sarahah.top Open in urlscan Pro
2606:4700:7::a29f:8955 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://sarahah.top/
Effective URL:
https://sarahah.top/
Submission Tags: falconsandbox
Submission: On January 26 via api (January 26th 2022, 7:52:57 pm UTC) from US — Scanned from DE

Summary HTTP 192 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 31 IPs in 7 countries across 19 domains to perform 192 HTTP transactions. The main IP is 2606:4700:7::a29f:8955, located in United States and belongs to CLOUDFLARENET, US. The main domain is sarahah.top.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 11th 2021. Valid for: a year.

This is the only time sarahah.top was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 45	2606:4700:7::... 2606:4700:7::a29f:8955	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:400f:802::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
19	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
13	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
5	2a00:1450:400... 2a00:1450:400f:80b::2003	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f12... 2a03:2880:f12d:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
5	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c06::9d	15169 (GOOGLE) (GOOGLE)
2 4	2a00:1450:400... 2a00:1450:400f:801::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
25	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1 2	142.250.185.198 142.250.185.198	15169 (GOOGLE) (GOOGLE)
3 4	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
2 4	72.247.225.98 72.247.225.98	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	185.33.221.52 185.33.221.52	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	35.170.223.143 35.170.223.143	14618 (AMAZON-AES) (AMAZON-AES)
11	2a00:1450:400... 2a00:1450:4001:828::2006	15169 (GOOGLE) (GOOGLE)
2	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4009:816::2003	15169 (GOOGLE) (GOOGLE)
2	2600:9000:225... 2600:9000:225f:c600:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
8	52.25.29.156 52.25.29.156	16509 (AMAZON-02) (AMAZON-02)
1	2a03:2880:f00... 2a03:2880:f00a:e:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
192	31

45 2606:4700:7::a29f:8955 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

sarahah.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400f:802::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:400f:80b::2003 (Ireland)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400f:801::2004 (Ireland) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.198 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.66 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 72.247.225.98 (Berlin, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a72-247-225-98.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.221.52 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.170.223.143 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-170-223-143.compute-1.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s01-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4009:816::2003 (London, United Kingdom)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:225f:c600:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 52.25.29.156 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-25-29-156.us-west-2.compute.amazonaws.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f00a:e:face:b00c:0:3 (Kista, Sweden)

ASN32934 (FACEBOOK, US)

scontent-arn2-1.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
45	sarahah.top 1 redirects sarahah.top	269 KB
44	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 100 tpc.googlesyndication.com — Cisco Umbrella Rank: 124	546 KB
27	doubleclick.net 4 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 46 stats.g.doubleclick.net — Cisco Umbrella Rank: 96 ad.doubleclick.net — Cisco Umbrella Rank: 195 cm.g.doubleclick.net — Cisco Umbrella Rank: 197 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 184 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 274	250 KB
18	gstatic.com fonts.gstatic.com www.gstatic.com csi.gstatic.com	130 KB
12	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 639 scontent-arn2-1.xx.fbcdn.net — Cisco Umbrella Rank: 58927	161 KB
12	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 711 static.adsafeprotected.com — Cisco Umbrella Rank: 533 dt.adsafeprotected.com — Cisco Umbrella Rank: 484	95 KB
11	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 255	133 KB
6	google.com 2 redirects adservice.google.com — Cisco Umbrella Rank: 80 www.google.com — Cisco Umbrella Rank: 13	2 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 590	4 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 165	150 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 47	3 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 241	3 KB
3	google.de adservice.google.de — Cisco Umbrella Rank: 8028 www.google.de — Cisco Umbrella Rank: 5557	1 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	16 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 146	84 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 42	20 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 227	4 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 777	644 B
1	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 324	9 KB
192	19

	Domain	Requested by
45	sarahah.top	1 redirects sarahah.top
25	tpc.googlesyndication.com	googleads.g.doubleclick.net sarahah.top tpc.googlesyndication.com pagead2.googlesyndication.com
19	pagead2.googlesyndication.com	sarahah.top pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
14	googleads.g.doubleclick.net	pagead2.googlesyndication.com sarahah.top googleads.g.doubleclick.net
11	static.xx.fbcdn.net	www.facebook.com static.xx.fbcdn.net
11	s0.2mdn.net	sarahah.top s0.2mdn.net googleads.g.doubleclick.net
9	csi.gstatic.com	tpc.googlesyndication.com securepubads.g.doubleclick.net pagead2.googlesyndication.com
8	dt.adsafeprotected.com	googleads.g.doubleclick.net
5	fonts.gstatic.com	sarahah.top fonts.googleapis.com
4	securepubads.g.doubleclick.net	googleads.g.doubleclick.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
4	www.googletagservices.com	sarahah.top googleads.g.doubleclick.net
4	www.gstatic.com	googleads.g.doubleclick.net
4	www.google.com	2 redirects sarahah.top tpc.googlesyndication.com
4	fonts.googleapis.com	sarahah.top googleads.g.doubleclick.net
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
2	static.adsafeprotected.com	googleads.g.doubleclick.net
2	googleads4.g.doubleclick.net	sarahah.top
2	fw.adsafeprotected.com	1 redirects sarahah.top
2	ad.doubleclick.net	1 redirects googleads.g.doubleclick.net
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	www.facebook.com	sarahah.top connect.facebook.net
2	connect.facebook.net	sarahah.top connect.facebook.net
2	www.google-analytics.com	sarahah.top www.google-analytics.com
2	cdnjs.cloudflare.com	sarahah.top cdnjs.cloudflare.com
1	scontent-arn2-1.xx.fbcdn.net	www.facebook.com
1	www.google.de	sarahah.top
1	stats.g.doubleclick.net	www.google-analytics.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	cdn.ampproject.org	sarahah.top
192	32

This site contains links to these domains. Also see Links.

Domain
silktide.com
www.facebook.com
facebook.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-08-11` - `2022-08-10`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-11-05` - `2022-02-03`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2021-08-11` - `2022-09-09`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
dt.adsafeprotected.com Amazon	`2021-11-19` - `2022-12-18`	a year	crt.sh

This page contains 20 frames:

Primary Page: https://sarahah.top/
Frame ID: 0B8D7BA24EC1178F1639BD2296518B80
Requests: 74 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20190131/zrt_lookup.html
Frame ID: E1A18BD0B32B98A6DE3202CD478E476F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4576544419463247&output=html&adk=1812271804&adf=3025194257&lmt=1643226772&plat=2%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fsarahah.top%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1643226772437&bpp=3&bdt=463&idt=333&shv=r20220120&mjsv=m202201240101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5666406265491&rume=1&frm=20&pv=2&ga_vid=889557098.1643226773&ga_sid=1643226773&ga_hid=1449796486&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31064528%2C31063221%2C31061691%2C31063247%2C31061692&oid=2&pvsid=1481421488732247&pem=747&tmod=1963359278&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=349
Frame ID: 626C3C0FC74DDE340E6670BF0026454C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4576544419463247&output=html&h=280&slotname=6148065413&adk=3972370446&adf=908040361&pi=t.ma~as.6148065413&w=336&lmt=1643226772&psa=0&format=336x280&url=https%3A%2F%2Fsarahah.top%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1643226772440&bpp=1&bdt=466&idt=353&shv=r20220120&mjsv=m202201240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5666406265491&rume=1&frm=20&pv=1&ga_vid=889557098.1643226773&ga_sid=1643226773&ga_hid=1449796486&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=244&ady=191&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31064528%2C31063221%2C31061691%2C31063247%2C31061692&oid=2&pvsid=1481421488732247&pem=747&tmod=1963359278&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Vcg8JrkDcm&p=https%3A//sarahah.top&dtd=361
Frame ID: DAFF56B58CF29D45AF3F33153964A18D
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4576544419463247&output=html&h=280&slotname=3361603013&adk=361493202&adf=1625653500&pi=t.ma~as.3361603013&w=1200&fwrn=4&fwrnh=100&lmt=1643226772&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fsarahah.top%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1643226772441&bpp=1&bdt=468&idt=363&shv=r20220120&mjsv=m202201240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C336x280&nras=1&correlator=5666406265491&rume=1&frm=20&pv=1&ga_vid=889557098.1643226773&ga_sid=1643226773&ga_hid=1449796486&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=747&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31064528%2C31063221%2C31061691%2C31063247%2C31061692&oid=2&pvsid=1481421488732247&pem=747&tmod=1963359278&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=VSS23r64gf&p=https%3A//sarahah.top&dtd=366
Frame ID: 5DAE22AA18D44D14E92C498DDBF6B1EE
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1
Frame ID: DBCA74BD2C4B196702F548B61BF24253
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1
Frame ID: 12CBD267033F60F5FE7DD1C1D35EA1E2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6njwIQ8cnEggIYr5DuvAEwAQ&v=APEucNVbE9khRCnN8oWxPdRKnzh8FPIyg3fYP0EKwM4hhdVIlAnG6So3fNVGEqsdyhn5-mCHNTuSQFhPO8jUkoO7ky3uf4sTAsy0mKMxsluPrMYohunMc3E9AfsP5KkcjgZf090wAxT63ysDU3y6TZRpv2qD_27XH2Ba9PzFBPocfnbbeEtZixE
Frame ID: 08585FED0D9EA9BC941DD1BB2D30D72E
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-APxb75Wa3i0uX5VW57fIxRbWSdReavzNm1z_hkyfJFhcB1Bnu4tbrE67VWuUc5ur7zAHZ1yMyjEETnURGleHK-Bis_c65bkWYq4MB6eueo5-aMeiRhesXnsKF2ZLuhvqMikk1xv8HPkOiNPUDfyI5rTTnhyQ&dbm_d=AKAmf-DIyIuwCFw1iVGlTTwd8GRn6N27KMKsgOG1WoXEfjZihd6rYEcuqRit0BSvzU116c12sooUx-5bhpzV6A0YWliC1GePfJ1kxSgZ2GGCo0BO43xYhumpogVgZj_wVTfMt_krJnqSf-j6S0tpFTByxqreDTpaqDBWaWrVJvcmnCueoFYEt8-HKgfKA-jBakxcZLV2WF64pFONbK7us8ze2weTPFQ7T6YcfLJ4btui4YTrRprqfA4dsC08g8EFVgT1LsWvOTW8bs9TBv3-GTB1nyiqcPxLevjADq9I1CE3C9ZQLOeLQC1xmBohswnvguyy3MRE0FC0zK2oadk_PeOMi9l49zlJI7cg8KrFZ9GLyAz0BHJA9gKDUAUafQmgZDYn0iZ8RqEoBKBBxvsb8EsAdUuowIjJEmbXSsTkzKyKdqHm616UerBWA0a3BuD9aKbhNkJlq5GsZBtXXOhhgxyGhqZ4f_X1QDUpfW4cMjroTlmVOQkdS2GX1euwusJlMBwsykMD67R7lTjsjgW-nvtrWgUWullcWpD6wljUObS9Yj4AYHe6rKvor-uAx1lWt78fm9vw2Wf7ELp7wudXYbb9uHgp70xdJECthalardfBOYIRfj2qaj9yL3h4RqosxqXh6plA_EHumnvr42Jjw0UpRIEqnM8uYYhUoLOI3ZQ8Cv5cs6wUK63su8PLull64rTkEFKPVSq4jzw-ZvGD6FmjVqjldIS9At5hp3B98beCA1t-I6gPRsau_4HO4m98Hcg3zmPmtQc87SlO_Gc9GlM4RaTOjN0gIorizHPBjacyqOAa0E6XdRRNyQDC0JosvHIsVZm_TlMj2phs6h8kXqtleJtbxXvBWq5QBFhL3qqrZRFADp6rZQTQ6nS3rLs8V3yMZiWd8YPGeEK-Kvq3eatchFKIbjFRSt9DwvmZy4Jj3dAMJptr62tP_PsUm-gR0xGF-_B30ggdb9qrsyynxVUayixxJcPQYz06cfQOIqtIXek_Zao9mdI6liDpEij8dHOsMnhRw38qew33qBlKcbZHEb8BlELbRx6YmoArlENmWtlcE3gm2rxrw5M39muOe1YBEHqprdV_ur397vfikldKAibZBksKezU8U5WQIh-ZIX5hA7mtiTP5tx1QgsSQwnGhuE2wrNG3HQrv8BjdnNw-gjqahIQ9C6h6-8rLz2ukQpvQzVqsKzLf97zcuLqA94skpQW6xjrojJrT_QOEXm5s0qUJlgZ9e71qyN3M2WCqnXfRdb34FEY3MB7sQUYzhr2RHiP9CP1oEHcaYTHPUSgUiTlkZ0LQgND6on4eg1F_PpLgmJqccqCU4EI2QiE2UaRnKsYq79TAtsH9WdkV_u7rRjYEzn79ntQjz7Nt01ldVSWEnbzMSOkHnL0mhUIC0prrA-Zw40vXpag-J4Ewi6tZpFAywo_mo5TB9Y7JdVwhuIWN0BnJBJwchThUbdlN6GH7-5Vn4eQX_VKoAB3l2MWI5ei2F9fWPt_ObEVrHxG5Sv7LQP1SbzjjrXIm6jVSKx8L0srAZL4u81g_0cAe6OSPgh8a17gVuOWFlR9pwslCk17JAEdVcsT-_8T_p775VnSrqRDloipXqkc8iXR2XJiJ4gxlh2xR9YMasASHTy4jWBnvEG2Yi1tlqqZevsWUJWLdru6H4RdD4j9AwCXLWuqfoWn4luJmjigJEyDAYBnMuOoe0EOHgpgM8Xzvp4fWIu_2U2Ul9zZcHZwmEHAOkCsv5EGhA6T6DpqhKTIT1Ai7veRueKH2fIJirWxoKgWzvuQoeg-frKXsmqavrDkyHiuepDDTp4arguR3FVm1niSWA64dU8-RaqHYIBwcNGDowRHkxkVGvX6dQlvz9FUgyE7eLD74tOpypJUtuUQdE40If7Tl0NIlXDAyRwkwCpZ0qh0RdjW9hUL6c5tkD1UEjKeWhoe5sU_7WqLOF0FO_WTmw-LeQOw0dDbRAuqNwkxqtks5HJTd5zX2VbCNBo1li8rqQqrjXbjtHIGL2jE5gxGmJdbHV-kzHV40GRNSFrAMJX6F_4LnNpmyr-ONO7XuCF6OEZ49T4REWFCTCOPzaTCsghFZHxxryBg46OFH6xEThf7bNFH3hWjq1cVB5bz2AC3r8M3B7OgCWnHfOYvgUK_1FlSM9bS3Yo2mFiLMX5AVaxlNwKpqRi8IFhVKREttu4Kb4qG375LXtim-PJobmWNVl1vMBK0E6-oeUW8cxPjhlmA3Kd7LdXNmnWOp2M56SG_udUh_mYkLFVzvTUDzuV99abPcY-QxSk6aPyz0BbrUR8Hbi_aNkWG0j4aL4u-XY80lQ6KeSLEQp7YzD8-Ap8TLzLcVOG7hrsmy_C4BXKMySM5IT5TT-nno6y0LFMVQy27YiCpkccx9Sbja4aVGGqUzF162saBgyWMyXjb8M9qzkhKh9X1Z6DJtfMlJ_glMBrQVDKMJPaXKggnui6PM-eIb6Uypu-kIxZsFvfQQrIecn-wuHL3tJ0b6Y-DSFRLo4hJM5LWTz9WzsyJywgNYvs6m4PpyPcN_LsUNSU_K-Ql2Y2KFMucAOd1oncWiNwmhIqX6usk3tLULyCOUS8JFXDjcWLWdaM-brtDUgb-QjHeQCuDSxbVDCo7-0Hl-vQINLCQuOYSndZkK6D_0Zs6SPxeuorlDBlsWmfh5KK05SPGfokgkEnwJZfyJWPkg2vEjvzatOWPUQYyh14QX-YUyCh3i1BvSNRQJAjWPh604dag3OQHvJuixkjidZbRfMraBhQpq5Cm5ZU41YuVhlhp8Rn6T6wvuDqvfvGOzw8128wld_vygoRNx1apD-22OcaHCdR2AkUR3N2-_I3KhmDkWerK3X7QfHhKAMmrjQVwed1medFMDAU_4AUMF76fbDhMzaP2hwsY-aJhvXQ&cid=CAASBORoKrY&rfl=2%2Chttps%253A%252F%252Fsarahah.top%252F%240
Frame ID: C4DFA89A54B4003C7333A4022C01AE9D
Requests: 26 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17429529086823290011/300x250/banner/index.html
Frame ID: 8ED042D1B469CF4CB26101109F0C41B1
Requests: 8 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 7D1A14EBB88E993BB475F02F2B9649CE
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 9AEE04717F22BAF7AEAE72C6BE89C2CB
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 401430044DBE4C363849FDC037BDE513
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 998DDEBC1B98B15B246D2DD8975F5466
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/index.html
Frame ID: C77472D9125078DE1AD14F81EC4792A5
Requests: 10 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/RSjKnk5gG5e-YnqyaokaGBofRBYcmQ35b5mWA3AF7Xg.js
Frame ID: 53FF19B37C596B92F52E1AA40CF58EA1
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: 83967030CB3DF3457D9D281083079BF3
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.12/plugins/like_box.php?app_id=1878381995713635&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df20844e8a48776%26domain%3Dsarahah.top%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fsarahah.top%252Ff2d658e40651c7c%26relation%3Dparent.parent&color_scheme=light&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fsarahah.top&locale=en_US&sdk=joey&show_border=false&show_faces=false&stream=false
Frame ID: 3DDD5738DD9B6A989E6474DEC22685DA
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 06F0EE035376127A3F768CE5643E4202
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 4229BBBC370DE38CBAF86DE481039D46
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

صراحة

Page URL History Show full URLs

http://sarahah.top/ HTTP 301
https://sarahah.top/ Page URL

Detected technologies

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<input[^>]+name="__VIEWSTATE

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Osano (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cookieconsent\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

192
Requests

96 %
HTTPS

73 %
IPv6

19
Domains

32
Subdomains

31
IPs

7
Countries

1874 kB
Transfer

5080 kB
Size

16
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: http://silktide.com/cookieconsent
Title: Cookie Consent plugin for the EU cookie law

Search URL Search Domain Scan URL

URL: https://www.facebook.com/messages/t/sarahah.top/
Title: زودنا ببعض الملاحظات عن الموقع

Search URL Search Domain Scan URL

URL: https://www.facebook.com/groups/129822224459618/
Title: إنضم للمجموعة

Search URL Search Domain Scan URL

URL: https://facebook.com/sarahah.top/
Title: تابعنا على Facebook

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://sarahah.top/ HTTP 301
https://sarahah.top/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 85

https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B25528973.299015724;dc_trk_aid=492208371;dc_trk_cid=148134615;ord=2737846794;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B25528973.299015724;dc_pre=CJ6UheGY0PUCFRrLuwgdlDcBCw;dc_trk_aid=492208371;dc_trk_cid=148134615;ord=2737846794;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=

Request Chain 91

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGhRh0PkLy6FWbRRBVqkE_4&google_cver=1

Request Chain 92

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YfGmlfRtiVlLCTXewIIMqQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDZluRMfIaE8JFKb8ReLtA4&google_cver=1

Request Chain 93

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEPHFlVkHMlTJ1BrFDQmZIuI&google_cver=1

Request Chain 94

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDgwNTE5MjczOTk2ODQ3OTI4OQ%3D%3D

Request Chain 123

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 130

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 149

https://fw.adsafeprotected.com/rfw/st/895631/58886990/4.js?ias_dspID=3&ias_campId=25570486&ias_pubId=pub-4576544419463247&ias_chanId=1&ias_placementId=15522394772&bidurl=https://sarahah.top/&ias_dealId=&adContainerId=brand_safety_labxYaGVIuTN7_UP6ImSkAE&cbFunctionName=goog_wrapCb_labxYaGVIuTN7_UP6ImSkAE&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_728x90.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fsarahah.top&adsafe_type=g&adsafe_url=https%3A%2F%2Fsarahah.top%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20220120%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&adsafe_type=d&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20220120%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271801%26client%3Dca-pub-4576544419463247%26fa%3D1%26ifi%3D5%26uci%3Da!5%26btvi%3D1%26xpc%3DDak0sGqLSa%26p%3Dhttps%253A%2F%2Fsarahah.top&adsafe_type=b&adsafe_jsinfo=,id:70a6db36-caae-5e8c-5075-866a6fe21e9c,c:2r1spM,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-76ffb5d575-gxwz2,rg:va,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,scm:publ1,nbld:0,mtim:2,fm:sVEE5bH+11%7C12%7C131%7C132%7C141%7C1511%7C161*.895631-58886990%7C1611%7C16121%7C1613,idMap:161*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:14,oid:8cf9b878-7ee1-11ec-9c43-269b2939ae25,v:19.8.284,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js

192 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
sarahah.top/
Redirect Chain

http://sarahah.top/
https://sarahah.top/

12 KB
5 KB

117ms
89ms

Document
text/html

2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 84cb3e695c3f22c0428678406500d7e0e6ea86336eec7a2bcbebc9fce7ba8b7d

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
cache-control: private
cf-cache-status: DYNAMIC
cf-ray: 6d3c48bc46529267-FRA
content-encoding: br
content-type: text/html; charset=utf-8
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N%2BUYMN9slnMNAe8tNSDqw53gkwHBI5VdkqHKpu7KSQnLGK8ywHth4P9aiKSE5u7OLYJewHES79huysuC6ou34SXmrzq3l25D6U9oYO6HaZyMDPVZfmcsUrnhGSjP%2FEMNeIPq4qzjDkhV%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
date: Wed, 26 Jan 2022 19:52:51 GMT

Redirect headers

Date: Wed, 26 Jan 2022 19:52:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 26 Jan 2022 20:52:51 GMT
Location: https://sarahah.top/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aOrS6uiy8D1NRIt3sBaOFzgbNHN2PHZknbAdOXxUSidTL1RfMonJlJP%2BolP2KKkWWEqjZ7VxqSnYyyzi0Z0zD7mvq9OP%2BQblSWQt42JvWng1BH4W%2BTb%2BXcpojYXhmPFRVMFXTfNyclPvqw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 6d3c48bbf9579177-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 2 KB
930 B 300ms
174ms Stylesheet
text/css 2a00:1450:400f:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Cairo:400,700&subset=arabic,latin-ext

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400f:802::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dfcc32ebe9aa77abfb262c93899419e290c0dfbeb081e5dac98a8dfd9c173ff7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:52:52 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 26 Jan 2022 19:52:52 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 26 Jan 2022 19:52:52 GMT

