userupload.net Open in urlscan Pro
51.89.234.230 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://userupload.net/ol727fk2j587
Submission Tags: falconsandbox
Submission: On October 16 via api (October 16th 2021, 3:48:15 pm UTC) from US — Scanned from DE

Summary HTTP 186 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 33 IPs in 7 countries across 26 domains to perform 186 HTTP transactions. The main IP is 51.89.234.230, located in London, United Kingdom and belongs to OVH, FR. The main domain is userupload.net.
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 13th 2021. Valid for: 3 months.

This is the only time userupload.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
21	51.89.234.230 51.89.234.230	16276 (OVH) (OVH)
1	104.17.73.14 104.17.73.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 9	142.250.185.100 142.250.185.100	15169 (GOOGLE) (GOOGLE)
1	13.32.29.6 13.32.29.6	16509 (AMAZON-02) (AMAZON-02)
18	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
2	104.16.18.94 104.16.18.94	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	142.250.185.104 142.250.185.104	15169 (GOOGLE) (GOOGLE)
9	142.250.186.163 142.250.186.163	15169 (GOOGLE) (GOOGLE)
16	142.250.186.67 142.250.186.67	15169 (GOOGLE) (GOOGLE)
2	95.217.229.114 95.217.229.114	24940 (HETZNER-AS) (HETZNER-AS)
1	65.9.71.8 65.9.71.8	16509 (AMAZON-02) (AMAZON-02)
1	52.29.0.64 52.29.0.64	16509 (AMAZON-02) (AMAZON-02)
1	74.125.206.155 74.125.206.155	15169 (GOOGLE) (GOOGLE)
23	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
1	142.250.185.142 142.250.185.142	15169 (GOOGLE) (GOOGLE)
1	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
3	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
6	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
5	142.250.186.42 142.250.186.42	15169 (GOOGLE) (GOOGLE)
37	172.217.23.97 172.217.23.97	15169 (GOOGLE) (GOOGLE)
7	142.250.181.225 142.250.181.225	15169 (GOOGLE) (GOOGLE)
1	85.14.248.91 85.14.248.91	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	65.9.71.35 65.9.71.35	16509 (AMAZON-02) (AMAZON-02)
6	13.35.253.127 13.35.253.127	16509 (AMAZON-02) (AMAZON-02)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
2 2	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
5	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
2 2	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1	52.56.187.155 52.56.187.155	16509 (AMAZON-02) (AMAZON-02)
1 1	79.137.68.187 79.137.68.187	16276 (OVH) (OVH)
1	87.248.118.22 87.248.118.22	203220 (YAHOO-DEB) (YAHOO-DEB)
1	34.193.231.74 34.193.231.74	14618 (AMAZON-AES) (AMAZON-AES)
1	87.248.100.208 87.248.100.208	34010 (YAHOO-IRD) (YAHOO-IRD)
2 2	66.135.208.180 66.135.208.180	11643 (EBAY) (EBAY)
2 4	66.135.200.158 66.135.200.158	11643 (EBAY) (EBAY)
1	151.139.128.10 151.139.128.10	20446 (HIGHWINDS3) (HIGHWINDS3)
186	33

21 51.89.234.230 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ns31202426.ip-51-89-234.eu

userupload.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.73.14 (None, )

ASN13335 (CLOUDFLARENET, US)

ajax.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.185.100 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.29.6 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-29-6.fra56.r.cloudfront.net

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.18.94 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.104 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f8.1e100.net

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.186.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 142.250.186.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.217.229.114 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: static.114.229.217.95.clients.your-server.de

tgwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.71.8 (United States)

ASN16509 (AMAZON-02, US)

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.29.0.64 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-0-64.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.206.155 (United States)

ASN15169 (GOOGLE, US)
PTR: wk-in-f155.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.142 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.186.42 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 172.217.23.97 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.181.225 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f1.1e100.net

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.14.248.91 (Gelsenkirchen, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.71.35 (United States)

