=159895174;ord=2492632514;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3720 0
0 50ms
49ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CF00VzKueYbGVIc_Ttge6mZvYAfWowplmku-PpI8O5pez-oUcEAEgq8uDRGCV-vCBjAegAfS4v8UDyAEJqAMByANIqgTBAU_QRGbmcticPVBoV2Tz_eR4_0VPGfPybP5PXCO8SdQAyY0tC6jSA1PAO851rAflB4ARy76-b_2JEGrXzL52pDSLwysOzYIQx32A0dXq9_ayHcz-gtAwXEYfA8y8SXEvQmY9_bjPW4wfyyV6b5nmaC-6V2rbITur9XwfynjjXFPJFZ6wNhaZYgkuslfSGfbpCul4GKMLehEMYlBsvJ3gSixI47PfSgWm84y7aLqQZaVegv-Rq6h-RRmBKwQAn7C_tr7ABOa7oeztA5IFBAgEGAGSBQQIBRgEoAYugAee3KGsAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcEEPehF9IICQiA4YAQEAEYX4AKAcgLAdgTDdAVAYAXAbIXHAoaCAASFHB1Yi05NzA3MTU3NzA4MDEzNjM1GAA&sigh=AhHmWjRLD2Q&uach_m=[UACH]&template_id=419

Requested by

Host: www.up21.xyz
URL: https://www.up21.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9707157708013635&output=html&h=280&slotname=6338967592&adk=884537737&adf=1845021574&pi=t.ma~as.6338967592&w=930&fwrn=4&fwrnh=100&lmt=1637788620&rafmt=1&psa=0&format=930x280&url=https%3A%2F%2Fwww.up21.xyz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637788620399&bpp=4&bdt=735&idt=87&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&correlator=3858745597373&frm=20&pv=2&ga_vid=432152600.1637788620&ga_sid=1637788620&ga_hid=2079631533&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=335&ady=180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753657%2C31062890&oid=2&pvsid=3695968104361273&pem=844&tmod=964625108&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=nhy48Fr35D&p=https%3A//www.up21.xyz&dtd=101
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 24 Nov 2021 21:17:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 24 Nov 2021 21:17:01 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame 3720 19 KB
8 KB 39ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

65623c8434f7dadaba113a4521a101729ee3e6635e4412f2ccc99fbe6412d15e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:14:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 158
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7840
x-xss-protection: 0
server: cafe
etag: 9525834815172239946
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Dec 2021 21:14:23 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 3720 2 KB
1 KB 42ms
10ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:12:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 242
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Dec 2021 21:12:59 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3720 119 KB
37 KB 83ms
51ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:17:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 24 Nov 2021 21:17:01 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 3720 15 KB
6 KB 40ms
9ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:14:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 158
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 16810888504096353422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Dec 2021 21:14:23 GMT

GET
H2 200 548bdb63b969e5c27f75e62faf543d70.js Show response
www.gstatic.com/mysidia/ Frame 31FE 7 KB
4 KB 31ms
7ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/548bdb63b969e5c27f75e62faf543d70.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9707157708013635&output=html&h=280&slotname=6338967592&adk=884537737&adf=1868731166&pi=t.ma~as.6338967592&w=930&fwrn=4&fwrnh=100&lmt=1637788620&rafmt=1&psa=0&format=930x280&url=https%3A%2F%2Fwww.up21.xyz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637788620403&bpp=1&bdt=739&idt=104&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&prev_fmts=930x280&correlator=3858745597373&frm=20&pv=1&ga_vid=432152600.1637788620&ga_sid=1637788620&ga_hid=2079631533&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=335&ady=775&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753657%2C31062890&oid=2&pvsid=3695968104361273&pem=844&tmod=964625108&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=nXlh11KbKE&p=https%3A//www.up21.xyz&dtd=108

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

541a22e85f3238899f2589d44b9390a8d6d6e193a5d436c10e8ec9ce7b256e76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 21:03:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87240
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3286
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 04:29:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 21 Feb 2022 21:03:01 GMT

GET
H2 200 1fbe479ac890063fc5be4921f3467642.js Show response
www.gstatic.com/mysidia/ Frame 31FE 8 KB
4 KB 33ms
9ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1fbe479ac890063fc5be4921f3467642.js?tag=text/vanilla_highlight

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9707157708013635&output=html&h=280&slotname=6338967592&adk=884537737&adf=1868731166&pi=t.ma~as.6338967592&w=930&fwrn=4&fwrnh=100&lmt=1637788620&rafmt=1&psa=0&format=930x280&url=https%3A%2F%2Fwww.up21.xyz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637788620403&bpp=1&bdt=739&idt=104&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&prev_fmts=930x280&correlator=3858745597373&frm=20&pv=1&ga_vid=432152600.1637788620&ga_sid=1637788620&ga_hid=2079631533&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=335&ady=775&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753657%2C31062890&oid=2&pvsid=3695968104361273&pem=844&tmod=964625108&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=nXlh11KbKE&p=https%3A//www.up21.xyz&dtd=108