GET
H2 200 toolkit-rtl.min.css
sarahah.top/css/ 144 KB
27 KB 45ms
45ms Stylesheet
text/css 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sarahah.top/css/toolkit-rtl.min.css?r=01
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a1dc3a94fc551047fbcf35e16820b7668cbed3554f4b791fc8065db05385c05c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 01 Feb 2020 07:23:01 GMT
server: cloudflare
age: 2929
etag: W/"b0ecd6fd0d8d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pTlEjmC4OGYasQnl5820qIsm1WxWPwPT4e94yS6zKgKth8BkfacYHWWJH4as8CYk0tT5Qeqqs7gN8F3gNuezzVDFkp%2B3IFVb9%2BRsaiezwv0LBcL4uYR%2FcDbuiNYP7hlULTS2Tr%2BDxlfz%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6d3c48bcf6af9267-FRA

GET
H2 200 application-rtl.min.css
sarahah.top/css/ 1 KB
927 B 34ms
34ms Stylesheet
text/css 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sarahah.top/css/application-rtl.min.css
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: effc1357a7d1840e520a74c48828dd3c5b378047ff8380938446b1bc78d24ab6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 01 Feb 2020 07:23:01 GMT
server: cloudflare
age: 2546
etag: W/"1970ee6fd0d8d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1rHBt75%2FCiT0xg5qc1AY04gHKF14A5h%2BrSaLI6vgHzq%2BQZl%2BRqBGI8rLrSJLbSgWXbuXsVVCNDSf00oGiq%2FxsXYC2MqBwly0IIMcGHcfkQ436LuO9rI2S8%2B%2Fo1LuX%2Bourj%2F5TF%2FfZi%2FScQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6d3c48bcf6ae9267-FRA
content-length: 559

GET
H2 200 css.css
sarahah.top/css/ 2 KB
942 B 35ms
35ms Stylesheet
text/css 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sarahah.top/css/css.css
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f292c4a125f044878fb361ea34e8bdd6b415cb0eebc52ce9ff5669bc2903fd41

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2342
cf-polished: origSize=4567
content-length: 636
last-modified: Sat, 01 Feb 2020 07:23:01 GMT
server: cloudflare
etag: W/"abedd6fd0d8d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vVjwZn80MMOrpfKZl7cdFd1YZYKHKY1RsmIlzh4pKokQ4AGoVeNbPhHzJi859LWk7GG105Deex7JYxmdIY9te6RlevHkMXzz5hR6wft7IRsTuFPimdf675sSYI3w17kABp9oIJEoK4IBiA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cf-ray: 6d3c48bcf6ad9267-FRA
cf-bgj: minify

GET
H2 200 amp-auto-ads-0.1.js Show response
cdn.ampproject.org/v0/ 25 KB
9 KB 303ms
169ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-auto-ads-0.1.js

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d01cd9c12e8a177a9606838882f63d13981acefd6a122909b5da421ceec589fe

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7741
x-xss-protection: 0
server: sffe
date: Wed, 26 Jan 2022 19:52:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "53fe6472df9a86ff"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 26 Jan 2022 19:52:52 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 149 KB
52 KB 300ms
169ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3dee9b763d9065f26c3b33ad71419edfd9cd8bb4897b0edad3d2efcc8d351dce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52982
x-xss-protection: 0
server: cafe
etag: 1282050577865898978
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 26 Jan 2022 19:52:52 GMT

GET
H2 200 Logo.png
sarahah.top/img/ 2 KB
3 KB 37ms
36ms Image
image/png 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/img/Logo.png
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d5aaa16f9d7f3c00b42d7455411dc9bf5e8f2f3102728d153edb2a688c21309

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Sat, 01 Feb 2020 07:23:02 GMT
server: cloudflare
age: 3121
etag: "6bcc4d70d0d8d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OjLpudR0ZFrOiD3zR2docfItlGR4SOmVuNWtgkjheAn%2BsfKiU1qM0ZoBeLuZ8sZ3Xn6WDgW059EkDlTDMFkUFo4A6jfBXE38T5XHd6bM7FhnkXrz4yHSHuDuHS6PcFfpLJ7UtzWhi21Rtw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48bcf6b69267-FRA
content-length: 2240

GET
H2 200 cookieconsent.min.js Show response
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/ 4 KB
2 KB 77ms
32ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/cookieconsent.min.js

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

190fc02d8e8f1dd5acc40f48d0d6203e6115eb31e3f47f55db0c3f07797d68f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 129499
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1618
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-11d8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kbJpC%2FNBqecA49J8eQpmAkkaHSOOV1bE1YBe%2FNh7ihakJ1FNnf4IT9I38jJr1TYXcNBljA3C%2BlZbUfxcGWV5qU%2FM4LfT5Ss5JvMIsGrADyQiYRG%2BVnRUgXhDUi1l6RlGdcPosWO3k8Q2XZcNT4mhCrOI"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6d3c48bd3fb1906a-FRA
expires: Mon, 16 Jan 2023 19:52:52 GMT

GET
H2 200 jquery.min.js Show response
sarahah.top/js/ 84 KB
31 KB 34ms
33ms Script
application/javascript 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sarahah.top/js/jquery.min.js
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 962a514de7b249708e0478d0599d5af95e0e2ba0c6500bd0069ddf28dd38e217

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 01 Feb 2020 07:23:02 GMT
server: cloudflare
age: 3935
etag: W/"ed68770d0d8d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DYGJJ89J2hzoyOoY71U9usdeUmd6xQ1EXRjXh13S%2BMVd2cMrUdu2L%2F0rfiMoVs5n6W7Re7Fg1lILQk9My7d1nqlnsfhj4XJ7SevBEMuNyLfmyNqGKE1ItudryZs%2Bl6PAW9podPFbJqY%2Bzg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6d3c48bcf6b19267-FRA

GET
H2 200 toolkit.min.js Show response
sarahah.top/js/ 43 KB
12 KB 38ms
37ms Script
application/javascript 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sarahah.top/js/toolkit.min.js
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b947054f6ebf52d850bc9d2c6ec86dfb8345f4b02a74779195cb5471aa7f6b2c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 01 Feb 2020 07:23:02 GMT
server: cloudflare
age: 2878
etag: W/"08fee6fd0d8d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kd683XqJLU%2BTrvCPi21lgvu0a6eYc5tCD2J60O%2FuUbc1ysckpWMIwQVYHTqKoA4pc24WcFBmniKpGu4PNnG6%2BpBVZ%2FRasisv7liE9meX0E47iSU34FZEP0pLM2fNpFIYq8hdFXY8odk4%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6d3c48bcf6b99267-FRA

GET
H2 200 fb.js Show response
sarahah.top/js/ 758 B
786 B 33ms
32ms Script
application/javascript 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sarahah.top/js/fb.js?v=2.4
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 93b3d7438f5ab7204f909a016c1fddff78118a6d4525a7f718b4478b99d764f5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3121
cf-polished: origSize=1397
content-length: 418
last-modified: Sat, 01 Feb 2020 07:23:03 GMT
server: cloudflare
etag: W/"765a670d0d8d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gl557Qu1SyeRodpS307Rh55xYppYX0GT5KHCovmAblziNLfYkTdUYNTmEAAYVfWb8gS%2FvILnpY3WaU6RsN6W023YTmaRQFuZor3d5o4iWES58NItprKoXjOOAfzrSwL3wGnTkCsEtOqDaA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cf-ray: 6d3c48bcf6b29267-FRA
cf-bgj: minify

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 189ms
49ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 6480
date: Wed, 26 Jan 2022 18:04:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 26 Jan 2022 20:04:52 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 109ms
27ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e77e7b38e720e1b4006a1e6ca1ce97b88ee76414dfcfa34c03eeb82dd852cf21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: vS2sKoXCwiq+wnaD6ho0cQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 1687
x-fb-rlafr: 0
x-fb-debug: OL6Npa2gsKIFH8AVjnyWLVAJAhJMkoVWhP8DxSxKiyfjkzOSrE3jdm4QhBjp4d5R9VvZLY+PFyr4Xkl/SB6+/g==
x-fb-trip-id: 686109401
x-fb-content-md5: aa7a594e9a9f3a116cbe18adc2265e21
x-frame-options: DENY
date: Wed, 26 Jan 2022 19:52:52 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "b91a460658ab4f4eece6e4da497fe396"
timing-allow-origin: *
expires: Wed, 26 Jan 2022 20:03:26 GMT

GET
H2 200 UsersAjax.aspx Show response
sarahah.top/ 8 KB
1 KB 179ms
178ms XHR
text/html 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sarahah.top/UsersAjax.aspx?Job=GetUsers
Requested by: Host: sarahah.top
URL: https://sarahah.top/js/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c6ed43918c96438058f3bc1c79dbc56a7abbb1aa1b17a4da880b4e9f5e232dc

Request headers

Accept: */*
Referer: https://sarahah.top/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-aspnet-version: 4.0.30319
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=82gV7BW7GoIGv%2BRUTATCZyRRixYuZcFXam4BgydQVh%2Fo8xMm1NzjLG%2BKtbd0u%2BRltslN6c%2Ff9JsRwyTralX1XCXbNbzkXqbPlkIcwFUxWLP%2FJBuCjI1D0nuH2du1TonQ0APQzUvVI4Bt7w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: private
cf-ray: 6d3c48bee7bb9267-FRA
content-length: 1144

GET
H2 200 IGeshMgNVhb2XU2TGWkITvesZW2xOQ-xsNqO47m55DA.woff2
fonts.gstatic.com/s/cairo/v2/ 20 KB
21 KB 171ms
49ms Font
font/woff2 2a00:1450:400f:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cairo/v2/IGeshMgNVhb2XU2TGWkITvesZW2xOQ-xsNqO47m55DA.woff2

Requested by

Host: sarahah.top
URL: https://sarahah.top/css/css.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400f:80b::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

72e046842e09ed37e960ab0575f4c5ab60bff1a0ea22d3c27335e505190e5504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sarahah.top/
Origin: https://sarahah.top
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 23:01:30 GMT
x-content-type-options: nosniff
age: 75082
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20440
x-xss-protection: 0
last-modified: Tue, 10 Oct 2017 23:16:05 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 25 Jan 2023 23:01:30 GMT

GET
H2 200 toolkit-entypo.ttf
sarahah.top/fonts/ 74 KB
74 KB 44ms
44ms Font
application/octet-stream 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sarahah.top/fonts/toolkit-entypo.ttf
Requested by: Host: sarahah.top
URL: https://sarahah.top/css/toolkit-rtl.min.css?r=01
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ce72d5b1eec9f07ff895dd2bc12c0420fe189f4d197177c8f9df792409c1fef

Request headers

Referer: https://sarahah.top/css/toolkit-rtl.min.css?r=01
Origin: https://sarahah.top
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Sat, 01 Feb 2020 07:23:02 GMT
server: cloudflare
age: 6810
etag: "cd351270d0d8d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lJhdXpgyP9BqT%2FfhvY%2FpUM8Mo397WJvB6gqFiSRDghaXje7HxpJJYoCAP2IntA2FqQx5iKUnjqyz4rFdvV15wj7guEK6DEG7fw62%2FAnkLBzMDtZ7JL%2FgqmREFL8aEwvLaz4vlC1NWJkJsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48bef7c29267-FRA
content-length: 75572

GET
H2 200 gtxIPk0-ZE5IZ2RrdsRLuQ.woff2
fonts.gstatic.com/s/cairo/v2/ 20 KB
20 KB 203ms
81ms Font
font/woff2 2a00:1450:400f:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cairo/v2/gtxIPk0-ZE5IZ2RrdsRLuQ.woff2

Requested by

Host: sarahah.top
URL: https://sarahah.top/css/css.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400f:80b::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f17b85b76bf75df39adb6dddcf29c82c761cef8a35f92968f68431646814c63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sarahah.top/
Origin: https://sarahah.top
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 23:01:30 GMT
x-content-type-options: nosniff
age: 75082
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20588
x-xss-protection: 0
last-modified: Tue, 10 Oct 2017 23:15:39 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 25 Jan 2023 23:01:30 GMT

GET
H2 200 RLgQnjqLWN5-LcxkRZr1cBTbgVql8nDJpwnrE27mub0.woff2
fonts.gstatic.com/s/cairo/v2/ 19 KB
19 KB 234ms
119ms Font
font/woff2 2a00:1450:400f:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cairo/v2/RLgQnjqLWN5-LcxkRZr1cBTbgVql8nDJpwnrE27mub0.woff2

Requested by

Host: sarahah.top
URL: https://sarahah.top/css/css.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400f:80b::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

827e4c5288548b930b54b74447c5e93ce460c584333e1985716917c6e84131cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sarahah.top/
Origin: https://sarahah.top
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 21 Jan 2022 23:43:15 GMT
x-content-type-options: nosniff
age: 418177
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19400
x-xss-protection: 0
last-modified: Tue, 10 Oct 2017 23:16:05 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 21 Jan 2023 23:43:15 GMT

GET
H2 200 MoGpUcTu_oZLf0bsrG2xFQ.woff2
fonts.gstatic.com/s/cairo/v2/ 18 KB
18 KB 218ms
103ms Font
font/woff2 2a00:1450:400f:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cairo/v2/MoGpUcTu_oZLf0bsrG2xFQ.woff2

Requested by

Host: sarahah.top
URL: https://sarahah.top/css/css.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400f:80b::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53c686d7e860fea3b69b3f32802936f4bc000af17289eb10bb4354cb26cc8867

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sarahah.top/
Origin: https://sarahah.top
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:41:12 GMT
x-content-type-options: nosniff
age: 90700
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18556
x-xss-protection: 0
last-modified: Tue, 10 Oct 2017 23:15:36 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 25 Jan 2023 18:41:12 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 290 KB
82 KB 31ms
17ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=1ba1175ca14f4676e97befac36528928

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

753955bf70cd0bc974f3eb544e64e9bcc986eacea65a95ec6894bc03379efb36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://sarahah.top/
Origin: https://sarahah.top
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: xxe5dYqbr/GDtm8KbIOmnQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 83490
x-fb-rlafr: 0
x-fb-debug: TWU0pIHyGFq0saDpv2A9hgdiU84mVjYRzNLgeeHcwmYOpctNHC1bVchMe5gGrc+rvIMlNw8l3BaKYaxSRss02g==
x-fb-content-md5: b6147f4b1e0d21b4bff8cd1e253fad27
x-frame-options: DENY
date: Wed, 26 Jan 2022 19:52:52 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "af6ac2d57e357b854fa488bc900e9a1e"
timing-allow-origin: *
priority: u=3,i
expires: Thu, 26 Jan 2023 18:51:32 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201240101/ 287 KB
103 KB 128ms
75ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201240101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4576544419463247&plah=sarahah.top&bust=31064528

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

14c64a22bb601a270a32657f00f8e630dee45e712fc77984f8966b3cfa6b4042

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 105917
x-xss-protection: 0
server: cafe
etag: 14174735604834296103
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 26 Jan 2022 19:52:52 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220120/r20190131/ Frame E1A1 11 KB
5 KB 162ms
66ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220120/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

425b48211e0ebe795b6ead9ec2f1bcd9e04e9930a7dd30e08cdb2fef0bcb834c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4885
x-xss-protection: 0
date: Wed, 26 Jan 2022 06:04:45 GMT
expires: Wed, 09 Feb 2022 06:04:45 GMT
cache-control: public, max-age=1209600
age: 49687
etag: 13671712056976469594
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 6912333178837747.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 69ms
62ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/6912333178837747.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2695bcdd5e24836e5dfd9339597450d6e0d35663dd485cb079a343d93ff279c2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: MISS
last-modified: Wed, 26 Jan 2022 19:30:57 GMT
server: cloudflare
etag: "d541e83deb12d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0DqIUw0rs5G7ASzlZVgG6Cvk%2BP%2FQcXMB6cY5qZJbHRDdYqpV6RdGjt1C2lPtckt6hKVw7ly6k%2B0IItpEB43bKB47HqO43qSSGpfF7y2pOWmxYjFPXO0CYvYlCnYnZG3ryk1m5risg2gEzg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c030989267-FRA
content-length: 2986

GET
H2 200 3132021013742802.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 20ms
13ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/3132021013742802.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 34982d2d4280b244d827700a28a7928656faab7572a23c83516628fbbc2c5cff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 19:22:31 GMT
server: cloudflare
age: 425
etag: "668b5a10ea12d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EZBMcExM6IzS7h%2BtAHQMaeD%2BWGHjnZXVjUpn3Zs8KSUUl8N9QTGYLmoqYTqJI4UDF7FqS4N1LHbRthKW6J7zMAR83Tvq1ZHhJdG9MKUZRSnBJLD9lSHbFmWqwF%2B%2FHmZd4%2FivyLoH0bGCcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c030999267-FRA
content-length: 3210

GET
H2 200 262435035947152.jpeg
sarahah.top/images/Thumb/ 3 KB
4 KB 22ms
15ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/262435035947152.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcb7e8e898e42b94e7719f64dd67f87614daa3e619f17060dfa43ee2ba84e523

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 19:26:47 GMT
server: cloudflare
age: 425
etag: "645b51a9ea12d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jBnrQgt76O13xQHmyI54HrolYX7S9vf0ulRuIrYfXvpgmPxxD76C9mLcZHUGgPci9of4bBbw2LhGraaqJmsoC8shfMWC79MddR1NYkL4XF6oY9oUiOKtvp7%2FQl%2FyZYYBlyI2Ti8U9gAB5A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c030a29267-FRA
content-length: 3373

GET
H2 200 1350462278712304.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 43ms
37ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/1350462278712304.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ad570a52eac7ed0688970830424409c8f6a5e30b0c4c47a87b304b19a33dd43b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: MISS
last-modified: Wed, 26 Jan 2022 19:29:14 GMT
server: cloudflare
etag: "12df6e0eb12d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zTS1R1J3kaDANusDsvcrpnQK%2BfVthsXYJKv0lX6WaK6rhSl7gUro5lVaYjIpYBzHUTBs6eOakMoI2zZLz%2Bo2UQiLDKsEeXGavpsKYkPtyVp3%2BQlSjpWKpDGfKORkKYuCmrMJmmyeA7ep9A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c0309b9267-FRA
content-length: 2725

GET
H2 200 9f898ef1-343b-42a1-b372-a2e459c0fbd2.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 26ms
19ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/9f898ef1-343b-42a1-b372-a2e459c0fbd2.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf0b11054a1e4f8df39bd558b56d7e44e39c0f9e57f2921d405d292539ddd4df

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 19:05:48 GMT
server: cloudflare
age: 1610
etag: "2bf9babae712d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uXarvO0OY2y1AhlgBSeZ2OMuDKlsGsXsN6YbXyZ3asxM1iDoSV9kqjy0KR1wSugf607qexwlyg3jvCjExqwKx7lsiDZQMvd%2BSoJqIgy03YEafQkUao6EFqh5KO3pYi%2FMcPoBuSNcZBKp4g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c0309f9267-FRA
content-length: 3191

GET
H2 200 330947438957940.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 23ms
17ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/330947438957940.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 23eaf64c1c0e3450bd32f81ae0eec736924b3dde6a01a9eb49f870c30bc410fc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 19:17:04 GMT
server: cloudflare
age: 425
etag: "5dbf584de912d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kw5ZrMziBUnJFNBIUwIs%2F5jAqe%2FbF2pBvERM9HBxKaDpmrSrssV5bwBhfAC7DvuSTM6XThXQ6EZhR15g5ZioFAMXqpUg6EiZsFXFAph0N2aVqVTMubHYIZwIsEEQJF3KC32HAukqCR8nig%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c030a39267-FRA
content-length: 3156

GET
H2 200 323240709726101.jpeg
sarahah.top/images/Thumb/ 1 KB
2 KB 27ms
20ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/323240709726101.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 98e9b684c81956a4e37c20546d2aeef3eeb9e6bd90cd28fab1a40ca27dbe75a3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 19:11:19 GMT
server: cloudflare
age: 1140
etag: "978baf7fe812d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vBOrLHS4yiLordysG5R0vtkdzTSLDOgvFnRrrdDtAdvH5NdlZraLcfd3IjOqGoo8eCaOsXAd9XDjxe8hNl2KiIfK5aV6FRj5xJQHvEPJJjbyi2yxA4dfXpBEqkO8318Dr2YmTC8zmQ5J3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c0309a9267-FRA
content-length: 1216

GET
H2 200 260492562818307.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 25ms
18ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/260492562818307.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d7dc01a8261314dfde79c7514a56a275194eac2126cdd8b2b00c3c501f5e5713

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 19:09:46 GMT
server: cloudflare
age: 1140
etag: "3d248748e812d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P2%2BtEfudiX1mVllkFg6Ze3wnXOuh3nwPpCUaQvLk5pOa2se78L8zV60B7%2FkzHyu74jzusx4x20cbUsUpXzWFmZ88ZAqt97RAM8TNHodP9smYAMhtrHX3HAbGUyp0hych3g4ZRYIn5D4n%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c030a19267-FRA
content-length: 2696

GET
H2 200 1098305024321024.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 21ms
15ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/1098305024321024.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ff7a543e9354236269712cb846d931a8c8bcb3fafd36cd5650f2536794b65c5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 19:15:13 GMT
server: cloudflare
age: 1140
etag: "2ac156be912d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s8lFeiOIEIOSgnVyVq%2FxemuSFr4Z%2BzS2jkeYpO0edomGdHRZR6DBQyuAdlDSVV9M6FMaNNvCxSl9be8lEKi2vZgvQK6qjphN2%2B8etOHxLDgHoe6qIt3F5eiFe1dNb77mX5Ed%2FpOWFXD5rA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c0309c9267-FRA
content-length: 2781

GET
H2 200 257942609751569.jpeg
sarahah.top/images/Thumb/ 4 KB
4 KB 60ms
54ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/257942609751569.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9ba62b4105359384891ea2ed5eba1be39434abd00986584fc4bdb45b7f0f5ae4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: MISS
last-modified: Wed, 26 Jan 2022 19:32:10 GMT
server: cloudflare
etag: "77e3b769eb12d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vTGD5iKryVCqw5RJdBY%2FN19Voo47JxJv9rXqPGSv42dh4GoP%2F8flCZA639HMthyCY7eJoLS5HjHJya5SSRjFj8w0FI2sqyGjMqYXbUjWgUnqoAZ2E8YZKDmvs9uBo%2B0p8uGhRw39J7r%2BJw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c0309d9267-FRA
content-length: 3839

GET
H2 200 144738281271205.jpeg
sarahah.top/images/Thumb/ 3 KB
4 KB 63ms
57ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/144738281271205.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0506c511adedd17fd3b8359e4682285add8df7600e761dbff88b70061a82062a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: MISS
last-modified: Wed, 26 Jan 2022 19:27:41 GMT
server: cloudflare
etag: "21216cc9ea12d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iYiQFghJFkTaubpPs5TrTdL8KbGxXG8RDKzAL%2B%2BMknxz4296FdO88DXrxuI0sXh3aaJ5l7KxmBbpfNtEt19CVmzZJo%2BUpbqlJQVXq9TVm0%2F%2Bve15lQZ45Wj6uGz%2FtcXcfxa2H1B17157Lw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c030a99267-FRA
content-length: 3524