ASN16509 (AMAZON-02, US)

count-server.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 13.35.253.127 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-127.fra6.r.cloudfront.net

platform-cdn.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.253.211 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.115 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.56.187.155 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-56-187-155.eu-west-2.compute.amazonaws.com

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 79.137.68.187 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: gcm9.host.hit.gemius.pl

googlecm.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 87.248.118.22 (Frankfurt am Main, Germany)

ASN203220 (YAHOO-DEB, GB)
PTR: e1.ycpi.vip.deb.yahoo.com

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.193.231.74 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-193-231-74.compute-1.amazonaws.com

cas.clickability.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 87.248.100.208 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: media-router-ui71.prod.media.vip.ir2.yahoo.com

advertising.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.135.208.180 (United States) 2 redirects

ASN11643 (EBAY, US)

adn.ebay.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 66.135.200.158 (United States) 2 redirects

ASN11643 (EBAY, US)
PTR: epnpartnernetwork-web-public-1-1-slc.ebay.com

partnernetwork.ebay.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.128.10 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: map3.hwcdn.net

juicyads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
55	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	520 KB
26	doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	184 KB
25	gstatic.com fonts.gstatic.com www.gstatic.com	700 KB
21	userupload.net userupload.net	456 KB
12	google.com 3 redirects www.google.com adservice.google.com	24 KB
10	sharethis.com platform-api.sharethis.com buttons-config.sharethis.com l.sharethis.com count-server.sharethis.com platform-cdn.sharethis.com	49 KB
7	ampproject.org cdn.ampproject.org	126 KB
6	ebay.com 4 redirects adn.ebay.com partnernetwork.ebay.com	1 KB
6	googletagservices.com www.googletagservices.com	213 KB
5	googleapis.com fonts.googleapis.com	4 KB
3	google.de adservice.google.de	1 KB
3	google-analytics.com 1 redirects ssl.google-analytics.com www.google-analytics.com	37 KB
3	cloudflare.com ajax.cloudflare.com cdnjs.cloudflare.com	41 KB
2	yahoo.com ads.yahoo.com advertising.yahoo.com	3 KB
2	pubmatic.com 2 redirects image6.pubmatic.com	1 KB
2	openx.net 2 redirects rtb.openx.net	761 B
2	tgwidget.com tgwidget.com	8 KB
1	juicyads.com juicyads.com
1	clickability.com cas.clickability.com	103 B
1	gemius.pl 1 redirects googlecm.hit.gemius.pl	337 B
1	innovid.com ag.innovid.com	297 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	457 B
1	mookie1.com odr.mookie1.com	609 B
1	exactag.com m.exactag.com	1 KB
1	googleadservices.com partner.googleadservices.com	404 B
1	googletagmanager.com www.googletagmanager.com	38 KB
186	26

	Domain	Requested by
37	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
21	userupload.net	userupload.net ajax.cloudflare.com
20	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net userupload.net www.googletagservices.com
18	pagead2.googlesyndication.com	userupload.net pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
16	www.gstatic.com	www.google.com googleads.g.doubleclick.net www.gstatic.com
9	fonts.gstatic.com	userupload.net fonts.googleapis.com www.google.com
9	www.google.com	3 redirects userupload.net www.gstatic.com tpc.googlesyndication.com www.google.com googleads.g.doubleclick.net
7	cdn.ampproject.org	googleads.g.doubleclick.net pagead2.googlesyndication.com
6	platform-cdn.sharethis.com
6	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
5	cm.g.doubleclick.net	googleads.g.doubleclick.net
5	fonts.googleapis.com	googleads.g.doubleclick.net
4	partnernetwork.ebay.com	2 redirects
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
2	adn.ebay.com	2 redirects
2	image6.pubmatic.com	2 redirects
2	rtb.openx.net	2 redirects
2	tgwidget.com	userupload.net tgwidget.com
2	ssl.google-analytics.com	1 redirects userupload.net
2	cdnjs.cloudflare.com	userupload.net ajax.cloudflare.com
1	juicyads.com
1	advertising.yahoo.com
1	cas.clickability.com
1	ads.yahoo.com
1	googlecm.hit.gemius.pl	1 redirects
1	ag.innovid.com	googleads.g.doubleclick.net
1	pixel.rubiconproject.com	1 redirects
1	odr.mookie1.com	googleads.g.doubleclick.net
1	count-server.sharethis.com	platform-api.sharethis.com
1	m.exactag.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.google-analytics.com	www.googletagmanager.com
1	www.googletagmanager.com	tgwidget.com
1	stats.g.doubleclick.net	userupload.net
1	l.sharethis.com	platform-api.sharethis.com
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	platform-api.sharethis.com	userupload.net
1	ajax.cloudflare.com	userupload.net
186	39