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9bbd26c49f5ae124707da73ee22462fbc47ca1d38e85825771170e4b1c850af7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 21:03:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87239
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3713
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 04:29:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 21 Feb 2022 21:03:02 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 31FE 3 KB
1 KB 44ms
16ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9707157708013635&output=html&h=280&slotname=6338967592&adk=884537737&adf=1868731166&pi=t.ma~as.6338967592&w=930&fwrn=4&fwrnh=100&lmt=1637788620&rafmt=1&psa=0&format=930x280&url=https%3A%2F%2Fwww.up21.xyz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637788620403&bpp=1&bdt=739&idt=104&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&prev_fmts=930x280&correlator=3858745597373&frm=20&pv=1&ga_vid=432152600.1637788620&ga_sid=1637788620&ga_hid=2079631533&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=335&ady=775&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753657%2C31062890&oid=2&pvsid=3695968104361273&pem=844&tmod=964625108&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=nXlh11KbKE&p=https%3A//www.up21.xyz&dtd=108

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 24 Nov 2021 19:44:41 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 24 Nov 2021 21:17:01 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 24 Nov 2021 21:17:01 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 31FE 1 KB
880 B 29ms
24ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9707157708013635&output=html&h=280&slotname=6338967592&adk=884537737&adf=1868731166&pi=t.ma~as.6338967592&w=930&fwrn=4&fwrnh=100&lmt=1637788620&rafmt=1&psa=0&format=930x280&url=https%3A%2F%2Fwww.up21.xyz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637788620403&bpp=1&bdt=739&idt=104&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&prev_fmts=930x280&correlator=3858745597373&frm=20&pv=1&ga_vid=432152600.1637788620&ga_sid=1637788620&ga_hid=2079631533&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=335&ady=775&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753657%2C31062890&oid=2&pvsid=3695968104361273&pem=844&tmod=964625108&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=nXlh11KbKE&p=https%3A//www.up21.xyz&dtd=108

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:13:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 195
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 853
x-xss-protection: 0
server: cafe
etag: 7170004918125193417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Dec 2021 21:13:46 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame 31FE 19 KB
8 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9707157708013635&output=html&h=280&slotname=6338967592&adk=884537737&adf=1868731166&pi=t.ma~as.6338967592&w=930&fwrn=4&fwrnh=100&lmt=1637788620&rafmt=1&psa=0&format=930x280&url=https%3A%2F%2Fwww.up21.xyz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637788620403&bpp=1&bdt=739&idt=104&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&prev_fmts=930x280&correlator=3858745597373&frm=20&pv=1&ga_vid=432152600.1637788620&ga_sid=1637788620&ga_hid=2079631533&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=335&ady=775&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753657%2C31062890&oid=2&pvsid=3695968104361273&pem=844&tmod=964625108&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=nXlh11KbKE&p=https%3A//www.up21.xyz&dtd=108

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

65623c8434f7dadaba113a4521a101729ee3e6635e4412f2ccc99fbe6412d15e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:14:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 158
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7840
x-xss-protection: 0
server: cafe
etag: 9525834815172239946
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Dec 2021 21:14:23 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 31FE 2 KB
1 KB 33ms
29ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9707157708013635&output=html&h=280&slotname=6338967592&adk=884537737&adf=1868731166&pi=t.ma~as.6338967592&w=930&fwrn=4&fwrnh=100&lmt=1637788620&rafmt=1&psa=0&format=930x280&url=https%3A%2F%2Fwww.up21.xyz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637788620403&bpp=1&bdt=739&idt=104&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&prev_fmts=930x280&correlator=3858745597373&frm=20&pv=1&ga_vid=432152600.1637788620&ga_sid=1637788620&ga_hid=2079631533&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=335&ady=775&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753657%2C31062890&oid=2&pvsid=3695968104361273&pem=844&tmod=964625108&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=nXlh11KbKE&p=https%3A//www.up21.xyz&dtd=108

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:07:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 542
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Dec 2021 21:07:59 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 31FE 119 KB
36 KB 62ms
62ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9707157708013635&output=html&h=280&slotname=6338967592&adk=884537737&adf=1868731166&pi=t.ma~as.6338967592&w=930&fwrn=4&fwrnh=100&lmt=1637788620&rafmt=1&psa=0&format=930x280&url=https%3A%2F%2Fwww.up21.xyz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637788620403&bpp=1&bdt=739&idt=104&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&prev_fmts=930x280&correlator=3858745597373&frm=20&pv=1&ga_vid=432152600.1637788620&ga_sid=1637788620&ga_hid=2079631533&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=335&ady=775&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753657%2C31062890&oid=2&pvsid=3695968104361273&pem=844&tmod=964625108&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=nXlh11KbKE&p=https%3A//www.up21.xyz&dtd=108