GET
H2 200 107110258548546.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 26ms
21ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/107110258548546.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6fc97626eb8e44041e240506f474f7e5f69c4d980a2b1ebbbffb2cd1804eed4e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 18:55:48 GMT
server: cloudflare
age: 1610
etag: "1dbb1555e612d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tQ1XOn6yhglf%2BEpKfx68rVIQ8w0mQW3vpvuYkJR85NtQJ4d23GCo2PcAB7D4nkISQtU7AbNe1KwcELrH7CW4Dz7%2FQPepouVwkBxRTt5FGM%2FTVZNpYAT8sfo%2FHCjj5qkD7ckiej8Xvqa9JQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c030a89267-FRA
content-length: 2631

GET
H2 200 a77545bb-d3d8-4d73-ab9e-bfcfc502e182.jpg
sarahah.top/images/Thumb/ 3 KB
3 KB 65ms
59ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/a77545bb-d3d8-4d73-ab9e-bfcfc502e182.jpg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45ee36a0bfc5365086faf5f148aaada84fd35cdf35f1b161eccf89c7fc480fe7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: MISS
last-modified: Wed, 26 Jan 2022 19:29:55 GMT
server: cloudflare
etag: "54f64219eb12d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q7y3gpjMEq7CP7Vf5sJmNG1Csis7tndB1BzIs7irMViym1TBtzEifM9x%2F5supBBXrA8cXHfdZFnW%2FrbSlvu0%2BmyiDZd%2BXBHJxI65C1d5qn916VDbk0Ng5dPaVycSN0sFbLKH09zDGLLQZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c040aa9267-FRA
content-length: 2993

GET
H2 200 1113157536115272.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 35ms
31ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/1113157536115272.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1401d53baf31fc94051c3ad190ecb1801e8135152fde7a6f73919eae2f2d19f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 19:04:12 GMT
server: cloudflare
age: 1610
etag: "c495ae81e712d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VrrbFKnLqhVjrIsPTAS8SQkwlcwfHIs4PfnF0TPJ%2BAKcJFeXRMR8bXjeHQphQcLLb2tXgBWezD8OQPxYOW1BB7MG%2FUInWyPWuhzEeT2aKdumNSmzxSfp%2FDSOlOLMYyNsX2FyPZf6bzqOxA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c040ac9267-FRA
content-length: 2729

GET
H2 200 3035853676676551.jpeg
sarahah.top/images/Thumb/ 3 KB
4 KB 30ms
26ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/3035853676676551.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7be1888e890486ae1f1880d08d0c6a6136a632c5ceaba38da103779e36adf0c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 19:08:41 GMT
server: cloudflare
age: 1140
etag: "fd41f821e812d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oQ05rbFwTt4bQyA1Q1OZiNyFzxtkjKPeKoh3mjjiJOg9v1PpGhvs3X%2B9%2F%2B%2BHh7WQcCcVLuorkRk7ODggB9gxBxBdg9%2F5yaT7445qRB%2FQYHPVKUWQtKYdguIJHKA2NhEBYV5Q1fxHGH22rQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c040b99267-FRA
content-length: 3441

GET
H2 200 10158272609941806.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 25ms
21ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/10158272609941806.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 282c5381a9e393c13e1178ecd4c037481cb298e6aa4af54a46b75bbaac01cc02

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 19:03:47 GMT
server: cloudflare
age: 1610
etag: "e22f5372e712d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WFjQW56JZi8acbeFpjgThCX6KHYMzrmpNCzJcpQmLANcJ3OhFgiRsnnAEXPQf3HAGHxuWSTIGbsNSN%2FRtTpZ2JhKGHTfdTlaAPFcuNN8u91DOH0QktbIrB6lsyAvFcmlk5tpKJDEKt8cdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c040ad9267-FRA
content-length: 3090

GET
H2 200 6f18a917-a307-478c-a25f-93a8572b8fdc.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 23ms
20ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/6f18a917-a307-478c-a25f-93a8572b8fdc.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ffdf650b40e593d862bcb47640561c8bcda464878ab188f1e9f16b847cba9c80

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 19:11:46 GMT
server: cloudflare
age: 1140
etag: "d48fb88fe812d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OTIRwMpZD6SenHSxNKs3RHdCoiPBoALIgaatWY6Hhs9y3YP4ZYfQnmGwAt30b5Thop59p%2FRsNLARpUIALzSlQvOLn%2BoLfxrzLcvzbgevcSR7GPHSslcX2WqeGd3XL5bs3aMYGZt60ciIcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c040ab9267-FRA
content-length: 2789

GET
H2 200 1583876255299894.jpeg
sarahah.top/images/Thumb/ 2 KB
3 KB 29ms
25ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/1583876255299894.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5b3ed1b46233ca85a9b4a05a923889efc3c756c72f108e1d63c2be132c066079

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 19:23:43 GMT
server: cloudflare
age: 425
etag: "bfdc133bea12d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YyK2IIwZ8g2f3Kpvnmt0LtQr0gipDH7%2FelGS5E9Wmeahhs78JKQpi3F1N0%2BAHTFjO8WXLGswDIKBVJLgPoEiNHW2PtTOS1ISWCBbGCNxSaIBW1qtzvqbtzTQi4zWVVSFUnKNfe9YwnwB5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c040bc9267-FRA
content-length: 2143

GET
H2 200 484312893349605.jpeg
sarahah.top/images/Thumb/ 4 KB
4 KB 28ms
24ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/484312893349605.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75e71c5856caca518c8363b6ce069d674234a9c8925d0b78d97c0f9e0f968b8f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 19:16:21 GMT
server: cloudflare
age: 425
etag: "28d5c033e912d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zzdv94TDZkr1Y3wQ8XmB%2F8S1ITD8yvm4W1n0U%2FDCjKs%2FZX42M8yAMAbC0DF0%2Fak0vMH1gmzn%2BUv50lXozWJm05R%2Bw0esgmXLS8ZEqUtRPgQn6qAgBRyeIdRQqW4ib5JmjwaOSvGTBb1oMA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c040ae9267-FRA
content-length: 3707

GET
H2 200 3220701498209684.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 37ms
34ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/3220701498209684.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 677929e0327ebb41fdb64b6cb52e6be9601c2cd85fa17599312e61161de1592a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 19:20:00 GMT
server: cloudflare
age: 425
etag: "3c0a8b6e912d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gvoq%2FB22Fyr4SE5Jh%2F6nmZaUtzvHeEqhdiSboBHSQgfVnh1m%2F7N2oUtexQ%2FZtqWWlbjFnyMce7k2uNraZ8AnnXeK1H%2B6Y7z42r60p4RD3hpNAyQTdyz%2BhScA477GeHDQqS%2FXzuVWcHuGcA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c040ba9267-FRA
content-length: 2659

GET
H2 200 458787962469942.jpeg
sarahah.top/images/Thumb/ 4 KB
4 KB 64ms
61ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/458787962469942.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 98eefd4af5ff504a1c1265829a9a5003b306367a2aabe02244a6e9611e0f9e1d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: MISS
last-modified: Wed, 26 Jan 2022 19:33:59 GMT
server: cloudflare
etag: "9380cfaaeb12d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xcDPY2%2B2%2BNJQiq4YOG2%2FiwgD4uJ5PMtEquqz89AJJS3F2oEjLn5boVQN%2BPzXDWJnFhfNqdNuw%2FXUpzOWpUEd6R%2Fv7qj8ITmVey2DE6GAdu4Fd%2BK85Qx2cTJ8X4s0D4Y7OF9MwuNLXAvIJg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c040b09267-FRA
content-length: 3590

GET
H2 200 2972895666292730.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 25ms
21ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/2972895666292730.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df4a1a525efb37791a15bb9ed7200812770339c467dce10c6e80e80a1282a809

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 19:07:58 GMT
server: cloudflare
age: 1140
etag: "de17d87e812d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yvo4d%2BEdNt2HNv%2FVEv6FCiqjeGPoUwMA5yFWsvZBB20Y4vzbtz6uqyrFYF12ETShCnYEvM0gnWtwkrWOa%2BQYwFePCNVnzK3btI1UVWMyB86HYVeemrpzySJM2xd%2Bj0aeSDE6vIITu0nGcg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c040b19267-FRA
content-length: 2787

GET
H2 200 2930045603973484.jpeg
sarahah.top/images/Thumb/ 2 KB
3 KB 32ms
29ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/2930045603973484.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5efd8e19bc60b6988cb2f37c4b734c278888969f5dc251558b81025c33939981

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 19:01:59 GMT
server: cloudflare
age: 1610
etag: "47e1c32e712d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wB1GyXP13587tXhAun0HhXiFrM%2BSTV%2FK0RtWnYMlAxvfxjuUI4Ie7PZE6v7CXWbMilpTs2J3B21ZAa437GqRa7MU6szUYGIFoaoG2nCDhCIYztmEVQfxiSjFHCux9cF5EpMNSxWGI3bSyg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c040bd9267-FRA
content-length: 2501

GET
H2 200 1081901852352913.jpeg
sarahah.top/images/Thumb/ 3 KB
4 KB 28ms
25ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/1081901852352913.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 648c56c9570eaa5f8f50fb1b96efc2a62e4d37c14fca8bf084d0078b99e93529

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 19:14:47 GMT
server: cloudflare
age: 1140
etag: "3d414fce812d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ET0bNo5uYc%2Bhfl%2BntLYbKbEDP%2FsYpEIoeF2cfI8oFsjRH2%2FckyrXKtHYZLWCYEY6e1gJk4Nvfl%2B6Lbi3ESLWbnDpvGL0TH8%2FJDM%2FBbveG2L7VzLCBniRuY%2B2i64S0ZLBElnwHpGFcVHMJw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c040b39267-FRA
content-length: 3352

GET
H2 200 1749652962054486.jpeg
sarahah.top/images/Thumb/ 3 KB
4 KB 32ms
29ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/1749652962054486.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b666963f4d6f06181b588798c1cb64c5c3ee73351162f783e1f024d9de147e6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 18:58:58 GMT
server: cloudflare
age: 1610
etag: "189b4cc6e612d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bP91k%2BTX8LmGeFwhtfOYCDBwuv2ocDwXMP22Eqa%2B27On5kkb4n0Z8WQA4dbWbTCaXsUxsg3UwlK3MgaLnVBm4b8XBDBCF6ignSm4Fr4RNJHk1m%2FVWufjzU7GrEv%2BjZXvbOY30spCZdWgeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c040b29267-FRA
content-length: 3419

GET
H2 200 652295419442151.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 31ms
28ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/652295419442151.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 38158403202813fcb53826d75067a416b06ae98af0cbdcd152f6a3c0cb29080e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 19:23:42 GMT
server: cloudflare
age: 425
etag: "66bcce3aea12d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ewfhnDGtfZqL%2B%2BpEImnY5RkQejQGv531%2BLU9CP0U0DtHo1V4egvkNanAJh0bDvyWpoA1kEJnRJv3ON1IKTFTyCSkf88YLT%2F2rs4hqCRdptpypd%2B3VCZnWC%2FB6SlQl32lzboV6kjYc7ogBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c040bb9267-FRA
content-length: 2853

GET
H2 200 1218369105360858.jpeg
sarahah.top/images/Thumb/ 4 KB
4 KB 45ms
42ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/1218369105360858.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 38e76c6a26f01b4dac0b10c18c12051bf334de906ed4b40028691b63ab0fe844

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 18:57:44 GMT
server: cloudflare
age: 1610
etag: "2f67309ae612d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3pMHbZ%2Bdck1tLHHZzuNsdlUgfCkVGX7PG0jq8bR%2BolgEq6wIclBRSCie0IeOCB1wZr4%2FhZWzpqj8ms4ssFUH6KAffqvltumcPUHogKdkJMWoDuaZhXmIXoqXAAguOEO%2BsSZfgGmBLrLE8A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c040c29267-FRA
content-length: 4102

GET
H2 200 3150884828456720.jpeg
sarahah.top/images/Thumb/ 3 KB
4 KB 32ms
30ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/3150884828456720.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16123aaaea75a8b19b0b8ecb0ba513cea263cf9d17fdb3c35d97b24c38b61f7c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 19:18:17 GMT
server: cloudflare
age: 425
etag: "4d63e178e912d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S%2FxQW0BsxZ6T%2BCTo00VulRYoAnd8vvG0%2F%2Ft1a6k7mv67xewT%2Fp93lb9%2BAFM5jjYlNDKQ12vzxIxccdMrFWeWnuMoPxlcyfeXBfqTcXEkxhucWlUfMGz1SKueQXM0FcjbhJbXvqzK3si2tg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c040c09267-FRA
content-length: 3553

GET
H2 200 4577648439028175.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 31ms
29ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/4577648439028175.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c56445a5005a5a2a5795617a690e1173b3a59d461372ae68bbf706f90834eb5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 19:08:33 GMT
server: cloudflare
age: 1140
etag: "186c291de812d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x%2BgKQpuAyuZsAmhgeUQumzqsTlmSzrQ%2BUQPYWRWaQImepn17I5H2kn6GVdzYACT3Cgy6u49Rb3l7R0cWX5RLRfguLoD6oMVheqTyB5B7civQWvyFevLTRBlVE8bJAfiqQyOMPRokwp6ocw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c040bf9267-FRA
content-length: 3023

GET
H2 200 7c7952c5-11d5-4b29-b3aa-76c08a2c2e5d.jpg
sarahah.top/images/Thumb/ 3 KB
3 KB 25ms
22ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/7c7952c5-11d5-4b29-b3aa-76c08a2c2e5d.jpg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7bb7e6205dd8ec85035d44fdbd258783d6f96c217ada143e08e309048df77c09

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 19:26:12 GMT
server: cloudflare
age: 425
etag: "302e4694ea12d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iPs3DgtPEhKskuUtlfu%2Fsb0RwNY38SJ1pVodQVEs%2BhDt5yQJCggj77%2B8T6JTIEm0CJedoEFR1Y5uJQBxEeNwZbTbaJVbLkQ%2Ft%2FlkzaKcWtInj8CHsYpJONcB7eYOvl3S5xXqr1i5cTHu3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c040b49267-FRA
content-length: 2659

GET
H2 200 1241382949684301.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 87ms
85ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/1241382949684301.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5625ad7c53356ac4fd214c65d0148301bf0925678383c2ee9e69feae9bb686c6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: MISS
last-modified: Wed, 26 Jan 2022 19:28:22 GMT
server: cloudflare
etag: "e780a4e1ea12d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f%2FUOKtJuOgSvgsyUTr%2BscFOtlTEt%2BRa8zn5S0atGTtEI%2BVXpJsytOeLXQBmHJhWMU7mg%2FppFrc6S%2BUG8aP3CdhECUHo2U5rGTi072XW6xxUluCPIe0bXWe5nH2eFvNvBdA6Yto4NwHkVtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c040c39267-FRA
content-length: 3192

GET
H2 200 1298886580534808.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 24ms
22ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/1298886580534808.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 849073f91f92f06b81ec8074be471457e4d275f6a58c22ffa2ccb8658a63b241

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 19:05:16 GMT
server: cloudflare
age: 1610
etag: "d24b5ca7e712d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tjs6XOnYM0oap8JhPjoHhv%2BPmVzJuc23%2FKmFYldzCAvq1T84fajAZbQqv2dFqHYQ6kvVBY%2B1hhi5HcmA0KKOk%2Fc5TV7C9bvj8aPe1HOBp6HuxmPJoj0KdxT1L7JOauV6DIoDI7OOE4J%2FVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c040b89267-FRA
content-length: 2769

GET
H2 200 495784385504621.jpeg
sarahah.top/images/Thumb/ 4 KB
4 KB 27ms
24ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/495784385504621.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e7da8595210b56980e8562f82825cca7423d3efddf5f2cfb392901012050cc8d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 19:03:50 GMT
server: cloudflare
age: 1610
etag: "3a286a74e712d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mh2DqK4xFko2b58N%2Ff7hGzXVAJ7S5pVq0LhBGgebpV%2FLlbFOWlOpF8ubcBdUEDyFTWKb9IDEUbZd0aoymnb4Tm60Lx1WG3QkwrsUDtm%2FCWxMJY0Vcqdupgrx%2BjctNhH6e%2BYbCxraSbqlRA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c040b79267-FRA
content-length: 3723

GET
H2 200 1971399329699033.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 28ms
26ms Image
image/jpeg 2606:4700:7::a29f:8955
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/1971399329699033.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:8955 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00ebf58dd453f4ca07ac8fd6874361705d4469f8f263fce4577b3fcc52cd6ce2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
cf-cache-status: HIT
last-modified: Wed, 26 Jan 2022 19:13:10 GMT
server: cloudflare
age: 1140
etag: "436cf3c1e812d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C0XXAHVpIy12F1C0QZF1iy1i4TZXaFHUn%2FMRblKYYQ89Ff%2F%2BbODWTJmq%2FxVbtIhJL68bQG9uXAUz%2BiiAFGDmJyw4OfKvsfvqCvieHIrM75qXsnTP5vpUysM64y09SejMCiTbEMFsaxr0Jw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d3c48c040b69267-FRA
content-length: 2948

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 239ms
190ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1449796486&t=pageview&_s=1&dl=https%3A%2F%2Fsarahah.top%2F&ul=en-us&de=UTF-8&dt=%D8%B5%D8%B1%D8%A7%D8%AD%D8%A9&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=71079405&gjid=693293814&cid=889557098.1643226773&tid=UA-92277503-1&_gid=540714890.1643226773&_r=1&_slc=1&z=1004066630

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://sarahah.top/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://sarahah.top
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
295 B 36ms
14ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1878381995713635&ev=fb_page_view&dl=https%3A%2F%2Fsarahah.top%2F&rl=&if=false&ts=1643226772528&sw=1600&sh=1200&at=

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Wed, 26 Jan 2022 19:52:52 GMT

GET
H3 200 rum_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20220120/r20110914/ 54 KB
21 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220120/r20110914/rum_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201240101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4576544419463247&plah=sarahah.top&bust=31064528

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a6037288a92e8a8206453a394a839d6256f7691a33f1e847a3c7cb9a7f3ab4d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 01:52:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64824
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21518
x-xss-protection: 0
server: cafe
etag: 7675850736633530315
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 09 Feb 2022 01:52:28 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 215 B
644 B 183ms
73ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=sarahah.top&callback=_gfp_s_&client=ca-pub-4576544419463247

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

b60d1b27c47cf481112ae52b636bb46c673b6e7bcdd954d84a6029cad9e6d53c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 199
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 181ms
74ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=sarahah.top

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 26 Jan 2022 19:52:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 181ms
74ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=sarahah.top

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 26 Jan 2022 19:52:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 81ms
81ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fsarahah.top%2F&tn=NAV&cls=navbar%20navbar-inverse%20navbar-fixed-top%20app-navbar&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 626C 158 KB
40 KB 505ms
452ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4576544419463247&output=html&adk=1812271804&adf=3025194257&lmt=1643226772&plat=2%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fsarahah.top%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1643226772437&bpp=3&bdt=463&idt=333&shv=r20220120&mjsv=m202201240101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5666406265491&rume=1&frm=20&pv=2&ga_vid=889557098.1643226773&ga_sid=1643226773&ga_hid=1449796486&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31064528%2C31063221%2C31061691%2C31063247%2C31061692&oid=2&pvsid=1481421488732247&pem=747&tmod=1963359278&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=349

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6925748bb406683a66a8aaa3980f64d5e7f8a621c856db764b3815eab18c923d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 26 Jan 2022 19:52:53 GMT
server: cafe
content-length: 40506
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 26 Jan 2022 19:52:53 GMT
cache-control: private

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
439 B 92ms
27ms XHR
text/plain 2a00:1450:400c:c06::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-92277503-1&cid=889557098.1643226773&jid=71079405&gjid=693293814&_gid=540714890.1643226773&_u=IEBAAEAAAAAAAC~&z=462962286

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://sarahah.top/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 26 Jan 2022 19:52:52 GMT
content-type: text/plain
access-control-allow-origin: https://sarahah.top
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DAFF 105 KB
38 KB 744ms
707ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4576544419463247&output=html&h=280&slotname=6148065413&adk=3972370446&adf=908040361&pi=t.ma~as.6148065413&w=336&lmt=1643226772&psa=0&format=336x280&url=https%3A%2F%2Fsarahah.top%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1643226772440&bpp=1&bdt=466&idt=353&shv=r20220120&mjsv=m202201240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5666406265491&rume=1&frm=20&pv=1&ga_vid=889557098.1643226773&ga_sid=1643226773&ga_hid=1449796486&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=244&ady=191&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31064528%2C31063221%2C31061691%2C31063247%2C31061692&oid=2&pvsid=1481421488732247&pem=747&tmod=1963359278&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Vcg8JrkDcm&p=https%3A//sarahah.top&dtd=361

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

80a25c83caba2881776f0e504c5f07ba3fdb9bc5b20a0ceaeeefefa759b27d35

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17429529086823290011/300x250/banner/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17429529086823290011/300x250/banner/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLys1-CY0PUCFUsSswAdefoDdQ&gqi=lKbxYZPONOWrtgeN6q7gAw&layout=/sadbundle/%24csp%253Der3%24/17429529086823290011/300x250/banner/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17429529086823290011/300x250/banner/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17429529086823290011/300x250/banner/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLys1-CY0PUCFUsSswAdefoDdQ&gqi=lKbxYZPONOWrtgeN6q7gAw&layout=/sadbundle/%24csp%253Der3%24/17429529086823290011/300x250/banner/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 26 Jan 2022 19:52:53 GMT
server: cafe
content-length: 39211
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 26 Jan 2022 19:52:53 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5DAE 94 KB
31 KB 791ms
758ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4576544419463247&output=html&h=280&slotname=3361603013&adk=361493202&adf=1625653500&pi=t.ma~as.3361603013&w=1200&fwrn=4&fwrnh=100&lmt=1643226772&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fsarahah.top%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1643226772441&bpp=1&bdt=468&idt=363&shv=r20220120&mjsv=m202201240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C336x280&nras=1&correlator=5666406265491&rume=1&frm=20&pv=1&ga_vid=889557098.1643226773&ga_sid=1643226773&ga_hid=1449796486&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=747&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31064528%2C31063221%2C31061691%2C31063247%2C31061692&oid=2&pvsid=1481421488732247&pem=747&tmod=1963359278&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=VSS23r64gf&p=https%3A//sarahah.top&dtd=366

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2ba807c4cbd10d22c2eaee203a86e8cd61dd2c3951623521aa3ffa81d0834cbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 26 Jan 2022 19:52:53 GMT
server: cafe
content-length: 32190
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 26 Jan 2022 19:52:53 GMT
cache-control: private

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 210ms
86ms Image
image/gif 2a00:1450:400f:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-92277503-1&cid=889557098.1643226773&jid=71079405&_u=IEBAAEAAAAAAAC~&z=419663447

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400f:801::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 243ms
107ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-92277503-1&cid=889557098.1643226773&jid=71079405&_u=IEBAAEAAAAAAAC~&z=419663447

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201240101/ 150 KB
54 KB 74ms
74ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201240101/reactive_library_fy2019.js?bust=31064528

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

70da5a37f5792b76f020cb5cfa339f1923ce0e1639618e9de50fd258efbf2768

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54883
x-xss-protection: 0
server: cafe
etag: 16170951410043239554
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 26 Jan 2022 19:52:53 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 90ms
46ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=sarahah.top

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 26 Jan 2022 19:52:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 91ms
46ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=sarahah.top

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 26 Jan 2022 19:52:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/ Frame DBCA 11 KB
5 KB 36ms
36ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

425b48211e0ebe795b6ead9ec2f1bcd9e04e9930a7dd30e08cdb2fef0bcb834c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4885
x-xss-protection: 0
date: Wed, 26 Jan 2022 10:17:40 GMT
expires: Wed, 09 Feb 2022 10:17:40 GMT
cache-control: public, max-age=1209600
age: 34513
etag: 13671712056976469594
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/ Frame 12CB 11 KB
5 KB 37ms
36ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

425b48211e0ebe795b6ead9ec2f1bcd9e04e9930a7dd30e08cdb2fef0bcb834c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4885
x-xss-protection: 0
date: Wed, 26 Jan 2022 10:17:40 GMT
expires: Wed, 09 Feb 2022 10:17:40 GMT
cache-control: public, max-age=1209600
age: 34513
etag: 13671712056976469594
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 css2
fonts.googleapis.com/ Frame DBCA 4 KB
634 B 90ms
46ms Stylesheet
text/css 2a00:1450:400f:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400f:802::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 18:24:15 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 26 Jan 2022 19:52:53 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 26 Jan 2022 19:52:53 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame DBCA 205 B
744 B 127ms
42ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 10:37:09 GMT
x-content-type-options: nosniff
age: 206144
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 24 Jan 2023 10:37:09 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame DBCA 604 B
696 B 127ms
43ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 09:45:08 GMT
x-content-type-options: nosniff
age: 209265
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 24 Jan 2023 09:45:08 GMT

GET
H2 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220120/r20110914/elements/html/ Frame DBCA 18 KB
8 KB 175ms
83ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220120/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b277171297bfc840b62b9f160060bf8fc630389b0dee3aadcbb0e855ac7ecbc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:28:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1478
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8104
x-xss-protection: 0
server: cafe
etag: 11153116566150069083
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 09 Feb 2022 19:28:15 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0858 624 B
300 B 53ms
51ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6njwIQ8cnEggIYr5DuvAEwAQ&v=APEucNVbE9khRCnN8oWxPdRKnzh8FPIyg3fYP0EKwM4hhdVIlAnG6So3fNVGEqsdyhn5-mCHNTuSQFhPO8jUkoO7ky3uf4sTAsy0mKMxsluPrMYohunMc3E9AfsP5KkcjgZf090wAxT63ysDU3y6TZRpv2qD_27XH2Ba9PzFBPocfnbbeEtZixE

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 26 Jan 2022 19:52:53 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 26 Jan 2022 19:52:53 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C4DF 82 KB
32 KB 96ms
94ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-APxb75Wa3i0uX5VW57fIxRbWSdReavzNm1z_hkyfJFhcB1Bnu4tbrE67VWuUc5ur7zAHZ1yMyjEETnURGleHK-Bis_c65bkWYq4MB6eueo5-aMeiRhesXnsKF2ZLuhvqMikk1xv8HPkOiNPUDfyI5rTTnhyQ&dbm_d=AKAmf-DIyIuwCFw1iVGlTTwd8GRn6N27KMKsgOG1WoXEfjZihd6rYEcuqRit0BSvzU116c12sooUx-5bhpzV6A0YWliC1GePfJ1kxSgZ2GGCo0BO43xYhumpogVgZj_wVTfMt_krJnqSf-j6S0tpFTByxqreDTpaqDBWaWrVJvcmnCueoFYEt8-HKgfKA-jBakxcZLV2WF64pFONbK7us8ze2weTPFQ7T6YcfLJ4btui4YTrRprqfA4dsC08g8EFVgT1LsWvOTW8bs9TBv3-GTB1nyiqcPxLevjADq9I1CE3C9ZQLOeLQC1xmBohswnvguyy3MRE0FC0zK2oadk_PeOMi9l49zlJI7cg8KrFZ9GLyAz0BHJA9gKDUAUafQmgZDYn0iZ8RqEoBKBBxvsb8EsAdUuowIjJEmbXSsTkzKyKdqHm616UerBWA0a3BuD9aKbhNkJlq5GsZBtXXOhhgxyGhqZ4f_X1QDUpfW4cMjroTlmVOQkdS2GX1euwusJlMBwsykMD67R7lTjsjgW-nvtrWgUWullcWpD6wljUObS9Yj4AYHe6rKvor-uAx1lWt78fm9vw2Wf7ELp7wudXYbb9uHgp70xdJECthalardfBOYIRfj2qaj9yL3h4RqosxqXh6plA_EHumnvr42Jjw0UpRIEqnM8uYYhUoLOI3ZQ8Cv5cs6wUK63su8PLull64rTkEFKPVSq4jzw-ZvGD6FmjVqjldIS9At5hp3B98beCA1t-I6gPRsau_4HO4m98Hcg3zmPmtQc87SlO_Gc9GlM4RaTOjN0gIorizHPBjacyqOAa0E6XdRRNyQDC0JosvHIsVZm_TlMj2phs6h8kXqtleJtbxXvBWq5QBFhL3qqrZRFADp6rZQTQ6nS3rLs8V3yMZiWd8YPGeEK-Kvq3eatchFKIbjFRSt9DwvmZy4Jj3dAMJptr62tP_PsUm-gR0xGF-_B30ggdb9qrsyynxVUayixxJcPQYz06cfQOIqtIXek_Zao9mdI6liDpEij8dHOsMnhRw38qew33qBlKcbZHEb8BlELbRx6YmoArlENmWtlcE3gm2rxrw5M39muOe1YBEHqprdV_ur397vfikldKAibZBksKezU8U5WQIh-ZIX5hA7mtiTP5tx1QgsSQwnGhuE2wrNG3HQrv8BjdnNw-gjqahIQ9C6h6-8rLz2ukQpvQzVqsKzLf97zcuLqA94skpQW6xjrojJrT_QOEXm5s0qUJlgZ9e71qyN3M2WCqnXfRdb34FEY3MB7sQUYzhr2RHiP9CP1oEHcaYTHPUSgUiTlkZ0LQgND6on4eg1F_PpLgmJqccqCU4EI2QiE2UaRnKsYq79TAtsH9WdkV_u7rRjYEzn79ntQjz7Nt01ldVSWEnbzMSOkHnL0mhUIC0prrA-Zw40vXpag-J4Ewi6tZpFAywo_mo5TB9Y7JdVwhuIWN0BnJBJwchThUbdlN6GH7-5Vn4eQX_VKoAB3l2MWI5ei2F9fWPt_ObEVrHxG5Sv7LQP1SbzjjrXIm6jVSKx8L0srAZL4u81g_0cAe6OSPgh8a17gVuOWFlR9pwslCk17JAEdVcsT-_8T_p775VnSrqRDloipXqkc8iXR2XJiJ4gxlh2xR9YMasASHTy4jWBnvEG2Yi1tlqqZevsWUJWLdru6H4RdD4j9AwCXLWuqfoWn4luJmjigJEyDAYBnMuOoe0EOHgpgM8Xzvp4fWIu_2U2Ul9zZcHZwmEHAOkCsv5EGhA6T6DpqhKTIT1Ai7veRueKH2fIJirWxoKgWzvuQoeg-frKXsmqavrDkyHiuepDDTp4arguR3FVm1niSWA64dU8-RaqHYIBwcNGDowRHkxkVGvX6dQlvz9FUgyE7eLD74tOpypJUtuUQdE40If7Tl0NIlXDAyRwkwCpZ0qh0RdjW9hUL6c5tkD1UEjKeWhoe5sU_7WqLOF0FO_WTmw-LeQOw0dDbRAuqNwkxqtks5HJTd5zX2VbCNBo1li8rqQqrjXbjtHIGL2jE5gxGmJdbHV-kzHV40GRNSFrAMJX6F_4LnNpmyr-ONO7XuCF6OEZ49T4REWFCTCOPzaTCsghFZHxxryBg46OFH6xEThf7bNFH3hWjq1cVB5bz2AC3r8M3B7OgCWnHfOYvgUK_1FlSM9bS3Yo2mFiLMX5AVaxlNwKpqRi8IFhVKREttu4Kb4qG375LXtim-PJobmWNVl1vMBK0E6-oeUW8cxPjhlmA3Kd7LdXNmnWOp2M56SG_udUh_mYkLFVzvTUDzuV99abPcY-QxSk6aPyz0BbrUR8Hbi_aNkWG0j4aL4u-XY80lQ6KeSLEQp7YzD8-Ap8TLzLcVOG7hrsmy_C4BXKMySM5IT5TT-nno6y0LFMVQy27YiCpkccx9Sbja4aVGGqUzF162saBgyWMyXjb8M9qzkhKh9X1Z6DJtfMlJ_glMBrQVDKMJPaXKggnui6PM-eIb6Uypu-kIxZsFvfQQrIecn-wuHL3tJ0b6Y-DSFRLo4hJM5LWTz9WzsyJywgNYvs6m4PpyPcN_LsUNSU_K-Ql2Y2KFMucAOd1oncWiNwmhIqX6usk3tLULyCOUS8JFXDjcWLWdaM-brtDUgb-QjHeQCuDSxbVDCo7-0Hl-vQINLCQuOYSndZkK6D_0Zs6SPxeuorlDBlsWmfh5KK05SPGfokgkEnwJZfyJWPkg2vEjvzatOWPUQYyh14QX-YUyCh3i1BvSNRQJAjWPh604dag3OQHvJuixkjidZbRfMraBhQpq5Cm5ZU41YuVhlhp8Rn6T6wvuDqvfvGOzw8128wld_vygoRNx1apD-22OcaHCdR2AkUR3N2-_I3KhmDkWerK3X7QfHhKAMmrjQVwed1medFMDAU_4AUMF76fbDhMzaP2hwsY-aJhvXQ&cid=CAASBORoKrY&rfl=2%2Chttps%253A%252F%252Fsarahah.top%252F%240

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee237ad2ff80f189b54c6e7c472234edba8d526b54e54e593f2d2ac939e74fb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:53 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32843
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220120/r20110914/client/ Frame C4DF 2 KB
1 KB 162ms
85ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220120/r20110914/client/window_focus_fy2019.js

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:47:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 299
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 09 Feb 2022 19:47:54 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C4DF 122 KB
38 KB 180ms
92ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b3334ae35d100a66c0d08b4405e2e334f495cda27b564b38e7eabb08607fdee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38060
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1643027698847572"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 26 Jan 2022 19:52:53 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220120/r20110914/client/ Frame C4DF 15 KB
7 KB 117ms
40ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220120/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 09 Feb 2022 19:52:22 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C4DF 42 B
63 B 74ms
73ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B6bPv_c0Tx6ONQUyYRowU922UWildQ-1XMduXA02u3QiiCyrv9b4XL0gK6VdE2vSI06LkcyEX8nhSFTq_BYQmYTU9aD8srC2xoyT3EKmy22p8esLs

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17429529086823290011/300x250/banner/ Frame 8ED0 2 KB
2 KB 123ms
85ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17429529086823290011/300x250/banner/index.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4576544419463247&output=html&h=280&slotname=6148065413&adk=3972370446&adf=908040361&pi=t.ma~as.6148065413&w=336&lmt=1643226772&psa=0&format=336x280&url=https%3A%2F%2Fsarahah.top%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1643226772440&bpp=1&bdt=466&idt=353&shv=r20220120&mjsv=m202201240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5666406265491&rume=1&frm=20&pv=1&ga_vid=889557098.1643226773&ga_sid=1643226773&ga_hid=1449796486&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=244&ady=191&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31064528%2C31063221%2C31061691%2C31063247%2C31061692&oid=2&pvsid=1481421488732247&pem=747&tmod=1963359278&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Vcg8JrkDcm&p=https%3A//sarahah.top&dtd=361

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa3bc254b7808703f3796da9132def02be7930995a265c3b932e4ca268c39f90

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin: *
content-length: 870
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Tue, 25 Jan 2022 18:59:58 GMT
expires: Wed, 25 Jan 2023 18:59:58 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Sep 2021 16:04:42 GMT
content-type: text/html
age: 89575
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3

200

B25528973.299015724;dc_pre=CJ6UheGY0PUCFRrLuwgdlDcBCw;dc_trk_aid=492208371;dc_trk_cid=148134615;ord=2737846794;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= Show response
ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/ Frame DAFF
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B25528973.299015724;dc_trk_aid=492208371;dc_trk_cid=148134615;ord=2737846794;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfu...
https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B25528973.299015724;dc_pre=CJ6UheGY0PUCFRrLuwgdlDcBCw;dc_trk_aid=492208371;dc_trk_cid=148134615;ord=2737846794;dc_lat=;dc_rdid=;tag...

42 B
63 B

113ms
65ms

Fetch
image/gif

142.250.185.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B25528973.299015724;dc_pre=CJ6UheGY0PUCFRrLuwgdlDcBCw;dc_trk_aid=492208371;dc_trk_cid=148134615;ord=2737846794;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?

Requested by

Protocol

Server

142.250.185.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:53 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimp/N463808.3493422GOOGLE-GDN/B25528973.299015724;dc_pre=CJ6UheGY0PUCFRrLuwgdlDcBCw;dc_trk_aid=492208371;dc_trk_cid=148134615;ord=2737846794;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame DAFF 0
0 80ms
79ms Fetch
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C9NzolKbxYbySOMukzLUP-fSPqAeO4OTbZ_uFiOnoDtnZHhABIIDgoCZgleKQgqAHoAH0uL_FA8gBCagDAcgDSKoExgFP0GqGvi84xgbW_Hmx7oOFsDqv9kP0KGP3Lxg0mJD2jvpnq7CXZoXvlJ9NmOEnAjY8qDMY8EWhGOjPgUMOIzIQf-PeSh26l7eoyycT7MT4jx9D06LI9B2Id6rd5qlJr_Rfp6R4LCEMMrU1i5tPPRYBl8EHsakxoxh1iyol8FU_ZrWBgrTwv756tWzjVK7c4OH9F5LsHYc1pTXjXMrPqOy8Oj8tVlqgV0CyPqkdzesV_flZiMX3wt9OMrqobCdvcOotEZLGk-PABJnrp6KVApIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAfsoaimAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcEEM_QBtIICQiA4YAQEAEYH4AKAcgLAdgTDdAVAYAXAbIXHAoaCAASFHB1Yi00NTc2NTQ0NDE5NDYzMjQ3GAA&sigh=byW0JPHrWmk&uach_m=[UACH]&template_id=419

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4576544419463247&output=html&h=280&slotname=6148065413&adk=3972370446&adf=908040361&pi=t.ma~as.6148065413&w=336&lmt=1643226772&psa=0&format=336x280&url=https%3A%2F%2Fsarahah.top%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1643226772440&bpp=1&bdt=466&idt=353&shv=r20220120&mjsv=m202201240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5666406265491&rume=1&frm=20&pv=1&ga_vid=889557098.1643226773&ga_sid=1643226773&ga_hid=1449796486&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=244&ady=191&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31064528%2C31063221%2C31061691%2C31063247%2C31061692&oid=2&pvsid=1481421488732247&pem=747&tmod=1963359278&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Vcg8JrkDcm&p=https%3A//sarahah.top&dtd=361
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 26 Jan 2022 19:52:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 26 Jan 2022 19:52:53 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220120/r20110914/ Frame DAFF 19 KB
8 KB 78ms
44ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220120/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2039446f8956518da2c2d70116d18c92fac3b04110942de074748aa4041067fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:50:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 122
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7881
x-xss-protection: 0
server: cafe
etag: 7605774008668088057
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 09 Feb 2022 19:50:51 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220120/r20110914/client/ Frame DAFF 2 KB
1 KB 119ms
85ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220120/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:47:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 299
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 09 Feb 2022 19:47:54 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DAFF 122 KB
37 KB 185ms
141ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b3334ae35d100a66c0d08b4405e2e334f495cda27b564b38e7eabb08607fdee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38060
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1643027698847572"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 26 Jan 2022 19:52:53 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220120/r20110914/client/ Frame DAFF 15 KB
6 KB 83ms
49ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220120/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 09 Feb 2022 19:52:22 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0858
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGhRh0PkLy6FWbRRBVqkE_4&google_cver=1

43 B
1014 B

73ms
35ms

Image
image/gif

72.247.225.98
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGhRh0PkLy6FWbRRBVqkE_4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6njwIQ8cnEggIYr5DuvAEwAQ&v=APEucNVbE9khRCnN8oWxPdRKnzh8FPIyg3fYP0EKwM4hhdVIlAnG6So3fNVGEqsdyhn5-mCHNTuSQFhPO8jUkoO7ky3uf4sTAsy0mKMxsluPrMYohunMc3E9AfsP5KkcjgZf090wAxT63ysDU3y6TZRpv2qD_27XH2Ba9PzFBPocfnbbeEtZixE
Protocol: HTTP/1.1
Server: 72.247.225.98 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-247-225-98.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 26 Jan 2022 19:52:53 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 26 Jan 2022 19:52:53 GMT

Redirect headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:53 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGhRh0PkLy6FWbRRBVqkE_4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0858
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YfGmlfRtiVlLCTXewIIMqQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDZluRMfIaE8JFKb8ReLtA4&google_cver=1

43 B
894 B

33ms
33ms

Image
image/gif

72.247.225.98
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDZluRMfIaE8JFKb8ReLtA4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6njwIQ8cnEggIYr5DuvAEwAQ&v=APEucNVbE9khRCnN8oWxPdRKnzh8FPIyg3fYP0EKwM4hhdVIlAnG6So3fNVGEqsdyhn5-mCHNTuSQFhPO8jUkoO7ky3uf4sTAsy0mKMxsluPrMYohunMc3E9AfsP5KkcjgZf090wAxT63ysDU3y6TZRpv2qD_27XH2Ba9PzFBPocfnbbeEtZixE
Protocol: HTTP/1.1
Server: 72.247.225.98 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-247-225-98.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 26 Jan 2022 19:52:53 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 26 Jan 2022 19:52:53 GMT

Redirect headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:53 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDZluRMfIaE8JFKb8ReLtA4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 0858
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEPHFlVkHMlTJ1BrFDQmZIuI&google_cver=1

43 B
1008 B

74ms
73ms

Image
image/gif

185.33.221.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEPHFlVkHMlTJ1BrFDQmZIuI&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6njwIQ8cnEggIYr5DuvAEwAQ&v=APEucNVbE9khRCnN8oWxPdRKnzh8FPIyg3fYP0EKwM4hhdVIlAnG6So3fNVGEqsdyhn5-mCHNTuSQFhPO8jUkoO7ky3uf4sTAsy0mKMxsluPrMYohunMc3E9AfsP5KkcjgZf090wAxT63ysDU3y6TZRpv2qD_27XH2Ba9PzFBPocfnbbeEtZixE

Protocol

HTTP/1.1

Server

185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 26 Jan 2022 19:52:53 GMT
X-Proxy-Origin: 185.213.155.165; 185.213.155.165; 725.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 04408aa7-d374-4849-ae2b-1274ff920ebd
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:53 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEPHFlVkHMlTJ1BrFDQmZIuI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 0858
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDgwNTE5MjczOTk2ODQ3OTI4OQ%3D%3D

170 B
243 B

60ms
52ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDgwNTE5MjczOTk2ODQ3OTI4OQ%3D%3D

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 26 Jan 2022 19:52:53 GMT
X-Proxy-Origin: 185.213.155.165; 185.213.155.165; 725.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: d7d74785-2570-44be-aa41-1b1b282eeb82
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDgwNTE5MjczOTk2ODQ3OTI4OQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 5DAE 8 KB
888 B 51ms
50ms Stylesheet
text/css 2a00:1450:400f:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4576544419463247&output=html&h=280&slotname=3361603013&adk=361493202&adf=1625653500&pi=t.ma~as.3361603013&w=1200&fwrn=4&fwrnh=100&lmt=1643226772&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fsarahah.top%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1643226772441&bpp=1&bdt=468&idt=363&shv=r20220120&mjsv=m202201240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C336x280&nras=1&correlator=5666406265491&rume=1&frm=20&pv=1&ga_vid=889557098.1643226773&ga_sid=1643226773&ga_hid=1449796486&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=747&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31064528%2C31063221%2C31061691%2C31063247%2C31061692&oid=2&pvsid=1481421488732247&pem=747&tmod=1963359278&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=VSS23r64gf&p=https%3A//sarahah.top&dtd=366

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400f:802::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f93d0298dd39f7dff18566a5b2754067e26c0182b469fd6b24e5d63429fef88b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 18:20:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 26 Jan 2022 19:52:53 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 26 Jan 2022 19:52:53 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 7D1A 8 KB
888 B 47ms
46ms Stylesheet
text/css 2a00:1450:400f:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400f:802::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f93d0298dd39f7dff18566a5b2754067e26c0182b469fd6b24e5d63429fef88b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 18:25:12 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 26 Jan 2022 19:52:53 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 26 Jan 2022 19:52:53 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220120/r20110914/client/ Frame 7D1A 1 KB
955 B 69ms
67ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220120/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:48:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 269
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 848
x-xss-protection: 0
server: cafe
etag: 2277666839114365613
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 09 Feb 2022 19:48:24 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220120/r20110914/ Frame 7D1A 19 KB
8 KB 68ms
66ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220120/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2039446f8956518da2c2d70116d18c92fac3b04110942de074748aa4041067fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:50:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 122
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7881
x-xss-protection: 0
server: cafe
etag: 7605774008668088057
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 09 Feb 2022 19:50:51 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220120/r20110914/client/ Frame 7D1A 2 KB
1 KB 91ms
89ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220120/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:47:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 299
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 09 Feb 2022 19:47:54 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7D1A 122 KB
37 KB 155ms
154ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b3334ae35d100a66c0d08b4405e2e334f495cda27b564b38e7eabb08607fdee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38060
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1643027698847572"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 26 Jan 2022 19:52:53 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220120/r20110914/client/ Frame 7D1A 15 KB
6 KB 74ms
73ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220120/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 09 Feb 2022 19:52:22 GMT