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:17:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 24 Nov 2021 21:17:01 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 31FE 15 KB
6 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9707157708013635&output=html&h=280&slotname=6338967592&adk=884537737&adf=1868731166&pi=t.ma~as.6338967592&w=930&fwrn=4&fwrnh=100&lmt=1637788620&rafmt=1&psa=0&format=930x280&url=https%3A%2F%2Fwww.up21.xyz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637788620403&bpp=1&bdt=739&idt=104&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&prev_fmts=930x280&correlator=3858745597373&frm=20&pv=1&ga_vid=432152600.1637788620&ga_sid=1637788620&ga_hid=2079631533&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=335&ady=775&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753657%2C31062890&oid=2&pvsid=3695968104361273&pem=844&tmod=964625108&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=nXlh11KbKE&p=https%3A//www.up21.xyz&dtd=108

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:14:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 158
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 16810888504096353422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Dec 2021 21:14:23 GMT

GET
H3 200 163b3e9c260ab6fd774ac5b5c6fd1d76.js Show response
www.gstatic.com/mysidia/ Frame 31FE 27 KB
11 KB 58ms
20ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/163b3e9c260ab6fd774ac5b5c6fd1d76.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9707157708013635&output=html&h=280&slotname=6338967592&adk=884537737&adf=1868731166&pi=t.ma~as.6338967592&w=930&fwrn=4&fwrnh=100&lmt=1637788620&rafmt=1&psa=0&format=930x280&url=https%3A%2F%2Fwww.up21.xyz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637788620403&bpp=1&bdt=739&idt=104&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&prev_fmts=930x280&correlator=3858745597373&frm=20&pv=1&ga_vid=432152600.1637788620&ga_sid=1637788620&ga_hid=2079631533&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=335&ady=775&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753657%2C31062890&oid=2&pvsid=3695968104361273&pem=844&tmod=964625108&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=nXlh11KbKE&p=https%3A//www.up21.xyz&dtd=108

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de418fdfa1d02a219d049bb1cd8562182c4201c67f6b9d0e2f67f21a476e1096

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 21:03:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87239
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11360
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 04:29:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 21 Feb 2022 21:03:02 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2A0F 143 B
163 B 8ms
6ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9707157708013635&output=html&h=280&slotname=6338967592&adk=884537737&adf=1845021574&pi=t.ma~as.6338967592&w=930&fwrn=4&fwrnh=100&lmt=1637788620&rafmt=1&psa=0&format=930x280&url=https%3A%2F%2Fwww.up21.xyz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637788620399&bpp=4&bdt=735&idt=87&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&correlator=3858745597373&frm=20&pv=2&ga_vid=432152600.1637788620&ga_sid=1637788620&ga_hid=2079631533&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=335&ady=180&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753657%2C31062890&oid=2&pvsid=3695968104361273&pem=844&tmod=964625108&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=nhy48Fr35D&p=https%3A//www.up21.xyz&dtd=101

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 24 Nov 2021 21:02:16 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 885
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 4DBD 9 KB
3 KB 46ms
23ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5378696943970669340/970x250/banner/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 13:42:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27251
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 25 Nov 2021 13:42:50 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 4DBD 26 KB
10 KB 47ms
25ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5378696943970669340/970x250/banner/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 14:22:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24895
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 25 Nov 2021 14:22:06 GMT

GET
H3 200 lottie_light.min.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5378696943970669340/970x250/banner/ Frame 4DBD 143 KB
40 KB 51ms
28ms Script
application/x-javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5378696943970669340/970x250/banner/lottie_light.min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5378696943970669340/970x250/banner/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf904fd2211866586cb256a696153a1f72e1f020f782486feff507727c9b92e7

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 111426
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40854
x-xss-protection: 0
last-modified: Wed, 20 Oct 2021 10:52:25 GMT
server: sffe
date: Tue, 23 Nov 2021 14:19:55 GMT
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 23 Nov 2022 14:19:55 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 31FE 0
0 80ms
60ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CbuQ2zKueYezIIsPBiQbwiLrgC8eshaRm9avelNwO2dkeEAEgq8uDRGCV-vCBjAegAdXz-NIDyAEBqAMByAPLBKoEugFP0DIr6pdyRoIrljwh7QdcXxzhFXrDDFHfs6f50jzWnEt-dtFuAMHn-HH6vCV5JDWEqKIqBz7XpCP8mAZ-Q04ItpOSvaGeXTQbeQKeK2XYnI07hrEjQqJK86xzOxtdFhJpWeACIW6j9RhOH24716vDCfxXxQjUw7_7aRBBeK_7558Svi7vS0fH4xyXf65T08hjxvp3Ap3LSR-qCj5-z0nFuQ-mWvZeHl1g_ocfX4pQUNILoNqVMpz0myLABMrf2OzPA5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBgAeTjIctqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQg9cS0ggJCIDhgBAQARhfgAoByAsB2BMN0BUBmBYBgBcBshccChoIABIUcHViLTk3MDcxNTc3MDgwMTM2MzUYAA&sigh=VuTj1uMes9U&uach_m=[UACH]