GET
H2 200 fccbdb50d0e11463e1edb3d8fcf7c364.js Show response
www.gstatic.com/mysidia/ Frame 7D1A 27 KB
12 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fccbdb50d0e11463e1edb3d8fcf7c364.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f1b3a51250ea5d2b293615f08241269ed8277b95654cddafbc0f5df8d61e6cc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 19:13:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 520741
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11411
x-xss-protection: 0
last-modified: Thu, 20 Jan 2022 13:53:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 20 Apr 2022 19:13:52 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220120/r20110914/client/ Frame 5DAE 1 KB
909 B 96ms
95ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220120/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:48:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 269
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 848
x-xss-protection: 0
server: cafe
etag: 2277666839114365613
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 09 Feb 2022 19:48:24 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220120/r20110914/ Frame 5DAE 19 KB
8 KB 73ms
73ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220120/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2039446f8956518da2c2d70116d18c92fac3b04110942de074748aa4041067fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:50:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 122
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7881
x-xss-protection: 0
server: cafe
etag: 7605774008668088057
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 09 Feb 2022 19:50:51 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220120/r20110914/client/ Frame 5DAE 2 KB
1 KB 96ms
95ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220120/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:47:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 299
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 09 Feb 2022 19:47:54 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5DAE 122 KB
37 KB 139ms
138ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b3334ae35d100a66c0d08b4405e2e334f495cda27b564b38e7eabb08607fdee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38060
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1643027698847572"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 26 Jan 2022 19:52:53 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220120/r20110914/client/ Frame 5DAE 15 KB
6 KB 80ms
79ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220120/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 09 Feb 2022 19:52:22 GMT

GET
H2 200 fccbdb50d0e11463e1edb3d8fcf7c364.js Show response
www.gstatic.com/mysidia/ Frame 5DAE 27 KB
11 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fccbdb50d0e11463e1edb3d8fcf7c364.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f1b3a51250ea5d2b293615f08241269ed8277b95654cddafbc0f5df8d61e6cc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 19:13:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 520741
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11411
x-xss-protection: 0
last-modified: Thu, 20 Jan 2022 13:53:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 20 Apr 2022 19:13:52 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 5DAE 0
0 81ms
80ms Fetch
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C4ovolKbxYdqiOODej-8P_tGdwAmLhp73Z5PQkO_HD9_W8bKVDhABIIDgoCZgleKQgqAHoAGZ4YriA8gBCakChXN7ugvvsj6oAwHIA8sEqgS_AU_QicSzMYMHqs2iUkXS9xgfeeu8RMZC5I8YpfbQliN6-oPbY3LxXmoCA1GD1JP0AJH28adqhXE9FwpQ5wGXY2wVJktgNjgKLE87zD4alN4v_W6E-ZqoWFrMX8HJXLAcNjMvCVg0UlpGEdDO8vWj_zKD6xvQqQFSOtyYLVLhUVVkcle6-z-cL_bZ52lDwpXno4yNCxUkBz5_FOjUd2Mfm20o1LTDddo4b0vDpQ08NKR5yLywHHjkZ_50BJ2rHnTUwASf9Z349wOSBQQIBBgBkgUECAUYBKAGLoAHp6zuLagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcEELnIBdIICQiA4YAQEAEYH4AKAcgLAbgTiCfYEwzQFQGYFgGAFwGyFxwKGggAEhRwdWItNDU3NjU0NDQxOTQ2MzI0NxgA&sigh=8aX23z0xyQk&uach_m=[UACH]&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4576544419463247&output=html&h=280&slotname=3361603013&adk=361493202&adf=1625653500&pi=t.ma~as.3361603013&w=1200&fwrn=4&fwrnh=100&lmt=1643226772&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fsarahah.top%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1643226772441&bpp=1&bdt=468&idt=363&shv=r20220120&mjsv=m202201240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C336x280&nras=1&correlator=5666406265491&rume=1&frm=20&pv=1&ga_vid=889557098.1643226773&ga_sid=1643226773&ga_hid=1449796486&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=747&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31064528%2C31063221%2C31061691%2C31063247%2C31061692&oid=2&pvsid=1481421488732247&pem=747&tmod=1963359278&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=VSS23r64gf&p=https%3A//sarahah.top&dtd=366
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 26 Jan 2022 19:52:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/895631/58886990/ Frame C4DF 231 KB
70 KB 370ms
99ms Script
application/javascript 35.170.223.143
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/895631/58886990/skeleton.js?ias_dspID=3&ias_campId=25570486&ias_pubId=pub-4576544419463247&ias_chanId=1&ias_placementId=15522394772&bidurl=https://sarahah.top/&ias_dealId=
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.170.223.143 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-170-223-143.compute-1.amazonaws.com
Software: /
Resource Hash: a82b39c9dd7dc89dcd063d3ded367786bbdecf163300299725bcb3bd1b10f05b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:53 GMT
content-encoding: gzip
x-f1: 1
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame C4DF 106 KB
38 KB 196ms
40ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 14:57:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17719
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Jan 2022 14:57:34 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220120/r20110914/elements/html/ Frame C4DF 8 KB
3 KB 45ms
45ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220120/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-APxb75Wa3i0uX5VW57fIxRbWSdReavzNm1z_hkyfJFhcB1Bnu4tbrE67VWuUc5ur7zAHZ1yMyjEETnURGleHK-Bis_c65bkWYq4MB6eueo5-aMeiRhesXnsKF2ZLuhvqMikk1xv8HPkOiNPUDfyI5rTTnhyQ&dbm_d=AKAmf-DIyIuwCFw1iVGlTTwd8GRn6N27KMKsgOG1WoXEfjZihd6rYEcuqRit0BSvzU116c12sooUx-5bhpzV6A0YWliC1GePfJ1kxSgZ2GGCo0BO43xYhumpogVgZj_wVTfMt_krJnqSf-j6S0tpFTByxqreDTpaqDBWaWrVJvcmnCueoFYEt8-HKgfKA-jBakxcZLV2WF64pFONbK7us8ze2weTPFQ7T6YcfLJ4btui4YTrRprqfA4dsC08g8EFVgT1LsWvOTW8bs9TBv3-GTB1nyiqcPxLevjADq9I1CE3C9ZQLOeLQC1xmBohswnvguyy3MRE0FC0zK2oadk_PeOMi9l49zlJI7cg8KrFZ9GLyAz0BHJA9gKDUAUafQmgZDYn0iZ8RqEoBKBBxvsb8EsAdUuowIjJEmbXSsTkzKyKdqHm616UerBWA0a3BuD9aKbhNkJlq5GsZBtXXOhhgxyGhqZ4f_X1QDUpfW4cMjroTlmVOQkdS2GX1euwusJlMBwsykMD67R7lTjsjgW-nvtrWgUWullcWpD6wljUObS9Yj4AYHe6rKvor-uAx1lWt78fm9vw2Wf7ELp7wudXYbb9uHgp70xdJECthalardfBOYIRfj2qaj9yL3h4RqosxqXh6plA_EHumnvr42Jjw0UpRIEqnM8uYYhUoLOI3ZQ8Cv5cs6wUK63su8PLull64rTkEFKPVSq4jzw-ZvGD6FmjVqjldIS9At5hp3B98beCA1t-I6gPRsau_4HO4m98Hcg3zmPmtQc87SlO_Gc9GlM4RaTOjN0gIorizHPBjacyqOAa0E6XdRRNyQDC0JosvHIsVZm_TlMj2phs6h8kXqtleJtbxXvBWq5QBFhL3qqrZRFADp6rZQTQ6nS3rLs8V3yMZiWd8YPGeEK-Kvq3eatchFKIbjFRSt9DwvmZy4Jj3dAMJptr62tP_PsUm-gR0xGF-_B30ggdb9qrsyynxVUayixxJcPQYz06cfQOIqtIXek_Zao9mdI6liDpEij8dHOsMnhRw38qew33qBlKcbZHEb8BlELbRx6YmoArlENmWtlcE3gm2rxrw5M39muOe1YBEHqprdV_ur397vfikldKAibZBksKezU8U5WQIh-ZIX5hA7mtiTP5tx1QgsSQwnGhuE2wrNG3HQrv8BjdnNw-gjqahIQ9C6h6-8rLz2ukQpvQzVqsKzLf97zcuLqA94skpQW6xjrojJrT_QOEXm5s0qUJlgZ9e71qyN3M2WCqnXfRdb34FEY3MB7sQUYzhr2RHiP9CP1oEHcaYTHPUSgUiTlkZ0LQgND6on4eg1F_PpLgmJqccqCU4EI2QiE2UaRnKsYq79TAtsH9WdkV_u7rRjYEzn79ntQjz7Nt01ldVSWEnbzMSOkHnL0mhUIC0prrA-Zw40vXpag-J4Ewi6tZpFAywo_mo5TB9Y7JdVwhuIWN0BnJBJwchThUbdlN6GH7-5Vn4eQX_VKoAB3l2MWI5ei2F9fWPt_ObEVrHxG5Sv7LQP1SbzjjrXIm6jVSKx8L0srAZL4u81g_0cAe6OSPgh8a17gVuOWFlR9pwslCk17JAEdVcsT-_8T_p775VnSrqRDloipXqkc8iXR2XJiJ4gxlh2xR9YMasASHTy4jWBnvEG2Yi1tlqqZevsWUJWLdru6H4RdD4j9AwCXLWuqfoWn4luJmjigJEyDAYBnMuOoe0EOHgpgM8Xzvp4fWIu_2U2Ul9zZcHZwmEHAOkCsv5EGhA6T6DpqhKTIT1Ai7veRueKH2fIJirWxoKgWzvuQoeg-frKXsmqavrDkyHiuepDDTp4arguR3FVm1niSWA64dU8-RaqHYIBwcNGDowRHkxkVGvX6dQlvz9FUgyE7eLD74tOpypJUtuUQdE40If7Tl0NIlXDAyRwkwCpZ0qh0RdjW9hUL6c5tkD1UEjKeWhoe5sU_7WqLOF0FO_WTmw-LeQOw0dDbRAuqNwkxqtks5HJTd5zX2VbCNBo1li8rqQqrjXbjtHIGL2jE5gxGmJdbHV-kzHV40GRNSFrAMJX6F_4LnNpmyr-ONO7XuCF6OEZ49T4REWFCTCOPzaTCsghFZHxxryBg46OFH6xEThf7bNFH3hWjq1cVB5bz2AC3r8M3B7OgCWnHfOYvgUK_1FlSM9bS3Yo2mFiLMX5AVaxlNwKpqRi8IFhVKREttu4Kb4qG375LXtim-PJobmWNVl1vMBK0E6-oeUW8cxPjhlmA3Kd7LdXNmnWOp2M56SG_udUh_mYkLFVzvTUDzuV99abPcY-QxSk6aPyz0BbrUR8Hbi_aNkWG0j4aL4u-XY80lQ6KeSLEQp7YzD8-Ap8TLzLcVOG7hrsmy_C4BXKMySM5IT5TT-nno6y0LFMVQy27YiCpkccx9Sbja4aVGGqUzF162saBgyWMyXjb8M9qzkhKh9X1Z6DJtfMlJ_glMBrQVDKMJPaXKggnui6PM-eIb6Uypu-kIxZsFvfQQrIecn-wuHL3tJ0b6Y-DSFRLo4hJM5LWTz9WzsyJywgNYvs6m4PpyPcN_LsUNSU_K-Ql2Y2KFMucAOd1oncWiNwmhIqX6usk3tLULyCOUS8JFXDjcWLWdaM-brtDUgb-QjHeQCuDSxbVDCo7-0Hl-vQINLCQuOYSndZkK6D_0Zs6SPxeuorlDBlsWmfh5KK05SPGfokgkEnwJZfyJWPkg2vEjvzatOWPUQYyh14QX-YUyCh3i1BvSNRQJAjWPh604dag3OQHvJuixkjidZbRfMraBhQpq5Cm5ZU41YuVhlhp8Rn6T6wvuDqvfvGOzw8128wld_vygoRNx1apD-22OcaHCdR2AkUR3N2-_I3KhmDkWerK3X7QfHhKAMmrjQVwed1medFMDAU_4AUMF76fbDhMzaP2hwsY-aJhvXQ&cid=CAASBORoKrY&rfl=2%2Chttps%253A%252F%252Fsarahah.top%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:51:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 09 Feb 2022 19:51:38 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220120/r20110914/ Frame C4DF 24 KB
9 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220120/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7c55617f84818daf4c70cc10ada26ddd5b582b1d1c2c2829b3220487a6db477

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:49:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 188
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9544
x-xss-protection: 0
server: cafe
etag: 6261108306223674270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 09 Feb 2022 19:49:45 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/3631261721830941678/ Frame 5DAE 16 KB
16 KB 89ms
41ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3631261721830941678/downsize_200k_v1?w=600&h=314

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25eb1b973124270f9dbf890d5ef26961cf93ab74ef0ccae72fea04d8b9165f85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 14:58:39 GMT
x-content-type-options: nosniff
age: 190454
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16277
x-xss-protection: 0
last-modified: Thu, 20 Jan 2022 17:04:35 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 24 Jan 2023 14:58:39 GMT

GET
DATA 200
OK truncated
/ Frame 5DAE 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 5DAE 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 9AEE 143 B
163 B 37ms
36ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4576544419463247&output=html&h=280&slotname=6148065413&adk=3972370446&adf=908040361&pi=t.ma~as.6148065413&w=336&lmt=1643226772&psa=0&format=336x280&url=https%3A%2F%2Fsarahah.top%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1643226772440&bpp=1&bdt=466&idt=353&shv=r20220120&mjsv=m202201240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5666406265491&rume=1&frm=20&pv=1&ga_vid=889557098.1643226773&ga_sid=1643226773&ga_hid=1449796486&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=244&ady=191&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31064528%2C31063221%2C31061691%2C31063247%2C31061692&oid=2&pvsid=1481421488732247&pem=747&tmod=1963359278&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Vcg8JrkDcm&p=https%3A//sarahah.top&dtd=361

Response headers

x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 145
x-xss-protection: 0
date: Wed, 26 Jan 2022 19:03:01 GMT
cache-control: public, max-age=3600
content-type: text/html; charset=UTF-8
age: 2992
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C4DF 41 KB
15 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 01:16:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 153406
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Jan 2023 01:16:07 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4014 143 B
163 B 37ms
36ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1

Response headers

x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 145
x-xss-protection: 0
date: Wed, 26 Jan 2022 19:03:01 GMT
cache-control: public, max-age=3600
content-type: text/html; charset=UTF-8
age: 2992
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 8ED0 9 KB
3 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17429529086823290011/300x250/banner/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 09:36:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 36999
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 27 Jan 2022 09:36:14 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 8ED0 26 KB
10 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17429529086823290011/300x250/banner/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 16:13:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13154
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 27 Jan 2022 16:13:39 GMT

GET
H3 200 lottie_light.min.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17429529086823290011/300x250/banner/ Frame 8ED0 140 KB
39 KB 55ms
55ms Script
application/x-javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17429529086823290011/300x250/banner/lottie_light.min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17429529086823290011/300x250/banner/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

975493b36ff51cc1a52bb40cb7249b2b742b04be006435d698c2651562f1e513

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 70440
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40229
x-xss-protection: 0
last-modified: Thu, 30 Sep 2021 16:04:42 GMT
server: sffe
date: Wed, 26 Jan 2022 00:18:53 GMT
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 26 Jan 2023 00:18:53 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 9AEE
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

87ms
87ms

Document
text/html

2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 26 Jan 2022 19:52:53 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 26 Jan 2022 19:52:53 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 26 Jan 2022 19:52:53 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame C4DF 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c2bcb0c97cc0ed54b3ba4aca97581d1ebb69a29581a3160a906900ee4fc3f863

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 998D 22 KB
8 KB 39ms
39ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 24 Jan 2022 14:57:35 GMT
expires: Tue, 24 Jan 2023 14:57:35 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 190518
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame DAFF 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f3f35e9ef40538633e4155707cf8d0b2401e89166168fd2a05ac38d5ca1388cd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 5DAE 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2acb060198c95266ccb26abe3bd2ce4035c318646cfd196478d290548f4c3616

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 data.json Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17429529086823290011/300x250/banner/ Frame 8ED0 396 KB
50 KB 85ms
39ms XHR
application/json 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17429529086823290011/300x250/banner/data.json

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17429529086823290011/300x250/banner/lottie_light.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

894db9d76cbb6011720c2745ccc7ab3d601080ae8d37431593ff0348c7959cca

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 592661
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50849
x-xss-protection: 0
last-modified: Thu, 30 Sep 2021 16:04:42 GMT
server: sffe
date: Wed, 19 Jan 2022 23:15:12 GMT
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 19 Jan 2023 23:15:12 GMT

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v41/ Frame 5DAE 28 KB
28 KB 78ms
35ms Font
font/woff2 2a00:1450:400f:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v41/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400f:80b::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05e2888e835d97fe6e4cfb256f62f47d5dccf6d9ac202ea9d82a6bc2b1716c1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 21 Jan 2022 14:32:06 GMT
x-content-type-options: nosniff
age: 451247
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28196
x-xss-protection: 0
last-modified: Tue, 18 Jan 2022 17:53:50 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 21 Jan 2023 14:32:06 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4014
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

132ms
132ms

Document
text/html

2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 26 Jan 2022 19:52:54 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 26 Jan 2022 19:52:54 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 26 Jan 2022 19:52:53 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 7D1A 59 KB
23 KB 131ms
40ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

73ed57fba43ed89fa450a1ae368c27908a43950ebc106287632a3dc9c1184da2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:19:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2015
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23019
x-xss-protection: 0
server: cafe
etag: 16015489130178292579
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Wed, 26 Jan 2022 20:19:18 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17769650012815866319/728x90/ Frame C774 15 KB
4 KB 88ms
40ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

684cec096ff4aa891da7d07062209c407d6ca5d54b8fd84e50b4d5f94855a3d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 4515
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Mon, 24 Jan 2022 10:01:33 GMT
expires: Tue, 24 Jan 2023 10:01:33 GMT
cache-control: public, max-age=31536000
age: 208280
last-modified: Thu, 02 Dec 2021 21:16:18 GMT
content-type: text/html
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame C4DF 0
571 B 215ms
113ms Ping
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuD7e2d8L__KTKLwehDVk62BDX2mV6cvaARktAS01Q98gZrmbH0JI3CBhXAm94oS7uyD7H4MXnrP0SQTJbXCxaj-Qbm9Dp-5VEmkNmDdmTudlC9apLmq1XRXUcrH_TRVLoh4WMQdanYCOesXxvl73MrBVLCuiTF-GEF6jn9kTca5xDd1rXFiuiqJ_sqrVtMV-P0LgfYdjuvJisD6eB7I_TVCLWXgEDQP3TfwR6EDdJAkJ5lRdIBTN-XwQDNqurzgeEj7TEExbEWgTqGorhhnORPRlj5hBUkESyk54KwZtXK8SgdP9VmgmafU3inXWXBFd93Z0RqgcuVacntmiTeQ0IJmAaMatCXnUzjT6cKNZSN6cWxXyp1eaJrMEaH9btKqVCznln6LX1GHdh2qR5nQWPOJHHEiMAjGOc15QtJoGGj7p1nGUnXxiznXHF3RB75-FWJriHr6D4xV2LfmrTODEsTozhFd9i1O40GI34-DhsQuScrsfN07ew1ZgUwwuAH6P1nt10oj3TPEbXd2mqCFQpaRR3gfsS7DjnWgJ1-fGAM5FjppurSJ7ry3QD67c5yJ0_Q_Utu2bFHwebFnbNeBbb-C4_YgeZ-f37xtJBRsZjTKUyKoNryNTDw-2kwQFAwBWYpcwuPhH8rOl6JL3DlaYbe0DUf570goWraZIrh6W9HFFi7-oVpFmNzcGIINi_c9UOmiF1bKH-yTkPs8kCDJotBy9wo9v1P68LYmIv1sZy8CzH8NzpJFFTg66h6_ZeqsjDJLxCaPfQvJBaUlyv2Ghhz6ICr_i5vRrFB5Nx7nao7ExcSB6MCSIEjwIAdrZe88dyAkAvLMpmeRTy6IBjwmI_oSKKcNer4j14KAVk1apNC6aIVU5_MCzsneh3-1RnTtrmuLFKfRt80b73RAkcvt4BuQeB2WUyNTQNKIgdDYMfAnYLEDTngEBQD_bNaXSyM5j-e20zIZzaLCOxxLbD5q60PiFMOgrNZLAY5dhms1oPUX3Y92vZzCP12ZktDxjPVmj9LpHdE8NmDvOZwMsWy0g1FXyPaAeyVr-MxpFqs4u_ljchctLU8q6UPUqBDbHj2U632JOYNZOnVYc4vGspDem3XGTXixvDQKW0Ny4j0JPrQcFxg&sai=AMfl-YR0W5IjxOopMiKPOQzKYRQ_JMyGU9B6StXvdv3mQ-SmAvPzdHbDw6FBuvG0dF3hmaIP026UPLtmmd4R6pkex6nhvgTXNMcE_XQdWIyFrg7jvCHHNGKmLcG48mErRJVipvI7&sig=Cg0ArKJSzBYlDwwFfuwaEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=265&cbvp=1&cstd=262&cisv=r20220120.45727&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Wed, 26 Jan 2022 19:52:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 rum.js Show response
tpc.googlesyndication.com/pagead/js/r20220120/r20110914/ Frame 8ED0 59 KB
23 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220120/r20110914/rum.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

73ed57fba43ed89fa450a1ae368c27908a43950ebc106287632a3dc9c1184da2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 18:59:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3183
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23019
x-xss-protection: 0
server: cafe
etag: 16015489130178292579
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 09 Feb 2022 18:59:50 GMT

GET
H3 200 RSjKnk5gG5e-YnqyaokaGBofRBYcmQ35b5mWA3AF7Xg.js Show response
pagead2.googlesyndication.com/bg/ Frame 8ED0 35 KB
13 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/RSjKnk5gG5e-YnqyaokaGBofRBYcmQ35b5mWA3AF7Xg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4528ca9e4e601b97be627ab26a891a181a1f44161c990df96f9996037005ed78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 07:55:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43039
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13497
x-xss-protection: 0
last-modified: Wed, 12 Jan 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 26 Jan 2023 07:55:34 GMT

GET
H3 200 RSjKnk5gG5e-YnqyaokaGBofRBYcmQ35b5mWA3AF7Xg.js Show response
pagead2.googlesyndication.com/bg/ Frame 998D 35 KB
13 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/RSjKnk5gG5e-YnqyaokaGBofRBYcmQ35b5mWA3AF7Xg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4528ca9e4e601b97be627ab26a891a181a1f44161c990df96f9996037005ed78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 07:55:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43039
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13497
x-xss-protection: 0
last-modified: Wed, 12 Jan 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 26 Jan 2023 07:55:34 GMT

GET
H2 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame DAFF 59 KB
23 KB 105ms
78ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

73ed57fba43ed89fa450a1ae368c27908a43950ebc106287632a3dc9c1184da2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:19:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2015
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23019
x-xss-protection: 0
server: cafe
etag: 16015489130178292579
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Wed, 26 Jan 2022 20:19:18 GMT

GET
H3 200 RSjKnk5gG5e-YnqyaokaGBofRBYcmQ35b5mWA3AF7Xg.js Show response
pagead2.googlesyndication.com/bg/ Frame 53FF 35 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/RSjKnk5gG5e-YnqyaokaGBofRBYcmQ35b5mWA3AF7Xg.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4528ca9e4e601b97be627ab26a891a181a1f44161c990df96f9996037005ed78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 07:55:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43040
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13497
x-xss-protection: 0
last-modified: Wed, 12 Jan 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 26 Jan 2023 07:55:34 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 5DAE 59 KB
23 KB 89ms
39ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