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9707157708013635&output=html&h=280&slotname=6338967592&adk=884537737&adf=1868731166&pi=t.ma~as.6338967592&w=930&fwrn=4&fwrnh=100&lmt=1637788620&rafmt=1&psa=0&format=930x280&url=https%3A%2F%2Fwww.up21.xyz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637788620403&bpp=1&bdt=739&idt=104&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&prev_fmts=930x280&correlator=3858745597373&frm=20&pv=1&ga_vid=432152600.1637788620&ga_sid=1637788620&ga_hid=2079631533&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=335&ady=775&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753657%2C31062890&oid=2&pvsid=3695968104361273&pem=844&tmod=964625108&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=nXlh11KbKE&p=https%3A//www.up21.xyz&dtd=108

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9707157708013635&output=html&h=280&slotname=6338967592&adk=884537737&adf=1868731166&pi=t.ma~as.6338967592&w=930&fwrn=4&fwrnh=100&lmt=1637788620&rafmt=1&psa=0&format=930x280&url=https%3A%2F%2Fwww.up21.xyz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637788620403&bpp=1&bdt=739&idt=104&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&prev_fmts=930x280&correlator=3858745597373&frm=20&pv=1&ga_vid=432152600.1637788620&ga_sid=1637788620&ga_hid=2079631533&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=335&ady=775&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753657%2C31062890&oid=2&pvsid=3695968104361273&pem=844&tmod=964625108&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=nXlh11KbKE&p=https%3A//www.up21.xyz&dtd=108
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 24 Nov 2021 21:17:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E528 143 B
163 B 25ms
8ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9707157708013635&output=html&h=280&slotname=6338967592&adk=884537737&adf=1868731166&pi=t.ma~as.6338967592&w=930&fwrn=4&fwrnh=100&lmt=1637788620&rafmt=1&psa=0&format=930x280&url=https%3A%2F%2Fwww.up21.xyz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637788620403&bpp=1&bdt=739&idt=104&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&prev_fmts=930x280&correlator=3858745597373&frm=20&pv=1&ga_vid=432152600.1637788620&ga_sid=1637788620&ga_hid=2079631533&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=335&ady=775&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753657%2C31062890&oid=2&pvsid=3695968104361273&pem=844&tmod=964625108&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=nXlh11KbKE&p=https%3A//www.up21.xyz&dtd=108

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9707157708013635&output=html&h=280&slotname=6338967592&adk=884537737&adf=1868731166&pi=t.ma~as.6338967592&w=930&fwrn=4&fwrnh=100&lmt=1637788620&rafmt=1&psa=0&format=930x280&url=https%3A%2F%2Fwww.up21.xyz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637788620403&bpp=1&bdt=739&idt=104&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&prev_fmts=930x280&correlator=3858745597373&frm=20&pv=1&ga_vid=432152600.1637788620&ga_sid=1637788620&ga_hid=2079631533&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=335&ady=775&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753657%2C31062890&oid=2&pvsid=3695968104361273&pem=844&tmod=964625108&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=nXlh11KbKE&p=https%3A//www.up21.xyz&dtd=108

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 24 Nov 2021 21:02:16 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 885
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 3720 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f1d8bc29d47ecd1d85f0aa98e353febaac7a23d1e2312a6f207f82c00518dcf6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2A0F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

94ms
94ms

Document
text/html

2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 24 Nov 2021 21:17:01 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 24 Nov 2021 21:17:01 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 24 Nov 2021 21:17:01 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 31FE 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 782f426521fd426c8d91b539235c6bec28f6b97e5163ace84960c22507b0c5db

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 970x250.json Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5378696943970669340/970x250/banner/ Frame 4DBD 78 KB
12 KB 29ms
12ms XHR
application/json 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5378696943970669340/970x250/banner/970x250.json

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5378696943970669340/970x250/banner/lottie_light.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e11715978775db60013830b0221ae744027d610202e08d6e6eaa4f91e72159bc

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 134050
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12023
x-xss-protection: 0
last-modified: Wed, 20 Oct 2021 10:52:25 GMT
server: sffe
date: Tue, 23 Nov 2021 08:02:51 GMT
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 23 Nov 2022 08:02:51 GMT

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/ 147 KB
52 KB 63ms
63ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/reactive_library_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

079e8790c3a960174b8ef2eb347fe712dfc4ef3fc2c3159509ce4fb66126e3f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:17:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53391
x-xss-protection: 0
server: cafe
etag: 13287152384333810711
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 24 Nov 2021 21:17:01 GMT

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 31FE 21 KB
22 KB 34ms
8ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 16:54:46 GMT
x-content-type-options: nosniff
age: 102135
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21660
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:07:18 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 23 Nov 2022 16:54:46 GMT

GET
H2 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 31FE 21 KB
21 KB 40ms
16ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 18:21:26 GMT
x-content-type-options: nosniff
age: 183335
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21424
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:24 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 22 Nov 2022 18:21:26 GMT

GET
H3 200 W74_wbIuhH6bObXj0uCjode8PwiBrxgOKnAqo6ShAmY.js Show response
pagead2.googlesyndication.com/bg/ Frame 4DBD 35 KB
13 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/W74_wbIuhH6bObXj0uCjode8PwiBrxgOKnAqo6ShAmY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5bbe3fc1b22e847e9b39b5e3d2e0a3a1d7bc3f0881af180e2a702aa3a4a10266

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 20:36:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2409
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13296
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 24 Nov 2022 20:36:52 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E528
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

55ms
54ms

Document
text/html

2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9707157708013635&output=html&h=280&slotname=6338967592&adk=884537737&adf=1868731166&pi=t.ma~as.6338967592&w=930&fwrn=4&fwrnh=100&lmt=1637788620&rafmt=1&psa=0&format=930x280&url=https%3A%2F%2Fwww.up21.xyz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637788620403&bpp=1&bdt=739&idt=104&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&prev_fmts=930x280&correlator=3858745597373&frm=20&pv=1&ga_vid=432152600.1637788620&ga_sid=1637788620&ga_hid=2079631533&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=335&ady=775&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753657%2C31062890&oid=2&pvsid=3695968104361273&pem=844&tmod=964625108&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=nXlh11KbKE&p=https%3A//www.up21.xyz&dtd=108

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 24 Nov 2021 21:17:01 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 24 Nov 2021 21:17:01 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 24 Nov 2021 21:17:01 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 17ms
17ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.up21.xyz

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Nov 2021 21:17:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.up21.xyz

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Nov 2021 21:17:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/ Frame 6E97 11 KB
5 KB 8ms
7ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5cedd5abd94d64b07e3779451d057665572b89caa8b445a5e9efa42bad9c4274

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 24 Nov 2021 11:15:29 GMT
expires: Wed, 08 Dec 2021 11:15:29 GMT
content-type: text/html; charset=UTF-8
etag: 16478831307880631077
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4883
x-xss-protection: 0
age: 36092
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 css2
fonts.googleapis.com/ Frame 6E97 4 KB
634 B 38ms
22ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 24 Nov 2021 19:43:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 24 Nov 2021 21:17:01 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 24 Nov 2021 21:17:01 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 6E97 205 B
229 B 7ms
7ms Image
image/png 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 20:57:00 GMT
x-content-type-options: nosniff
age: 1201
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 24 Nov 2022 20:57:00 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 6E97 604 B
628 B 9ms
9ms Image
image/png 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 17:59:55 GMT
x-content-type-options: nosniff
age: 11826
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 24 Nov 2022 17:59:55 GMT

GET
H3 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/ Frame 6E97 18 KB
8 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

db8deb30d5cecf873a6361b5410aed53a439e46072dcd6af4dc2481e44ea2a59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:12:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 283
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8141
x-xss-protection: 0
server: cafe
etag: 15959965552278146708
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Dec 2021 21:12:18 GMT

GET
H3 200 W74_wbIuhH6bObXj0uCjode8PwiBrxgOKnAqo6ShAmY.js Show response
pagead2.googlesyndication.com/bg/ Frame 862C 35 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/W74_wbIuhH6bObXj0uCjode8PwiBrxgOKnAqo6ShAmY.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9707157708013635&output=html&h=280&slotname=6338967592&adk=884537737&adf=1868731166&pi=t.ma~as.6338967592&w=930&fwrn=4&fwrnh=100&lmt=1637788620&rafmt=1&psa=0&format=930x280&url=https%3A%2F%2Fwww.up21.xyz%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637788620403&bpp=1&bdt=739&idt=104&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&prev_fmts=930x280&correlator=3858745597373&frm=20&pv=1&ga_vid=432152600.1637788620&ga_sid=1637788620&ga_hid=2079631533&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&dmc=8&adx=335&ady=775&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44753657%2C31062890&oid=2&pvsid=3695968104361273&pem=844&tmod=964625108&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=nXlh11KbKE&p=https%3A//www.up21.xyz&dtd=108