73ed57fba43ed89fa450a1ae368c27908a43950ebc106287632a3dc9c1184da2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:19:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2016
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23019
x-xss-protection: 0
server: cafe
etag: 16015489130178292579
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Wed, 26 Jan 2022 20:19:18 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 8ED0 0
327 B 84ms
33ms Ping
image/gif 2a00:1450:4009:816::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~kyvysljc&ctx=3&gqid=lKbxYZPONOWrtgeN6q7gAw&qqid=CLys1-CY0PUCFUsSswAdefoDdQ&met.7=CB8QCBgBMH44vgJQAVgmYAFoJnB8eJIJgAHmBogBpw6wAQG4AQM~CBwQChgBILQBKLQBMN0BOChotQFw3AF48xuAAccZiAGPRLABAbgBAw~CBwQChgBILQBKLQBMOwBODhotQFw3AF4ulOAAY5RiAGZ0AGwAQG4AQM~CB8QChgBILQBKLQBMIoCOFZotQFw7AF40bwCgAGlugKIAa7iCLABAbgBAw~CBgQChgBINwCKNwCMIsDOC9o3AJwhAN4l7YBgAHrswGIAavbA7ABAbgBAw~CCcQChgBIN4CKN4CMIkDOCs~CB8QDRgBIKYCKKYCMKMDOH1QpwJY0wJgpwJo1AJw-wJ4zY8DgAGhjQOIAfnhGLABAbgBAw
Requested by: Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20220120/r20110914/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4009:816::2003 London, United Kingdom, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 anim.min.js Show response
s0.2mdn.net/sadbundle/17769650012815866319/728x90/ Frame C774 8 KB
3 KB 41ms
40ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/anim.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

77e773643d244128c52ab5535c162c467b2378bef47a784567d2de56fdd4a9e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 10:01:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 208281
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3367
x-xss-protection: 0
last-modified: Thu, 02 Dec 2021 21:16:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 24 Jan 2023 10:01:33 GMT

GET
H3 200 polyfill.js Show response
s0.2mdn.net/sadbundle/17769650012815866319/728x90/ Frame C774 6 KB
2 KB 41ms
40ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/polyfill.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

59634d2853fa1300f9d99b9d1550fcfd09366ba7ae58776b291af9e67dedaa7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 10:01:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 208281
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1955
x-xss-protection: 0
last-modified: Thu, 02 Dec 2021 21:16:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 24 Jan 2023 10:01:33 GMT

GET
H3 200 img1.jpg
s0.2mdn.net/sadbundle/17769650012815866319/728x90/ Frame C774 27 KB
27 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/img1.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

37c2505ded578946ed98df4bf46f17d8a9b2d132a190932484c225b425cb577d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 10:01:33 GMT
x-content-type-options: nosniff
age: 208281
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27647
x-xss-protection: 0
last-modified: Thu, 02 Dec 2021 21:16:18 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 24 Jan 2023 10:01:33 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 7D1A 0
17 B 59ms
31ms Ping
image/gif 2a00:1450:4009:816::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~kyvyslof&chm=1&ctx=2&gqid=lKbxYfjMNJittgehibfIBw&qqid=CKar1OCY0PUCFShbFQgdI9YBaQ&met.6=6.1_CgsYoQMgdSoECAcSAA
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4009:816::2003 London, United Kingdom, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 7D1A 0
17 B 59ms
32ms Ping
image/gif 2a00:1450:4009:816::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=2~kyvyslq4&chm=1&ctx=2&gqid=lKbxYfjMNJittgehibfIBw&qqid=CKar1OCY0PUCFShbFQgdI9YBaQ&met.4=fb.7~lb.6c~ol.7a~bdt.-19l~bpp.-wn~idt.-nh~dtd.-n1~dt.-wq&met.3=492.b_1~518.74~555.76~556.76_2~749.79_1~734.92~734.fu~113.gh_3~112.gg_4~246.i5_1&met.1=1.kyvysl7z~14.4~15.0~16.4~17.4~18.4~19.4~20.4~21.4&met.7=CBIQBxgBIAkoCTA4ODBoCXA4eIgJgAHcBogBuUKqARUKE0dvb2dsZSBTYW5zOjQwMCw1MDCwAQG4AQM~CBwQChgBIAsoCzBROEZoDHBRePwIgAHQBogB0wuwAQG4AQM~CAkQChgBIAwoDDBYOExoDnBRePU_gAHJPYgB8ZUBsAEBuAED~CB4QChgBIA0oDTByOGVoD3BoeOELgAG1CYgB4RGwAQG4AQM~CCoQChgBIA0oDTDSATjFAQ~CBwQChgBIA0oDTBcOE9oD3BYePU0gAHJMogBsXWwAQG4AQM~CBsQChgBIA0oDTBCODU~CCgQBRgBIIMBKIMBMKwBOClohwFwqwF4vQOAAZEBiAGPAbABAbgBAw~CCgQChgBIJgCKJgCMMEDOKkBQJgCSJwCUJwCWPMCYMMCaPMCcJsDeJe2AYAB67MBiAGr2wOwAQG4AQM
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4009:816::2003 London, United Kingdom, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame DAFF 0
17 B 50ms
32ms Ping
image/gif 2a00:1450:4009:816::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~kyvyslpw&chm=1&ctx=2&gqid=lKbxYZPONOWrtgeN6q7gAw&qqid=CLys1-CY0PUCFUsSswAdefoDdQ&met.4=fb.l1~lb.sg~ol.w1~bdt.-n0~bpp.-a1~idt.-9~dtd.-1~dt.-a2&met.3=736.sj~735.t0_1~734.v7~734.11s~113.14j_2~112.14i_3&met.1=1.kyvyskle~6.0~7.2~8.2~9.2~10.12~11.2~12.12~13.kq~14.ld~15.ks~16.sg~17.sg~18.sg~19.vz~20.vz~21.w0~22.mf~23.mf&met.7=CAUQCBgBMIEGOIEJUAJYJmACaCdw6gV417QCgAGrsgKIAfPEBrABAbgBAw~CB8QBRgBIIAGKIAGMP0GOH5QgAZYpgZggAZopgZw_AZ4kgmAAeYGiAGnDrABAbgBAw~CBsQBBgBIIIGKKIHMJMIOJICUKIHWNEHYKMHaNIHcJMIeNYCgAEqiAEqkAGCBpgBhgewAQG4AQM~CCEQBBgBIIMGKIMGMNUGOFJohAZw0wZ4rAKwAQG4AQM~CAkQChgBIIQGKIQGMNgGOFRopgZw0gZ49T-AAck9iAHxlQGwAQG4AQM~CB4QChgBIIQGKIQGMPwGOHdopgZw-wZ44QuAAbUJiAHhEbABAbgBAw~CCoQChgBIIQGKIQGMOsHOOcB~CBwQChgBIIUGKIUGMPkGOHRopgZw2AZ49TSAAckyiAGxdbABAbgBAw~CCgQBRgBIOcGKOcGMI8HOCho6gZwjwd4vQOAAZEBiAGPAbABAbgBAw~CCgQChgBIIMJKIMJMPwJOHlooAlw7gl4l7YBgAHrswGIAavbA7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4009:816::2003 London, United Kingdom, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 5DAE 0
17 B 48ms
31ms Ping
image/gif 2a00:1450:4009:816::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~kyvyslq0&chm=1&ctx=2&gqid=lKbxYc3TNN2Jtwfqgb8Y&qqid=CNq81-CY0PUCFWDv4wcd_mgHmA&met.6=6.1_CgsYxwkgdSoECAcSAA
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4009:816::2003 London, United Kingdom, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 5DAE 0
17 B 48ms
31ms Ping
image/gif 2a00:1450:4009:816::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=2~kyvyslqg&chm=1&ctx=2&gqid=lKbxYc3TNN2Jtwfqgb8Y&qqid=CNq81-CY0PUCFWDv4wcd_mgHmA&met.4=fb.mb~lb.t4~ol.xi~bdt.-n7~bpp.-a6~idt.-4~dtd.-1~dt.-a7&met.3=555.ty~556.ty~734.vx~749.xh_2~736.xj~735.xw_1~734.129~113.14h_2~112.14h_3~246.14v_1&met.1=1.kyvysklk~6.0~7.0~8.0~9.0~10.0~12.w~13.lz~14.mi~15.m1~16.t4~17.t4~18.t4~19.x8~20.x8~21.xi~22.nx~23.nx&met.7=CAUQCBgBMKoGOLYJaCFwlwZ46v0BgAG--wGIAeDwBbABAbgBAw~CBIQBxgBIKEGKKEGMNYGODRoowZw1QZ4iAmAAdwGiAG5QqoBFQoTR29vZ2xlIFNhbnM6NDAwLDUwMLABAbgBAw~CBwQChgBILkGKLkGMJkHOGBougZwmQd4_AiAAdAGiAHTC7ABAbgBAw~CAkQChgBILkGKLkGMIoHOFFougZwgwd49T-AAck9iAHxlQGwAQG4AQM~CB4QChgBILoGKLoGMJoHOGBougZwmQd44QuAAbUJiAHhEbABAbgBAw~CCoQChgBILoGKLoGMPsHOMIB~CBwQChgBILoGKLoGMI8HOFVouwZwigd49TSAAckyiAGxdbABAbgBAw~CBsQChgBILoGKLoGMPMGODk~CCEQBBgBIL0GKL0GMI8HOFNovQZwjQd4rAKwAQG4AQM~CBcQAhgBIMsGKMsGMLAHOGVQzAZY-wZgzAZo-wZwpAd4wYEBgAGVf4gBlX-wAQG4AQM~CBMQAhgBIKMIKKMIMIcJOGRAowhIowhQowhYzwhgowhozwhw8Qh40N4BgAGk3AGIAaTcAaoBEAoKZ29vZ2xlc2FucxApGAKwAQG4AQM~CCgQChgBIMUJKMUJMLAKOGtQxglY9wlgxglo-Alwngp4l7YBgAHrswGIAavbA7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4009:816::2003 London, United Kingdom, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:54 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame C4DF
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/895631/58886990/4.js?ias_dspID=3&ias_campId=25570486&ias_pubId=pub-4576544419463247&ias_chanId=1&ias_placementId=15522394772&bidurl=https://sarahah.top/&ias_de...
https://static.adsafeprotected.com/4.js

1 KB
1 KB

18ms
18ms

Script
application/javascript

2600:9000:225f:c600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Server: 2600:9000:225f:c600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 460ff0b1da5bacd95df6905ad1c8df05bdda30aa4189e2fef38b53b6318e42ff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 16:51:59 GMT
content-encoding: gzip
age: 10856
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Wed, 26 Jan 2022 16:51:51 GMT
server: AmazonS3
etag: W/"96e16e7453ae2e6952bc6d2a20ea29f7"
vary: Accept-Encoding
x-amz-version-id: TI7Wu8.c3shY9Kbc25ps.McAaw9Y1JrB
via: 1.1 1414bd7a19d3e0731eb4c47589439132.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: TXL50-P2
content-type: application/javascript
x-amz-cf-id: yjKdNtGFSgiUocwvDi_XKQtPARYyWS3Xb47rUrqEGHRxuuQTttp8Kg==

Redirect headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:54 GMT
x-server-name: app15.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 8396 80 KB
21 KB 69ms
21ms Script
application/javascript 2600:9000:225f:c600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225f:c600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 08:08:31 GMT
content-encoding: gzip
age: 10151064
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 1414bd7a19d3e0731eb4c47589439132.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: TXL50-P2
content-type: application/javascript
x-amz-cf-id: 92vo-n7VpcH1Ic735z94pxxzy1dnBvqXKkyokphzEqkhnJwvGO-mPA==

GET
H3 200 cta.png
s0.2mdn.net/sadbundle/17769650012815866319/728x90/ Frame C774 877 B
904 B 81ms
81ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/cta.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41a19d96fde3b62300f9f41f049f8881fcb4180a422f06f1ef6eeeb615995eff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 10:01:33 GMT
x-content-type-options: nosniff
age: 208281
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
last-modified: Thu, 02 Dec 2021 21:16:18 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 24 Jan 2023 10:01:33 GMT

GET
H3 200 titillium-web-v10-latin-700.woff
s0.2mdn.net/sadbundle/17769650012815866319/728x90/ Frame C774 15 KB
15 KB 42ms
41ms Font
font/woff 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/titillium-web-v10-latin-700.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae32776aae5fbba5f5e09afbc3f01e948cb97a1434924ebfbf25e8f2661d1625

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/index.html
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 10:01:33 GMT
x-content-type-options: nosniff
age: 208281
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Thu, 02 Dec 2021 21:16:18 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 24 Jan 2023 10:01:33 GMT

GET
H3 200 titillium-web-v10-latin-regular.woff
s0.2mdn.net/sadbundle/17769650012815866319/728x90/ Frame C774 16 KB
16 KB 55ms
54ms Font
font/woff 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/titillium-web-v10-latin-regular.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11c54a8e83547d7ec3af9960ab4c4b50af1ea2f4bab7f356a6a9a8d3f251c459

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/index.html
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 10:01:33 GMT
x-content-type-options: nosniff
age: 208281
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16572
x-xss-protection: 0
last-modified: Thu, 02 Dec 2021 21:16:18 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 24 Jan 2023 10:01:33 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame C4DF 43 B
215 B 542ms
173ms Image
image/gif 52.25.29.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=895631&asId=70a6db36-caae-5e8c-5075-866a6fe21e9c&tv=%7Bc:2r1sqh,pingTime:-3,time:44,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:13%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:44,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B40~0%5D,as:%5B40~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sVEE5bH+11%7C12%7C131%7C132%7C141%7C1511%7C161*.895631-58886990%7C1611%7C16121%7C1613,idMap:161*,rmeas:1,rend:0,renddet:na%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.25.29.156 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-25-29-156.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:54 GMT
x-server-name: dt16.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame C4DF 43 B
216 B 533ms
172ms Image
image/gif 52.25.29.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=895631&asId=70a6db36-caae-5e8c-5075-866a6fe21e9c&tv=%7Bc:2r1sqn,pingTime:-6,time:50,type:i,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:51,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B47~0%5D,as:%5B47~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sVEE5bH+11%7C12%7C131%7C132%7C141%7C1511%7C161*.895631-58886990%7C1611%7C16121%7C1613,idMap:161*,rmeas:1,rend:0,renddet:na%7D&tpiLookup=ao:sarahah.top*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.25.29.156 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-25-29-156.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:54 GMT
x-server-name: dt17.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame C4DF 43 B
215 B 693ms
336ms Image
image/gif 52.25.29.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=895631&asId=70a6db36-caae-5e8c-5075-866a6fe21e9c&tv=%7Bc:2r1squ,pingTime:-2,time:57,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:761,beZ:762,mfA:763,cmA:764,inA:765,inZ:768,prA:768,prZ:771,si:775,poA:776,poZ:792,cmZ:792,mfZ:792,loA:812,loZ:814,ltA:818,ltZ:818%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:13%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:57,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B53~0%5D,as:%5B53~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sVEE5bH+11%7C12%7C131%7C132%7C141%7C1511%7C161*.895631-58886990%7C1611%7C16121%7C1613,idMap:161*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:na,sinceFw:41,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.25.29.156 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-25-29-156.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:54 GMT
x-server-name: dt18.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 998D 0
20 B 78ms
78ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B-GX0labxYaGVIuTN7_UP6ImSkAEAAAAAOAHgBAI&bg=!x8SlxIDNAAZ_DxPPfw87ACkAdvg8WvHI622dOSaCkw3h7nBXUlAMjuC13b8Vj5Cyg_ztGAT9WvjOwQIAAADSUgAAAAJoAQeZAwTxTVLeUGPJH1xrL3kqih2Drt7r8GNYRVu1GIxMpe2MvJZWK2gRTA_4-uFcFjesYIAk7JF_O8nIYNI7M8HtYGqCt-RP7XpW1zOCPn5BHvUZ7lMG-smK1vJEPXDfP2z0mtUTi8-RIC-wUtfjLpwl2V32oBPagexgWgac-J2ZbfdeYqqY7J7ekIs1oUoI4iILAuBhATCYIJaKTKtXIrMgllLhPdjpwNp52STK6yPl6sXGttl3Uf4WhEZPhox2wst-DwCuj5HQKjTWR_yE8U4krDH0v_-iNdqEu47SBUhjsJTulLYjTeXFZsVd1qHaWgEycP6l-pCEZ7y1x3AAykEklP5TnIqzO90t30eBMwjiqT4OIgfwidHeuyFbEgXfzGibHK9mZh1YLOvJBzI7ByxtVd_N3KLUpJsPiglVzKM3Om9QA5DwHxedffnwIpUoM8lmEnVzdU4WiGA2DOapd1PrzvB05_q0Ywh4xUGryI-vyzjaveLXMhX5B_awradS_cgwAfK_NEdWiBBNSUK5YfEROt8Gk5qYN7rAymqAgCcbB-xM9PTrfoXtdhDQ0z_LATQX6ohwB1cbwplrAkuip1B37JJVoavlZ2tm6JNNEz8joaI9taNB6TpESSwHVtF3rHpTW0v3qFqpgrdydGB0hNsVYNdR-olePyvR_ggOz3EfSmtYI4ejzioO38rB-ysDJoChcb5XgXz-tddsqlgVp00FaV5Dop5BKnmV__nl8PMB4IMsIPM40jiHAq7ZSiy1a3yn4QbNv4OU-Rk9MG5hnzKu4EiUxNEAc23gLEsOQ6qzv0hQ65c70Twk72_rREsD6PM0mWjbwEE-zt8uHKBtCvp1ai_JOChvYhKDd27SKLLQs4lRuJ-MWVrJrtF3kDn3ggRFYV9T5M8LG-NR0kCJEebUMtPcAmpf5LZdnv_OZqQEWTlNVA8FW5Svx7ts6g4GuZAQnW3m0WH8loXhECOHQEyDKEQP6EEHFpdU9T85xKVwD8G5IgVhtl9mRoDDKPjSqWQlT-V88nnk

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 img2.jpg
s0.2mdn.net/sadbundle/17769650012815866319/728x90/ Frame C774 11 KB
11 KB 40ms
40ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/img2.jpg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a43f1770b29491ce75b2b31fc89160be563726e06117498693299e2e1334b489

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 10:01:33 GMT
x-content-type-options: nosniff
age: 208281
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10876
x-xss-protection: 0
last-modified: Thu, 02 Dec 2021 21:16:18 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 24 Jan 2023 10:01:33 GMT

GET
H3 200 img3.jpg
s0.2mdn.net/sadbundle/17769650012815866319/728x90/ Frame C774 15 KB
15 KB 42ms
40ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/img3.jpg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

293570a46918d3cfa6bed088cabbb6cd4ca0356154651d3caf04542671226770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 10:01:33 GMT
x-content-type-options: nosniff
age: 208281
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15226
x-xss-protection: 0
last-modified: Thu, 02 Dec 2021 21:16:18 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 24 Jan 2023 10:01:33 GMT

GET
H3 200 cta-fx.png
s0.2mdn.net/sadbundle/17769650012815866319/728x90/ Frame C774 1 KB
1 KB 44ms
43ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/cta-fx.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d91d6727627a6b0c5540c941852e963f30c79ffd9f6779fbb3456036679e152