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5bbe3fc1b22e847e9b39b5e3d2e0a3a1d7bc3f0881af180e2a702aa3a4a10266

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 20:36:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2409
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13296
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 24 Nov 2022 20:36:52 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame EB8F 1 KB
880 B 7ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:13:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 195
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 853
x-xss-protection: 0
server: cafe
etag: 7170004918125193417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Dec 2021 21:13:46 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame EB8F 19 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

65623c8434f7dadaba113a4521a101729ee3e6635e4412f2ccc99fbe6412d15e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:14:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 158
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7840
x-xss-protection: 0
server: cafe
etag: 9525834815172239946
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Dec 2021 21:14:23 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame EB8F 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:07:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 542
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Dec 2021 21:07:59 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EB8F 119 KB
36 KB 38ms
22ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:17:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 24 Nov 2021 21:17:01 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame EB8F 15 KB
6 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:14:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 158
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 16810888504096353422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Dec 2021 21:14:23 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame EB8F 0
0 37ms
19ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQIje5Cd--vyZm5LXn_nzjgibLipn-BpLa6es9dpuIZiH5pDiz0-XulHU_DXOYztViJyori4jkymYmpKC8nYnKClXFUSw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 200 163b3e9c260ab6fd774ac5b5c6fd1d76.js Show response
www.gstatic.com/mysidia/ Frame EB8F 27 KB
11 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/163b3e9c260ab6fd774ac5b5c6fd1d76.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de418fdfa1d02a219d049bb1cd8562182c4201c67f6b9d0e2f67f21a476e1096

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 21:03:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87239
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11360
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 04:29:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 21 Feb 2022 21:03:02 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 12 KB
9 KB 41ms
25ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211111&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc29e447abe6d02aec6c51e34ff4c6f698e643eb6979ca564d8c6d740f99e36b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Nov 2021 21:17:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9242
x-xss-protection: 0

GET
H3 200 W74_wbIuhH6bObXj0uCjode8PwiBrxgOKnAqo6ShAmY.js Show response
pagead2.googlesyndication.com/bg/ Frame C055 35 KB
13 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/W74_wbIuhH6bObXj0uCjode8PwiBrxgOKnAqo6ShAmY.js

Requested by

Host: www.up21.xyz
URL: https://www.up21.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5bbe3fc1b22e847e9b39b5e3d2e0a3a1d7bc3f0881af180e2a702aa3a4a10266

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 20:36:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2409
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13296
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 24 Nov 2022 20:36:52 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 21:17:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Wed, 24 Nov 2021 21:17:01 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 1FCD 12 KB
5 KB 11ms
10ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Wed, 24 Nov 2021 19:41:19 GMT
expires: Thu, 24 Nov 2022 19:41:19 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 5742
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5F69 783 B
535 B 21ms
21ms Document
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b58a98e0be4d5b78e6b2252b272e5abc75a48048e9445f7bb71c12e651a21939

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-aXYm/GkH+2rm0RSh7v7Y4g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 24 Nov 2021 21:17:01 GMT
date: Wed, 24 Nov 2021 21:17:01 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-aXYm/GkH+2rm0RSh7v7Y4g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 W74_wbIuhH6bObXj0uCjode8PwiBrxgOKnAqo6ShAmY.js Show response
pagead2.googlesyndication.com/bg/ Frame 1FCD 35 KB
13 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/W74_wbIuhH6bObXj0uCjode8PwiBrxgOKnAqo6ShAmY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5bbe3fc1b22e847e9b39b5e3d2e0a3a1d7bc3f0881af180e2a702aa3a4a10266

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 20:36:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2409
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13296
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 24 Nov 2022 20:36:52 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5F69 0
0 44ms
43ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211111&jk=3695968104361273&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211111&jk=3695968104361273&bg=!5-Sl5KDNAAZQLpa_UC47ACkAdvg8Wl1W-049e8tZBYTUYg345chF3TUz48Io2N2v7aGGeTIGZ2bgFwIAAABcUgAAAAxoAQeZAoGnalO8uh-R5j6l-VE0dr7SgyuVV77R4jpcaKn5jXuGYZWvMFoyEBoVBj5hZsU0u-nf56KhjLI9sOJdWHui0scJiI1tP8qivau579wD065ir5cU2D6NKSPqhCwEVXAptga3RXxUW-PtzVp9cC90zsfL2aiCPysPA7WetGO-CPHIRDxZGHeBqb9WwSJbcifrkjPpKGgg8BJ08bT5J999ryOX1RHJDXWZwq0O07P13t7l2505ZgyJSbu1dkl2BfzILXHA2IAtznDUgsMe04yh7i9n_JXSP6BviJxajaowL0z-eA0IbxF8TpKm2KK-kitp0foXXZvwsvcNA_3oNdBAfHyPDihhuQo-heu8mdkMcS_f2ar8E5g3k9lci5r27XEOo5rjYtkKEFTlLX0xTJ-VFw_p6mF06-Z4kpjP47QGNArV5wcyCFx6gNHzo6AEeAzuTaguVXT8Stpt6TyL5JDcYDUFuj2xL2hBnxk2G-0TjlxV4GZBzifH-4PaFCSsnrgmh5g-sMEDoSGF01ppvUxfQhljE3d8ntyZ4PIed6SbrOZeq9pn4Mcckdkd4ksOHEcYuL3BQyx1AZ-jkTPXIbigrC-mNXN-SOamZImfBAHJ7reTPfN8n3FxJAUqzvhBeSry2yw0s3yASwy4pOO_X8C9-dNLQxch3tqVeN2G0g67e-KgzkqrO73XXJdozmoGDaAFB-HPUKl5xger3KNUIUadjBsqUnsy9933MP3KRDL00lP2vXhFcugVpPbX0SlZSnJKNuZcJmRYQLuIq0thf5akUsGgsCU0waQAiytg1Ty5gNMhmqBRMtvHAFFYOIvuWqmnvr4vMmzmGctZTXAq0akzEV-Pdg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.up21.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 21:17:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3720 42 B
64 B 44ms
44ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvGwLNxDmLjf7Jq6MLARPFCSB7B79TJWoWQgO1vhOyuGVuP17ng7ddeph3f9bU06t9wjt4xBVrGM5cxa5Fg1OJfLRiUKLOImUk9IqfNbrfbXmneAXuKfQ&sai=AMfl-YQtCZlqxB3w5kdMNCZxsuTejbx29NE6TZmFB2aOP8oa270XacGaAsw9zO1EbYltIaqrcX1tWyk3aiFd&sig=Cg0ArKJSzP4JH2ntn2ehEAE&id=lidar2&mcvt=1000&p=0,0,239.71875,930&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211110&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=884537737&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1637788621004&rpt=216&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 21:17:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 31FE 42 B
64 B 43ms
43ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstL4gdkiViP7FRM6BdHY8WIj6Buqn3XUGlUp5CT2cg8nHkd3zbpIQFA8Yd9cW_VTAHnJFM-9dFq75ouQt5JpfOBZldRkcDaNJfhm3GBPGuA64KU6V6rLw&sai=AMfl-YThianzIElDYkafa3IZEeZRwPpb8F-bZ3b3EtmI0-B2ZRje1-D2VWn7piiAjvZvYl3JJdfmgpBchhrN&sig=Cg0ArKJSzFgR_H627FS3EAE&id=lidar2&mcvt=1000&p=0,0,280,930&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211110&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=884537737&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1637788620512&rpt=958&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 21:17:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

51 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.up21.xyz/	1970-01-19 22:59:21	Name: sid Value: SIbbXka89MARk8F0z%2CycAGMnLib
.up21.xyz/	1970-01-20 08:18:04	Name: __gads Value: ID=23984af82c9f0662-22e6c49af2cb001b:T=1637788620:RT=1637788620:S=ALNI_MbvhE29aNx2bTO9BKH9hv5tSz-8jw
up21.xyz/	1970-01-19 22:59:21	Name: sid Value: %2CJIBAJrm1MNySsQKTJiPoVQdst0
.doubleclick.net/	1970-01-20 08:18:04	Name: IDE Value: AHWqTUmJP7WRyQLZ4JBZFFF_98Wn7Yo58EGTq9vd_JYPSPfec-aUQLwxflCB2PWcqxY
.doubleclick.net/	1970-01-19 22:56:32	Name: DSID Value: NO_DATA