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17769650012815866319/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 10:01:33 GMT
x-content-type-options: nosniff
age: 208281
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1073
x-xss-protection: 0
last-modified: Thu, 02 Dec 2021 21:16:18 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 24 Jan 2023 10:01:33 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C4DF 0
23 B 124ms
76ms Ping
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuD7e2d8L__KTKLwehDVk62BDX2mV6cvaARktAS01Q98gZrmbH0JI3CBhXAm94oS7uyD7H4MXnrP0SQTJbXCxaj-Qbm9Dp-5VEmkNmDdmTudlC9apLmq1XRXUcrH_TRVLoh4WMQdanYCOesXxvl73MrBVLCuiTF-GEF6jn9kTca5xDd1rXFiuiqJ_sqrVtMV-P0LgfYdjuvJisD6eB7I_TVCLWXgEDQP3TfwR6EDdJAkJ5lRdIBTN-XwQDNqurzgeEj7TEExbEWgTqGorhhnORPRlj5hBUkESyk54KwZtXK8SgdP9VmgmafU3inXWXBFd93Z0RqgcuVacntmiTeQ0IJmAaMatCXnUzjT6cKNZSN6cWxXyp1eaJrMEaH9btKqVCznln6LX1GHdh2qR5nQWPOJHHEiMAjGOc15QtJoGGj7p1nGUnXxiznXHF3RB75-FWJriHr6D4xV2LfmrTODEsTozhFd9i1O40GI34-DhsQuScrsfN07ew1ZgUwwuAH6P1nt10oj3TPEbXd2mqCFQpaRR3gfsS7DjnWgJ1-fGAM5FjppurSJ7ry3QD67c5yJ0_Q_Utu2bFHwebFnbNeBbb-C4_YgeZ-f37xtJBRsZjTKUyKoNryNTDw-2kwQFAwBWYpcwuPhH8rOl6JL3DlaYbe0DUf570goWraZIrh6W9HFFi7-oVpFmNzcGIINi_c9UOmiF1bKH-yTkPs8kCDJotBy9wo9v1P68LYmIv1sZy8CzH8NzpJFFTg66h6_ZeqsjDJLxCaPfQvJBaUlyv2Ghhz6ICr_i5vRrFB5Nx7nao7ExcSB6MCSIEjwIAdrZe88dyAkAvLMpmeRTy6IBjwmI_oSKKcNer4j14KAVk1apNC6aIVU5_MCzsneh3-1RnTtrmuLFKfRt80b73RAkcvt4BuQeB2WUyNTQNKIgdDYMfAnYLEDTngEBQD_bNaXSyM5j-e20zIZzaLCOxxLbD5q60PiFMOgrNZLAY5dhms1oPUX3Y92vZzCP12ZktDxjPVmj9LpHdE8NmDvOZwMsWy0g1FXyPaAeyVr-MxpFqs4u_ljchctLU8q6UPUqBDbHj2U632JOYNZOnVYc4vGspDem3XGTXixvDQKW0Ny4j0JPrQcFxg&sai=AMfl-YR0W5IjxOopMiKPOQzKYRQ_JMyGU9B6StXvdv3mQ-SmAvPzdHbDw6FBuvG0dF3hmaIP026UPLtmmd4R6pkex6nhvgTXNMcE_XQdWIyFrg7jvCHHNGKmLcG48mErRJVipvI7&sig=Cg0ArKJSzBYlDwwFfuwaEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=761&vt=11&dtpt=496&dett=3&cstd=262&cisv=r20220120.45727&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 26 Jan 2022 19:52:54 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 dt
dt.adsafeprotected.com/ Frame C4DF 43 B
215 B 423ms
173ms Image
image/gif 52.25.29.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=895631&asId=70a6db36-caae-5e8c-5075-866a6fe21e9c&tv=%7Bc:2r1ssc,time:163,type:e,im:%7Bpci:%7Btdr:120%7D%7D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:163,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B159~0%5D,as:%5B159~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sVEE5bH+11%7C12%7C131%7C132%7C141%7C1511%7C161*.895631-58886990%7C1611%7C16121%7C1613,idMap:161*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.25.29.156 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-25-29-156.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:54 GMT
x-server-name: dt20.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame C4DF 43 B
215 B 196ms
173ms Image
image/gif 52.25.29.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=895631&asId=70a6db36-caae-5e8c-5075-866a6fe21e9c&tv=%7Bc:2r1svS,pingTime:-10,time:391,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Ny4wLjQ2OTIuNzEgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1643226774671%7C%7C63521ac5451e9b8ef8dffffa7bb974e4%7C%7C8866308252d63f9bf74b74e606896148%7C%7C7e21f1f9d2443f7ac0aa673f23f3482a%7C%7Ce200eadaafaca277f5bb88b1b56784a8%7C%7C4080cd4c3e8721b72ace9cb62ebc6132%7C%7Cd16e4030394e2a7db9595183431847af%7C%7C6bdd804284dfd21410789d0bc414a319%7C%7C1629390669%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.25.29.156 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-25-29-156.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:54 GMT
x-server-name: dt19.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame DAFF 42 B
64 B 117ms
71ms Fetch
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsujjAul4eBYjwhcIEHsx6G9ffx5ac8CihSwxsdlr44OyDVzQ-BZlmNjWJd6W0F9yZex4J36xGRseEfgk8Y4h4a6t_jjCKN-3EW4ubG_Ff7sEfGX0PpEKw&sai=AMfl-YSW1EUvClar4o7dStqSKdmhpAWHCa53c5kO-X51OoH2yg6r7mLLRV_8KTcPoQiBT1DYd_Dpsrsyme0Z&sig=Cg0ArKJSzGyNOSITPwHBEAE&id=lidar2&mcvt=1001&p=0,0,280,336.015625&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20220124&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=3972370446&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1643226772802&rpt=1021&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C4DF 42 B
64 B 72ms
72ms Fetch
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssT8VQujZzWiCrtOdgFVwFxxVk_boMxbRhpW4FSTqWdnJJcOqwuCNWhubW4lW4tFlwMQwVd7CHxCiQOKMvlqrNpt_mkt1R4F47yB24hx3D48h6iFtGH_Q&sai=AMfl-YTon7ff79PYOmVgTG53N4HSSlFDYwtEuEZLrcxOqUosUhe8Sb1eY1WX9BvU0z1sNFweuA8VIJXNHrkG&sig=Cg0ArKJSzDuTKj1h42_PEAE&cid=CAASBORoKrY&id=lidar2&mcvt=1004&p=0,0,90,728&mtos=487,986,1004,1004,1004&tos=487,499,18,0,0&v=20220124&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1643226773520&rpt=413&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5DAE 42 B
64 B 71ms
71ms Fetch
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst6u9rcN3ZPjwX9lmxN7YMFBPSWMnxcRlcVXZfj_v3eNGwGD9FQ8JJIWQEaF38ycP2CQyQTPY8g4WItpByd4HO7gzY4bJN8feoYFLkVcB4JnSRuqthw-A&sai=AMfl-YSwEg75BIMZ70qxUDIV8nTW6WOaczOW-SfTyvVyErmzXRON-6drJVu-n8c_ujT7_G34bOPuLN-sTipo&sig=Cg0ArKJSzGpVQ2GxlM00EAE&id=lidar2&mcvt=1000&p=0,0,280,1200&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220124&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=361493202&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1643226772808&rpt=1205&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dark-bottom.css
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/ 3 KB
1 KB 58ms
37ms Stylesheet
text/css 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/dark-bottom.css

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/cookieconsent.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0ffccca0958c2710d1eb8b56616436104e48271e70c3dddf1ba4eb0a9df065a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 489437
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 700
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-c27"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CitjcbJLh%2F1QBAitS8hBB6BllwdEWwa83gy%2F3QVYm0H8Gh01zHJB3fcn0xaNslOa6UkBRl1%2FKcxgSlTdML1UQsrbURNFIjDWLOlRpj8R6IS7Agawl%2FnvCJJ74Wzd4z0yC9OYOX8mRrRzXFOK5mTBDcna"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6d3c48d01e486943-FRA
expires: Mon, 16 Jan 2023 19:52:55 GMT

GET
H3 200 like_box.php Show response
www.facebook.com/v2.12/plugins/ Frame 3DDD 52 KB
16 KB 78ms
68ms Document
text/html 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.12/plugins/like_box.php?app_id=1878381995713635&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df20844e8a48776%26domain%3Dsarahah.top%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fsarahah.top%252Ff2d658e40651c7c%26relation%3Dparent.parent&color_scheme=light&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fsarahah.top&locale=en_US&sdk=joey&show_border=false&show_faces=false&stream=false

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=1ba1175ca14f4676e97befac36528928

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2ecfa8bef3128a54ca3ef011871514a45a0f6ec760e1dfe159a8e73950065468

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/

Response headers

vary: Accept-Encoding
content-encoding: br
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
facebook-api-version: v5.0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: MeW2oU5EQ+eF+8gGZL/JSNRAJqH39o8bJq7Xnznq7WzRoeNT3VK+ayl6k4QieBVIHx/jQth0okJdWXXTMKypUQ==
date: Wed, 26 Jan 2022 19:52:55 GMT
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 50ms
50ms XHR
application/json 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220120&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57680e8aa768ff4e9541d15386327df18ee44bd4a93d86cb6d7af0075b9969df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 26 Jan 2022 19:52:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8826
x-xss-protection: 0

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame C4DF 59 KB
23 KB 41ms
40ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220120/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

73ed57fba43ed89fa450a1ae368c27908a43950ebc106287632a3dc9c1184da2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:19:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2017
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23019
x-xss-protection: 0
server: cafe
etag: 16015489130178292579
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Wed, 26 Jan 2022 20:19:18 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 99ms
98ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 26 Jan 2022 19:52:55 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame C4DF 0
17 B 30ms
30ms Ping
image/gif 2a00:1450:4009:816::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~kyvysmdr&chm=1&ctx=2&gqid=lKbxYfjMNJittgehibfIBw&qqid=CKer1OCY0PUCFShbFQgdI9YBaQ&met.6=6.1_CgsYgAQgdSoECAcSAA
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4009:816::2003 London, United Kingdom, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:55 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame C4DF 0
17 B 30ms
30ms Ping
image/gif 2a00:1450:4009:816::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=2~kyvysmdy&chm=1&ctx=2&gqid=lKbxYfjMNJittgehibfIBw&qqid=CKer1OCY0PUCFShbFQgdI9YBaQ&met.4=fb.7~lb.7k~ol.163~bdt.-16y~bpp.-u0~idt.-ku~dtd.-ke~dt.-u3&met.3=374.8j~734.ai~749.bh_2~735.bn_1~735.c4_1~734.dy~734.ih~734.mb~734.p4~735.q0_1~734.rw~734.uo~734.xg~734.109~734.13j_2~735.13u_1~113.18h_3~112.18g_5~246.18l_1&met.1=1.kyvysl5c~14.5~15.0~16.5~17.5~18.5~19.5~20.5~21.5~22.7u~23.7u&met.7=CCgQBRgBIAgoCDBAODloDXBAeMAEgAGUAogB8ASwAQG4AQM~CCgQChgBIAkoCTB0OGtoDHBrePeCAoABy4ACiAHLjAWwAQG4AQM~CB4QChgBIAkoCTCuATikAWhYcK0BeOELgAG1CYgB4RGwAQG4AQM~CCoQChgBIAkoCTDwATjmAQ~CBwQChgBIAooCjCDATh5aFhwgQF49TSAAckyiAGxdbABAbgBAw~CBwQBhgBIAooCjBWOExoDXBWeNYCgAEqiAEqsAEBuAED~CBsQCiB6OLcE~CCkQChgBIHwofDDwAjj0AUB8SLkBULkBWJcCYOQBaJgCcMACeLCqAoABhKgCiAHKzAawAQG4AQM~CBwQChgBIH0ofTCuATgxaH1wqgF4gxuAAdcYiAGeP7ABAbgBAw~CAkQChgBIIIBKIIBMK8BOC1oggFwrAF49EyAAchKiAG_vwGwAQG4AQM~CCcQChgBIMsBKMsBMIACODZoywFw8wF4k3mAAed2iAGKxQKwAQG4AQM~CCcQBRgBIKECKKECMM0COCxoowJwygJ490OAActBiAHqsgGwAQG4AQM~CB8QBRgBIIkDKIkDMOMDOFpQigNYuQNgigNouQNw4QN4zyWAAaMjiAHAd7ABAbgBAw~CCIQARgBIIoDKIoDMOIEONgBQIoDSJgDUJgDWPADYL8DaPADcOEEeKwCsAEBuAED~CBsQBiCnBjieBA~CBsQBiCuBjiWBA~CBsQBiCzBji2BQ~CBsQCiDxBjgT~CCIQARgBIPoGKPoGMPcHOH1Q-wZYqgdg-wZoqgdw9gd4rAKwAQG4AQM~CBsQBiCdBzinAw~CBsQBiCBCTjnAg~CCAQBBgBIJALKJALMNoLOEpokQtw2Qt41gKAASqIASqwAQG4AQM~CCgQChgBIIAMKIAMMLMMODNogQxwqQx4l7YBgAHrswGIAavbA7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4009:816::2003 London, United Kingdom, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:55 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 EvUpPlC55r3.css
static.xx.fbcdn.net/rsrc.php/v3/yu/l/0,cross/ Frame 3DDD 24 KB
6 KB 27ms
8ms Stylesheet
text/css 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yu/l/0,cross/EvUpPlC55r3.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.12/plugins/like_box.php?app_id=1878381995713635&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df20844e8a48776%26domain%3Dsarahah.top%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fsarahah.top%252Ff2d658e40651c7c%26relation%3Dparent.parent&color_scheme=light&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fsarahah.top&locale=en_US&sdk=joey&show_border=false&show_faces=false&stream=false

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4d293a499c8a5a3c485ae50b2f1d91357bdbc530b0170a0d12a906d61cb1ffbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 2vpaAdbb6uwahYc5QSBGOQ==
document-policy: force-load-at-top
content-security-policy-report-only: default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 5534
x-fb-rlafr: 0
x-fb-debug: r1p1zHYIYdPiuGBzjnk4nOwH7cqNGObZFNO6mKWco2mhO3dyq7Wr8erXnY7FQ5PzGvUQxn3/4rl7+YBYFEfqeg==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 26 Jan 2023 17:38:17 GMT

GET
H2 200 FPdNN1TK3wJ.css
static.xx.fbcdn.net/rsrc.php/v3/yF/l/0,cross/ Frame 3DDD 2 KB
1 KB 27ms
9ms Stylesheet
text/css 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yF/l/0,cross/FPdNN1TK3wJ.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a33a18d3ade364ae94fdc88f786c869ff8b45cae9bf98f2e2a16dd1459d98cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: qki4Wy05mlz5CwH9oqDKag==
document-policy: force-load-at-top
content-security-policy-report-only: default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 815
x-fb-rlafr: 0
x-fb-debug: rW3i7ZDccErUSOqhXDTkU8LLqBbxL/IFrQUzaS0mZ12RHqWesZEdhNaxDknkeVCwRgUYf5QiDU3lEc/XYGxG6Q==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 19 Jan 2023 19:25:46 GMT

GET
H2 200 Bwqa0QacVWe.js Show response
static.xx.fbcdn.net/rsrc.php/v3/ye/r/ Frame 3DDD 307 KB
83 KB 27ms
9ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/ye/r/Bwqa0QacVWe.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

162a10a44e81ca9c96589f1f75b099d3757d52ca8b02635821bfffaaf7f435f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 3MtyGhWTadMVTd9o5igCJA==
document-policy: force-load-at-top
content-security-policy-report-only: default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 84361
x-fb-rlafr: 0
x-fb-debug: FmiOChjNp3sseC4Ou4HSMql6aMWiQgiyWp4MmQ+Bmu5jMTfpi5DDS159x3NLX2pVdIgKk3Ww7UFUx/BH7zFAXA==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Sat, 21 Jan 2023 19:54:39 GMT

GET
H2 200 GG1Y0sYc7My.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yv/r/ Frame 3DDD 5 KB
2 KB 27ms
9ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/GG1Y0sYc7My.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

39685db80e880ec9e59c22115c5bcbf76586a95bf618a714d61fc0e5f271fe77

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: kw22OIA6eDgOltzbJdNVmQ==
document-policy: force-load-at-top
content-security-policy-report-only: default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 1640
x-fb-rlafr: 0
x-fb-debug: a+MVabbcy33oub5KvQCHfcm+Bza4gqomh2N6CvGOgngaNHllgF9+ED+g1KTpZ75xUj6Pnj3JxYL+QebBM/MT1g==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Sun, 22 Jan 2023 23:22:19 GMT

GET
H2 200 ro0zIPMyj-L.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yp/r/ Frame 3DDD 42 KB
14 KB 27ms
10ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yp/r/ro0zIPMyj-L.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1684ecb2dc7215d0802fd10069346f070c9bbeba6d210375647a3e03a349563e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: TQNM7Tqy7ZeRlVlAocBi0w==
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 13584
x-fb-rlafr: 0
x-fb-debug: T0qxzYhm3DfjGAPKA2OJ5mEjcKm/aTMEtORwfeYwHYFD5NTkub9gaqCEyzgzKgXM57D9+FAcexlDR8U6V+OJmw==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 26 Jan 2023 19:45:10 GMT

GET
H2 200 NjoKkVaD8Nz.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yN/r/ Frame 3DDD 46 KB
15 KB 27ms
10ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yN/r/NjoKkVaD8Nz.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9119f8342d3146d0f8fac151da01cef0b13e4ab7b2703c113436654c0845eaee

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: gxLK90ziRaeLM8QNpaguZA==
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 14901
x-fb-rlafr: 0
x-fb-debug: zNbZW5Oa7OuHttbWbGoMNUGruRf/5cdwckGY/VaVNCNAUYWZ5Md3oxwkcoVKX9OeQxr3A46OrTLulIRZKZbivQ==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 26 Jan 2023 19:42:40 GMT

GET
H2 200 x9ZrO_yAkJs.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/y0/l/en_US/ Frame 3DDD 82 KB
23 KB 41ms
24ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/y0/l/en_US/x9ZrO_yAkJs.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4c0752b37b4f74e2e83dd5c1a8dda11d5f3a0534d857ea7a50a7e87530270d21

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: s06YHKP82cEFC6ripSzfLA==
document-policy: force-load-at-top
content-security-policy-report-only: default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 22909
x-fb-rlafr: 0
x-fb-debug: HpktkA+j/+lUHDQyP/gnFc595r2HU3qeCMRGrqwcjBBnhNIe1U0ZfDZwDiEWeay/koipOxnR5rpZjjdjnvCGag==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Fri, 20 Jan 2023 21:56:52 GMT

GET
H2 200 16807405_1281761078578779_4892462652892413971_n.jpg
scontent-arn2-1.xx.fbcdn.net/v/t1.18169-1/cp0/p50x50/ Frame 3DDD 1 KB
2 KB 95ms
29ms Image
image/jpeg 2a03:2880:f00a:e:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scontent-arn2-1.xx.fbcdn.net/v/t1.18169-1/cp0/p50x50/16807405_1281761078578779_4892462652892413971_n.jpg?_nc_cat=102&ccb=1-5&_nc_sid=dbb9e7&_nc_ohc=4z5_Y_5c2uQAX9TxGMS&_nc_ht=scontent-arn2-1.xx&edm=AGggysMEAAAA&oh=00_AT96Ljnr40yvn6UBaJ8XqNOAevaR8E-Ex2ultXbmrcsiZw&oe=621750E3
Requested by: Host: www.facebook.com
URL: https://www.facebook.com/v2.12/plugins/like_box.php?app_id=1878381995713635&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df20844e8a48776%26domain%3Dsarahah.top%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fsarahah.top%252Ff2d658e40651c7c%26relation%3Dparent.parent&color_scheme=light&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fsarahah.top&locale=en_US&sdk=joey&show_border=false&show_faces=false&stream=false
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f00a:e:face:b00c:0:3 Kista, Sweden, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: 5a0c9f201b99eef8a461ebfa232796ba4391bfc76ee935f61e1894e07a95b385

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-haystack-needlechecksum: 476311761
date: Wed, 26 Jan 2022 19:52:55 GMT
x-fb-trip-id: 1904183273
last-modified: Sat, 18 Feb 2017 18:08:25 GMT
content-type: image/jpeg
access-control-allow-origin: *
content-digest: adler32=257975720
cache-control: max-age=1209600, no-transform
cross-origin-resource-policy: cross-origin
x-needle-checksum: 3500225080
timing-allow-origin: *
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 1244

GET
H3 200 odN6yT5qyq_.png
static.xx.fbcdn.net/rsrc.php/v3/yS/r/ Frame 3DDD 1 KB
1 KB 17ms
7ms Image
image/png 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/odN6yT5qyq_.png

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yu/l/0,cross/EvUpPlC55r3.css?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3a16bbf4914a49b1afe816e119c7da2d731dead9167c01d07984ef323e26bfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://static.xx.fbcdn.net/rsrc.php/v3/yu/l/0,cross/EvUpPlC55r3.css?_nc_x=Ij3Wp8lg5Kz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:55 GMT
x-content-type-options: nosniff
content-md5: jWtlBZOXpZs9LMNqqzeJoA==
document-policy: force-load-at-top
content-security-policy-report-only: default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 1341
x-fb-rlafr: 0
x-fb-debug: cP4/1Yk8/la/297wfS8C0oCvTbq50ZU2FmyWflpDlnZ4ypHyuBE0KwhNne4rGNuGZJ2gMIPSUBGXzX0J1Jkzyw==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Tue, 17 Jan 2023 15:34:26 GMT

GET
H3 200 i2tRtdCoiXF.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yJ/r/ Frame 3DDD 22 KB
7 KB 8ms
7ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yJ/r/i2tRtdCoiXF.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/ye/r/Bwqa0QacVWe.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8fa574441bbbc1f4d6b6214aa67f9bada654251041070169860ba0a7e0266dcc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: /uy0wSWILtA+myCDkhrsYQ==
document-policy: force-load-at-top
content-security-policy-report-only: default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 7120
x-fb-rlafr: 0
x-fb-debug: jlcixYjRtdEI+rMjwj2PFK15FOc0sosv5zOGodDzTVOWLrGeIvBsrCekffyIxXaIw37Vg0Edq3xg4jNcaKfsyg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 26 Jan 2023 01:27:28 GMT

GET
H3 200 CWJINsGKrOS.js Show response
static.xx.fbcdn.net/rsrc.php/v3/y3/r/ Frame 3DDD 18 KB
6 KB 8ms
8ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y3/r/CWJINsGKrOS.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/ye/r/Bwqa0QacVWe.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9e31058534b68e728b3cfe4d4f122333f19479a72ce4ac79b596ba346376f16c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 4rHnUh0ztUMBselfW2HUmA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 5946
x-fb-rlafr: 0
x-fb-debug: K77Bg1mk8GWGEn7mqf7ylq4fYhk+GCp2at3cKTSn3vNGiKitJmXDJ7Q3jbzejOjCNrfh3PC5OwzCXSPhCU3QMQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sun, 22 Jan 2023 23:23:03 GMT

GET
H3 200 KWY7Edb5_DT.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 3DDD 7 KB
2 KB 8ms
8ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/KWY7Edb5_DT.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/ye/r/Bwqa0QacVWe.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