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
adservice.google.com
adservice.google.de
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
i1.wp.com
pagead2.googlesyndication.com
partner.googleadservices.com
tpc.googlesyndication.com
up21.xyz
www.google.com
www.googletagservices.com
www.gravatar.com
www.gstatic.com
www.up21.xyz
142.250.186.98
142.250.74.198
192.0.77.2
2606:4700:3037::6815:5752
2a00:1450:4001:802::2003
2a00:1450:4001:810::200a
2a00:1450:4001:812::2002
2a00:1450:4001:828::2002
2a00:1450:4001:829::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2003
2a00:1450:4001:830::2002
2a00:1450:4001:831::2002
2a00:1450:4001:831::2004
2a04:fa87:fffe::c000:4902
079e8790c3a960174b8ef2eb347fe712dfc4ef3fc2c3159509ce4fb66126e3f4
0f0dda1b8b71db4f82c685caac6121029b4a78c664f7470ea19f997e32d82e66
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
31f0fbf23d83b61c800345bc42194a33ac425318c33c29150a97c4ce7831353c
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
435cac89f3499a15e2f15d7a8c856e3206e21894bdf0eea0b1f8dfd0e6bbb2d9
46f2cc169455272711dce4e77c23fec4ee56319d7805f7ce51d1bfa5aed1c5a2
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
53459739900b5a73dd3303a5e393324fc73b07a61b11f845632b08f404dca322
541a22e85f3238899f2589d44b9390a8d6d6e193a5d436c10e8ec9ce7b256e76
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
5bbe3fc1b22e847e9b39b5e3d2e0a3a1d7bc3f0881af180e2a702aa3a4a10266
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5cedd5abd94d64b07e3779451d057665572b89caa8b445a5e9efa42bad9c4274
5e9ec29d43b2f96e10e709afa06debfa4620bf7f31981fbd08ab170761ca4ccd
65623c8434f7dadaba113a4521a101729ee3e6635e4412f2ccc99fbe6412d15e
6571808cd03d1d388f259b1b869851be7033edd254b9a39a88bd34ce30921573
6e133669e6105067f591e1cbf26d44116cf047b34971e5d20f06a7dd272e075f
782f426521fd426c8d91b539235c6bec28f6b97e5163ace84960c22507b0c5db
8700cb851225d7650cc84bad4fd121d5d3d2a51986f7d1597d9a339c934fd189
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
8b713e0f5bd42ca282d2330351b9e5578b0620f8820e0e61019316a5e7144d1e
94052834c59df9aaf00edf46bd6d25b436f8857e9c8c6dbd1e5e71056793b2ea
965a3f065f3c52441d35e9b1c25b280b54d227d4cc3a6987005f18a7aee725f2
9bbd26c49f5ae124707da73ee22462fbc47ca1d38e85825771170e4b1c850af7
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b21eeac4305e90d5f5714f8999d843e1d99cd320aae03dcfedda5d09f549e7bf
b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e
b58a98e0be4d5b78e6b2252b272e5abc75a48048e9445f7bb71c12e651a21939
bc29e447abe6d02aec6c51e34ff4c6f698e643eb6979ca564d8c6d740f99e36b
c054958d11ef890a9aae16d79ddc90908eedccdf3de4491d0159046f50102a9c
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
cf904fd2211866586cb256a696153a1f72e1f020f782486feff507727c9b92e7
d2ce4b50a8e7fe386e9fde8472ddad1e7ac002b6264a96f77d484eaffe1b6e1f
d2f8c3e6b6fb29a9d5234aff95a9553cd9ef9c857ee3538ea37f617fdd921199
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
db8deb30d5cecf873a6361b5410aed53a439e46072dcd6af4dc2481e44ea2a59
de418fdfa1d02a219d049bb1cd8562182c4201c67f6b9d0e2f67f21a476e1096
e03aa5c668dcff1060b2c532e77c6f086fb930b5f914b06a76bac345699a7e11
e11715978775db60013830b0221ae744027d610202e08d6e6eaa4f91e72159bc
e23f462090fdbc138a86a7d09adbf1d873b073f94d134ef7f7ece3c459bd62a5
e326414b139cf8debde286208bd69325265ef5fb4d4ac4b0e9cb9902e299d07d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4e0dfe3e3ba1e73078dcf6d7580bf669637d26e2489d1bea8b4bd3055861280
e74e09a1f6beae56dc697aa6d2edff202baab9ff0609bf1b75f595d779da30a1
e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00
eeda7dff0a4662660f259038635dedc5f1618f8e5f61f822a51355a3cfb0036f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1d8bc29d47ecd1d85f0aa98e353febaac7a23d1e2312a6f207f82c00518dcf6
f5ae4fe8bf1ae5bf28f92eb3194297ded77c7c0c7c0b8aa9fde1d9c1b5349965
fb0ff882cd56bb534401fff7ad1604b48873ce7096a9802f7ac64d0d09bbba43

www.up21.xyz Open in urlscan Pro 2606:4700:3037::6815:5752 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

84 Requests

98 %HTTPS

80 %IPv6

11 Domains

16 Subdomains

15 IPs

3 Countries

846 kBTransfer

2199 kBSize

5 Cookies

3 Outgoing links

Page URL History

Redirected requests

84 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.up21.xyz Open in urlscan Pro
2606:4700:3037::6815:5752 Public Scan

Screenshot
Live screenshot

Full Image

84
Requests

98 %
HTTPS

80 %
IPv6

11
Domains

16
Subdomains

15
IPs

3
Countries

846 kB
Transfer

2199 kB
Size

5
Cookies

84 HTTP transactions
2 data transactions