926f93de149c6753d71950537181074802049d225c6def305ddfdab9c9f3cbb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:52:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: s2+Q5+JokpV3Zcnr5JTWNg==
document-policy: force-load-at-top
content-security-policy-report-only: default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 2273
x-fb-rlafr: 0
x-fb-debug: e1bzijE87SOoUNj2odGmR46Mgd7n1UIyVfH3leRatQ7WGzym2JUaHtym8nBC2IIcyznx3SDXUShA0i7I3s184A==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sun, 22 Jan 2023 23:23:19 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 06F0 13 KB
5 KB 39ms
39ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 26 Jan 2022 19:40:14 GMT
expires: Thu, 26 Jan 2023 19:40:14 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 761
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 4229 783 B
533 B 46ms
45ms Document
text/html 2a00:1450:400f:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400f:801::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a83bd4fe37116fa1159b8dd489e627489355d5350821b99cc0ba9518e375d04b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ny7+1Ur5erdDUEMovplQDg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 26 Jan 2022 19:52:55 GMT
date: Wed, 26 Jan 2022 19:52:55 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-ny7+1Ur5erdDUEMovplQDg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 511
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4229 0
0 104ms
104ms Image
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220120&jk=1481421488732247&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 RSjKnk5gG5e-YnqyaokaGBofRBYcmQ35b5mWA3AF7Xg.js Show response
pagead2.googlesyndication.com/bg/ Frame 06F0 35 KB
13 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/RSjKnk5gG5e-YnqyaokaGBofRBYcmQ35b5mWA3AF7Xg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4528ca9e4e601b97be627ab26a891a181a1f44161c990df96f9996037005ed78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 07:55:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43041
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13497
x-xss-protection: 0
last-modified: Wed, 12 Jan 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 26 Jan 2023 07:55:34 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame C4DF 43 B
215 B 168ms
167ms Image
image/gif 52.25.29.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=895631&asId=70a6db36-caae-5e8c-5075-866a6fe21e9c&tv=%7Bc:2r1sIz,pingTime:1,time:1178,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:13%7D,%7Bpiv:100,vs:i,r:,t:177%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:177,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B173~0%5D,as:%5B173~728.90%5D%7D%7D,%7Bsl:i,t:177,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1002~100%5D,as:%5B1002~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:696,fm:sVEE5bH+11%7C12%7C131%7C132%7C141%7C1511%7C161*.895631-58886990%7C1611%7C16121%7C1613,idMap:161*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.25.29.156 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-25-29-156.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:55 GMT
x-server-name: dt17.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame C4DF 43 B
215 B 169ms
168ms Image
image/gif 52.25.29.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=895631&asId=70a6db36-caae-5e8c-5075-866a6fe21e9c&tv=%7Bc:2r1sIA,pingTime:1,time:1179,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:13%7D,%7Bpiv:100,vs:i,r:,t:177%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1002,o:177,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B173~0%5D,as:%5B173~728.90%5D%7D%7D,%7Bsl:i,t:177,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1002~100%5D,as:%5B1002~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:696,fm:sVEE5bH+11%7C12%7C131%7C132%7C141%7C1511%7C161*.895631-58886990%7C1611%7C16121%7C1613,idMap:161*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.25.29.156 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-25-29-156.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:55 GMT
x-server-name: dt18.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame C4DF 43 B
215 B 169ms
168ms Image
image/gif 52.25.29.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=895631&asId=70a6db36-caae-5e8c-5075-866a6fe21e9c&tv=%7Bc:2r1sIA,pingTime:1,time:1179,type:c,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:13%7D,%7Bpiv:100,vs:i,r:,t:177%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1002,o:177,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B173~0%5D,as:%5B173~728.90%5D%7D%7D,%7Bsl:i,t:177,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1003~100%5D,as:%5B1003~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:696,fm:sVEE5bH+11%7C12%7C131%7C132%7C141%7C1511%7C161*.895631-58886990%7C1611%7C16121%7C1613,idMap:161*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,metricId:publ1,cmr:t%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.25.29.156 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-25-29-156.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:55 GMT
x-server-name: dt19.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET generate_204
tpc.googlesyndication.com/ Frame 06F0 0
0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 75ms
74ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220120&jk=1481421488732247&bg=!WFulWx_NAAZ_DxPPfw87ACkAdvg8WiOfWeJiZKXIb6WryF2a33PhECq7ZuqBob4VIL9ODGam7Vj3nwIAAABiUgAAAAJoAQcKACC8Mvw1-bVu46J3-LeYdo-jEa4pmvpQbIAEMoRJfM5MMpkCspvJKcSmUuAyWbD4WNnHxgpDPfMVB43HTJXt_jAUosVRbNpbJ9ui74VZ0Sh2FA4GZCl6oBjn_EsyT5EW6xPkjshkI9UBT7nGhbil0gRsMwW38J7OGXnviyq6TwThqMqFqVCoEt2z9Jjav2gyogDZIl88osmaMA_lyHCgZG1cE1dzN7nRgHaE5tF8EoA3t9BWgjeQrgPQ2gML30OgqgS9ElRWBfldQF12rql-LQ7EbsicnhULVAF0d9tTcNkx6qkSaJ9_6PdUhgvOJ5kJ9qxe85zatL0r9d2wUBfy0OjgQy7OOH1rNZGJ39XdQRL_IYu-YkB-F5z0wGxjuSu_3W0UthoO51qf4PMFMTHdkiUvOHQEOf9Y7OZY-VilHFR8DAPa4U7jN9H7p0D3bq46j-Cv7AEKrL6dD6YZvsPbsLpABger0NAOAKfdm-xpJ7fy3-Er2d6MDtU5WQ-H_e6KlKkxRhSvrA9bBKhRFssvdaiJlrSgIV7ojbg7pWQX27i68FyYoktcqHRhm5CbyDjH3BpRG6ED3ATBPfbyn1rY8w5zm4osQ07UZL5Ez6lYGh0lipj24uNQTCLq7PvuaDLCUirGTRtzCNerpQ40g9nthgyBWpbLU_v8lLwrFvnDVuWLZ8aXRo8Dz0-7vftuUodDCawVMaao7SRYcv21exAmBQr930XxDQCa5nC89znnpzF9jdJcMbFKHgrnLp8M32R4L9MBnkdMPampOyr5hh7xoUlul0kYXFxPgNS1OP43U1rs9tL-eE9RbmFq6GSkwMulXkSFH58APxeJ00QCbHLPQkZnhffscbWYdzJhS3Ab1j8VX5R0D5syuOlfvsUNmdeBhgRcWvwq7gDyIQ8MNgJlgYC_e8x_LK_-E6aXN-ruDglUNaKo2ksI_vyK7XhthmtvnwW7cNEygA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ 0
17 B 30ms
30ms Ping
image/gif 2a00:1450:4009:816::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=1~kyvyskmc&c=1481421488732247&e=31064528%2C31063221%2C31061691%2C31063247%2C31061692&ctx=1&met.3=164.he_1~165.hb_3~164.hf~165.he_1~247.hg~248.hg~164.hg~165.hf_1~166.h2_n~166.hq_3~326.qm_2~216.ql_4~215.ql_4~843.qk_5~779.qq~868.qq~889.qy~639.r3~914.r3~326.r7~216.r7~215.r7~779.r8~868.r8~889.ra~639.rh~914.rh~326.ri~216.ri~215.ri~779.rj~868.rj~889.rk~639.ro~914.ro~112.se_2~629.vy~429.16l_1~453.16p~453.16q~453.16q~453.16r~453.16r~453.16r~453.16s~454.16s~454.16s~454.16s~453.16s~753.16u~353.16m_8~210.19h_1~326.19j~164.19j~165.19j_1~466.19i_2~326.19l~164.19k~165.19k_1~466.19k_1~522.19i_3~779.19m~779.19m~868.19m~868.19m~525.19o_6~525.19u_8~639.1a3~914.1a3~639.1a3~914.1a3~264.1a3~264.1a6~264.1ah~264.1ay~264.1bo~264.1bv~264.1cf~264.1cu~264.1dg~264.1dt~264.1ef~264.1f1~264.1fg~264.1fp~264.1g1~264.1hj~264.1hq~264.1hw~264.1iy~168.1j6~168.1j6_1~168.1j7~168.1j7~168.1j7~168.1j7~168.1j7~168.1j7~168.1j7~168.1j7~168.1j7~168.1j7~168.1j7~168.1j7~168.1j7~168.1j7~168.1j7~168.1j7~168.1j7~168.1j7~264.1j8~264.1jf~264.1jy~168.1k2~168.1k2~168.1k3~168.1k3~168.1k3~168.1k3~168.1k3~168.1k3~168.1k3~168.1k3~168.1k3~168.1k3~168.1k3~168.1k3~168.1k3~168.1k3~168.1k3~168.1k3~168.1k3~168.1k3~264.1ky~168.1l5~168.1l5~168.1l5~168.1l5~168.1l5~168.1l5~168.1l5~168.1l5~168.1l5~168.1l5~168.1l5~168.1l5~168.1l5~168.1l5~168.1l5~168.1l5~168.1l5~168.1l5~168.1l5~168.1l5~168.1l8~168.1l8~168.1l8~168.1l8~168.1l8~168.1l8~168.1l8~168.1l8~168.1l8~168.1l8~168.1l8~168.1l8~168.1l8~168.1l9~168.1l9~168.1l9~168.1lj~168.1lj~168.1lk~168.1lk~168.1lk~168.1lk~168.1lk~168.1lk~168.1lk~168.1lk~168.1lk~168.1lk~168.1lk~168.1lk~168.1lk~168.1lk~168.1lk~168.1lk~168.1lk~168.1lk~264.1lm~264.1lu~264.1mg~264.1mj~264.1mz~264.1nh~264.1p5~264.1pk~264.1sv~264.1ty~264.1ul~264.1wa~264.1xi~264.1xs~264.1y5~264.1yq~264.1zb~264.1zl~264.1zy~264.20e~264.20v~264.21c~264.21s~264.229~264.22q~264.236~264.23n~264.244~264.24k~264.251~264.25i~264.25y~264.26f~257.273~264.273~264.27f~273.2hh~113.2i2_1&met.1=1.kyvysjty~6.14~7.15~8.15~9.15~10.1w~11.1h~12.1w~13.4d~14.4e~15.4g~16.dm~17.dm~18.dn~19.2hh~20.2hh~21.2hx~22.ek~23.ek
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20220120/r20110914/rum_fy2019.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4009:816::2003 London, United Kingdom, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sarahah.top/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 26 Jan 2022 19:52:56 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/generate_204?rnwM0A

Verdicts & Comments Add Verdict or Comment

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
sarahah.top/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: agyafyw5mring0eprovypmes
sarahah.top/	1970-01-20 02:51:05	Name: lang Value: ar-jo
.sarahah.top/	1970-01-20 00:27:08	Name: __cf_bm Value: S8LYRGzIsu52oI77YNugMZUtnepmpx0ibmj.ry6jE2Y-1643226771-0-ATXDFC7T7IfpiHDhLhaD/NAiHiYEiT8pYRQPCmuD8m/gbKwQYws7/uPJnKdjk1OhONU28TM0cx8ikYXwvwwZI88=
.sarahah.top/	1970-01-20 17:58:18	Name: _ga Value: GA1.2.889557098.1643226773
.sarahah.top/	1970-01-20 00:28:33	Name: _gid Value: GA1.2.540714890.1643226773
.sarahah.top/	1970-01-20 00:27:06	Name: _gat Value: 1
.sarahah.top/	1970-01-20 09:48:42	Name: __gads Value: ID=9d01349a37cd6aa6-2216d5e12acd0063:T=1643226772:RT=1643226772:S=ALNI_MZuEXfZqY238vutGjuY9tkPL1PXOQ
.adnxs.com/	1970-01-20 02:36:42	Name: uuid2 Value: 4805192739968479289
.doubleclick.net/	1970-01-20 09:48:42	Name: IDE Value: AHWqTUkyDFuaAuf1pk_0YVNTw90Q_QwydWF9gl5eiiNdC1qgluXnaKJDNpBkHtMzca8
.casalemedia.com/	1970-01-20 09:12:42	Name: CMID Value: YfGmlfRtiVlLCTXewIIMqQAA
.casalemedia.com/	1970-01-20 02:36:42	Name: CMPS Value: 3270
.casalemedia.com/	1970-01-20 02:36:42	Name: CMPRO Value: 1135
.casalemedia.com/	1970-01-20 00:28:33	Name: CMST Value: YfGmlWHxppUA
.adnxs.com/	1970-01-20 02:36:42	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GU#@uyH[!@wnfH8K6pQK`!5=E<*L5>xj'dd!8jlZ^wye99R/fR_#g5u2NZ?ijsHE/Y6Z%nugO%v4VB%nu6q)c^q$
.casalemedia.com/	1970-01-20 09:12:42	Name: CMRUM3 Value: 2d61f1a6952760CAESEDZluRMfIaE8JFKb8ReLtA4
.doubleclick.net/	1970-01-20 00:27:10	Name: DSID Value: NO_DATA

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
adservice.google.com
adservice.google.de
cdn.ampproject.org
cdnjs.cloudflare.com
cm.g.doubleclick.net
connect.facebook.net
csi.gstatic.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
pagead2.googlesyndication.com
partner.googleadservices.com
s0.2mdn.net
sarahah.top
scontent-arn2-1.xx.fbcdn.net
securepubads.g.doubleclick.net
static.adsafeprotected.com
static.xx.fbcdn.net
stats.g.doubleclick.net
tpc.googlesyndication.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
www.gstatic.com
tpc.googlesyndication.com
142.250.184.226
142.250.185.198
142.250.185.66
185.33.221.52
216.58.212.162
2600:9000:225f:c600:8:48e:53c0:93a1
2606:4700:7::a29f:8955
2606:4700::6810:135e
2a00:1450:4001:800::2002
2a00:1450:4001:802::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:812::2001
2a00:1450:4001:812::2002
2a00:1450:4001:827::2003
2a00:1450:4001:827::200e
2a00:1450:4001:828::2002
2a00:1450:4001:828::2006
2a00:1450:4001:82a::2001
2a00:1450:4009:816::2003
2a00:1450:400c:c06::9d
2a00:1450:400f:801::2004
2a00:1450:400f:802::200a
2a00:1450:400f:80b::2003
2a03:2880:f00a:e:face:b00c:0:3
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
35.170.223.143
52.25.29.156
72.247.225.98
00ebf58dd453f4ca07ac8fd6874361705d4469f8f263fce4577b3fcc52cd6ce2
043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da
0506c511adedd17fd3b8359e4682285add8df7600e761dbff88b70061a82062a
05e2888e835d97fe6e4cfb256f62f47d5dccf6d9ac202ea9d82a6bc2b1716c1d
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11c54a8e83547d7ec3af9960ab4c4b50af1ea2f4bab7f356a6a9a8d3f251c459
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1401d53baf31fc94051c3ad190ecb1801e8135152fde7a6f73919eae2f2d19f2
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
14c64a22bb601a270a32657f00f8e630dee45e712fc77984f8966b3cfa6b4042
16123aaaea75a8b19b0b8ecb0ba513cea263cf9d17fdb3c35d97b24c38b61f7c
162a10a44e81ca9c96589f1f75b099d3757d52ca8b02635821bfffaaf7f435f1
1684ecb2dc7215d0802fd10069346f070c9bbeba6d210375647a3e03a349563e
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
190fc02d8e8f1dd5acc40f48d0d6203e6115eb31e3f47f55db0c3f07797d68f0
2039446f8956518da2c2d70116d18c92fac3b04110942de074748aa4041067fb
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
23eaf64c1c0e3450bd32f81ae0eec736924b3dde6a01a9eb49f870c30bc410fc
25eb1b973124270f9dbf890d5ef26961cf93ab74ef0ccae72fea04d8b9165f85
2695bcdd5e24836e5dfd9339597450d6e0d35663dd485cb079a343d93ff279c2
282c5381a9e393c13e1178ecd4c037481cb298e6aa4af54a46b75bbaac01cc02
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
293570a46918d3cfa6bed088cabbb6cd4ca0356154651d3caf04542671226770
2acb060198c95266ccb26abe3bd2ce4035c318646cfd196478d290548f4c3616
2b3334ae35d100a66c0d08b4405e2e334f495cda27b564b38e7eabb08607fdee
2ba807c4cbd10d22c2eaee203a86e8cd61dd2c3951623521aa3ffa81d0834cbb
2d5aaa16f9d7f3c00b42d7455411dc9bf5e8f2f3102728d153edb2a688c21309
2ecfa8bef3128a54ca3ef011871514a45a0f6ec760e1dfe159a8e73950065468
2ff7a543e9354236269712cb846d931a8c8bcb3fafd36cd5650f2536794b65c5
34982d2d4280b244d827700a28a7928656faab7572a23c83516628fbbc2c5cff
37c2505ded578946ed98df4bf46f17d8a9b2d132a190932484c225b425cb577d
38158403202813fcb53826d75067a416b06ae98af0cbdcd152f6a3c0cb29080e
38e76c6a26f01b4dac0b10c18c12051bf334de906ed4b40028691b63ab0fe844
39685db80e880ec9e59c22115c5bcbf76586a95bf618a714d61fc0e5f271fe77
3b666963f4d6f06181b588798c1cb64c5c3ee73351162f783e1f024d9de147e6
3dee9b763d9065f26c3b33ad71419edfd9cd8bb4897b0edad3d2efcc8d351dce
41a19d96fde3b62300f9f41f049f8881fcb4180a422f06f1ef6eeeb615995eff
425b48211e0ebe795b6ead9ec2f1bcd9e04e9930a7dd30e08cdb2fef0bcb834c
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
4528ca9e4e601b97be627ab26a891a181a1f44161c990df96f9996037005ed78
45ee36a0bfc5365086faf5f148aaada84fd35cdf35f1b161eccf89c7fc480fe7
460ff0b1da5bacd95df6905ad1c8df05bdda30aa4189e2fef38b53b6318e42ff
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c0752b37b4f74e2e83dd5c1a8dda11d5f3a0534d857ea7a50a7e87530270d21
4c56445a5005a5a2a5795617a690e1173b3a59d461372ae68bbf706f90834eb5
4ce72d5b1eec9f07ff895dd2bc12c0420fe189f4d197177c8f9df792409c1fef
4d293a499c8a5a3c485ae50b2f1d91357bdbc530b0170a0d12a906d61cb1ffbe
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
53c686d7e860fea3b69b3f32802936f4bc000af17289eb10bb4354cb26cc8867
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5625ad7c53356ac4fd214c65d0148301bf0925678383c2ee9e69feae9bb686c6
57680e8aa768ff4e9541d15386327df18ee44bd4a93d86cb6d7af0075b9969df
59634d2853fa1300f9d99b9d1550fcfd09366ba7ae58776b291af9e67dedaa7f
5a0c9f201b99eef8a461ebfa232796ba4391bfc76ee935f61e1894e07a95b385
5b3ed1b46233ca85a9b4a05a923889efc3c756c72f108e1d63c2be132c066079
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5efd8e19bc60b6988cb2f37c4b734c278888969f5dc251558b81025c33939981
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
648c56c9570eaa5f8f50fb1b96efc2a62e4d37c14fca8bf084d0078b99e93529
677929e0327ebb41fdb64b6cb52e6be9601c2cd85fa17599312e61161de1592a
684cec096ff4aa891da7d07062209c407d6ca5d54b8fd84e50b4d5f94855a3d2
6925748bb406683a66a8aaa3980f64d5e7f8a621c856db764b3815eab18c923d
6f17b85b76bf75df39adb6dddcf29c82c761cef8a35f92968f68431646814c63
6fc97626eb8e44041e240506f474f7e5f69c4d980a2b1ebbbffb2cd1804eed4e
70da5a37f5792b76f020cb5cfa339f1923ce0e1639618e9de50fd258efbf2768
72e046842e09ed37e960ab0575f4c5ab60bff1a0ea22d3c27335e505190e5504
73ed57fba43ed89fa450a1ae368c27908a43950ebc106287632a3dc9c1184da2
753955bf70cd0bc974f3eb544e64e9bcc986eacea65a95ec6894bc03379efb36
75e71c5856caca518c8363b6ce069d674234a9c8925d0b78d97c0f9e0f968b8f
77e773643d244128c52ab5535c162c467b2378bef47a784567d2de56fdd4a9e1
7bb7e6205dd8ec85035d44fdbd258783d6f96c217ada143e08e309048df77c09
80a25c83caba2881776f0e504c5f07ba3fdb9bc5b20a0ceaeeefefa759b27d35
827e4c5288548b930b54b74447c5e93ce460c584333e1985716917c6e84131cc
849073f91f92f06b81ec8074be471457e4d275f6a58c22ffa2ccb8658a63b241
84cb3e695c3f22c0428678406500d7e0e6ea86336eec7a2bcbebc9fce7ba8b7d
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
894db9d76cbb6011720c2745ccc7ab3d601080ae8d37431593ff0348c7959cca
8c6ed43918c96438058f3bc1c79dbc56a7abbb1aa1b17a4da880b4e9f5e232dc
8d91d6727627a6b0c5540c941852e963f30c79ffd9f6779fbb3456036679e152
8fa574441bbbc1f4d6b6214aa67f9bada654251041070169860ba0a7e0266dcc
9119f8342d3146d0f8fac151da01cef0b13e4ab7b2703c113436654c0845eaee
926f93de149c6753d71950537181074802049d225c6def305ddfdab9c9f3cbb3
93b3d7438f5ab7204f909a016c1fddff78118a6d4525a7f718b4478b99d764f5
962a514de7b249708e0478d0599d5af95e0e2ba0c6500bd0069ddf28dd38e217
975493b36ff51cc1a52bb40cb7249b2b742b04be006435d698c2651562f1e513
98e9b684c81956a4e37c20546d2aeef3eeb9e6bd90cd28fab1a40ca27dbe75a3
98eefd4af5ff504a1c1265829a9a5003b306367a2aabe02244a6e9611e0f9e1d
9ba62b4105359384891ea2ed5eba1be39434abd00986584fc4bdb45b7f0f5ae4
9e31058534b68e728b3cfe4d4f122333f19479a72ce4ac79b596ba346376f16c
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1dc3a94fc551047fbcf35e16820b7668cbed3554f4b791fc8065db05385c05c
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a33a18d3ade364ae94fdc88f786c869ff8b45cae9bf98f2e2a16dd1459d98cdc
a43f1770b29491ce75b2b31fc89160be563726e06117498693299e2e1334b489
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6037288a92e8a8206453a394a839d6256f7691a33f1e847a3c7cb9a7f3ab4d9
a82b39c9dd7dc89dcd063d3ded367786bbdecf163300299725bcb3bd1b10f05b
a83bd4fe37116fa1159b8dd489e627489355d5350821b99cc0ba9518e375d04b
aa3bc254b7808703f3796da9132def02be7930995a265c3b932e4ca268c39f90
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
ad570a52eac7ed0688970830424409c8f6a5e30b0c4c47a87b304b19a33dd43b
ae32776aae5fbba5f5e09afbc3f01e948cb97a1434924ebfbf25e8f2661d1625
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b277171297bfc840b62b9f160060bf8fc630389b0dee3aadcbb0e855ac7ecbc8
b60d1b27c47cf481112ae52b636bb46c673b6e7bcdd954d84a6029cad9e6d53c
b7c55617f84818daf4c70cc10ada26ddd5b582b1d1c2c2829b3220487a6db477
b947054f6ebf52d850bc9d2c6ec86dfb8345f4b02a74779195cb5471aa7f6b2c
bf0b11054a1e4f8df39bd558b56d7e44e39c0f9e57f2921d405d292539ddd4df
c0ffccca0958c2710d1eb8b56616436104e48271e70c3dddf1ba4eb0a9df065a
c2bcb0c97cc0ed54b3ba4aca97581d1ebb69a29581a3160a906900ee4fc3f863
c7be1888e890486ae1f1880d08d0c6a6136a632c5ceaba38da103779e36adf0c
d01cd9c12e8a177a9606838882f63d13981acefd6a122909b5da421ceec589fe
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d7dc01a8261314dfde79c7514a56a275194eac2126cdd8b2b00c3c501f5e5713
dcb7e8e898e42b94e7719f64dd67f87614daa3e619f17060dfa43ee2ba84e523
df4a1a525efb37791a15bb9ed7200812770339c467dce10c6e80e80a1282a809
dfcc32ebe9aa77abfb262c93899419e290c0dfbeb081e5dac98a8dfd9c173ff7
e3a16bbf4914a49b1afe816e119c7da2d731dead9167c01d07984ef323e26bfa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e77e7b38e720e1b4006a1e6ca1ce97b88ee76414dfcfa34c03eeb82dd852cf21
e7da8595210b56980e8562f82825cca7423d3efddf5f2cfb392901012050cc8d
ee237ad2ff80f189b54c6e7c472234edba8d526b54e54e593f2d2ac939e74fb0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
effc1357a7d1840e520a74c48828dd3c5b378047ff8380938446b1bc78d24ab6
f1b3a51250ea5d2b293615f08241269ed8277b95654cddafbc0f5df8d61e6cc1
f292c4a125f044878fb361ea34e8bdd6b415cb0eebc52ce9ff5669bc2903fd41
f3f35e9ef40538633e4155707cf8d0b2401e89166168fd2a05ac38d5ca1388cd
f93d0298dd39f7dff18566a5b2754067e26c0182b469fd6b24e5d63429fef88b
fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4
ffdf650b40e593d862bcb47640561c8bcda464878ab188f1e9f16b847cba9c80

sarahah.top Open in urlscan Pro 2606:4700:7::a29f:8955 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

192 Requests

96 %HTTPS

73 %IPv6

19 Domains

32 Subdomains

31 IPs

7 Countries

1874 kBTransfer

5080 kBSize

16 Cookies

4 Outgoing links

Page URL History

Redirected requests

192 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

sarahah.top Open in urlscan Pro
2606:4700:7::a29f:8955 Public Scan

Screenshot
Live screenshot

Full Image

192
Requests

96 %
HTTPS

73 %
IPv6

19
Domains

32
Subdomains

31
IPs

7
Countries

1874 kB
Transfer

5080 kB
Size

16
Cookies

192 HTTP transactions
5 data transactions