This site contains links to these domains. Also see Links.

Domain
apkland.net
t.me
facebook.com
mobile.twitter.com
www.instagram.com

Subject Issuer	Validity	Valid
userupload.net cPanel, Inc. Certification Authority	`2021-09-13` - `2021-12-12`	3 months	crt.sh
ajax.cloudflare.com DigiCert ECC Secure Server CA	`2020-08-11` - `2022-08-16`	2 years	crt.sh
www.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
sharethis.com Amazon	`2021-07-19` - `2022-08-17`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.tgwidget.com Sectigo RSA Domain Validation Secure Server CA	`2020-12-04` - `2021-12-04`	a year	crt.sh
*.google.de GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.exactag.com Sectigo RSA Organization Validation Secure Server CA	`2020-01-22` - `2022-04-21`	2 years	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
*.innovid.com RapidSSL RSA CA 2018	`2020-02-07` - `2022-04-07`	2 years	crt.sh
*.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-09-27` - `2021-11-17`	2 months	crt.sh
*.clickability.com Go Daddy Secure Certificate Authority - G2	`2021-05-12` - `2022-04-28`	a year	crt.sh
*.autos.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-09-13` - `2022-03-09`	6 months	crt.sh
ebaypartnernetwork.ebay.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-26` - `2022-07-26`	a year	crt.sh
*.juicyads.com Sectigo RSA Domain Validation Secure Server CA	`2020-01-20` - `2022-04-23`	2 years	crt.sh

This page contains 25 frames:

Primary Page: https://userupload.net/ol727fk2j587
Frame ID: 0970651E0859714C434D18681C678691
Requests: 61 HTTP requests in this frame

Frame: https://tgwidget.com/widget/count/?id=6022da5783ba8816118b4567
Frame ID: 715574EAF81749D02346777B03CC12F4
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211013/r20190131/zrt_lookup.html
Frame ID: 2B256980A24746B05091D472163E8B7D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=9237283852&adk=1997398430&adf=4108538649&pi=t.ma~as.9237283852&w=350&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287515&bpp=7&bdt=265&idt=132&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&correlator=4704249857057&frm=20&pv=2&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=245&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=2&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=3TavoX83Rz&p=https%3A//userupload.net&dtd=145
Frame ID: E6A803E57DDA4C476290E84AA045C8AA
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5298038844&adk=3658158944&adf=3044448856&pi=t.ma~as.5298038844&w=350&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287522&bpp=2&bdt=272&idt=144&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=245&ady=533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=SRWQhCVLta&p=https%3A//userupload.net&dtd=146
Frame ID: 7013B613D00598818110F8DF55024733
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=4007740924&adk=2448036532&adf=2560393268&pi=t.ma~as.4007740924&w=480&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=480x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287524&bpp=1&bdt=274&idt=146&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=695&ady=150&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=hMRjaMCfrD&p=https%3A//userupload.net&dtd=148
Frame ID: 63813FF73F96C5D02800A21F8CF27790
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=1042759759&adk=2198837252&adf=2833722400&pi=t.ma~as.1042759759&w=350&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287524&bpp=1&bdt=273&idt=154&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=1005&ady=512&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=z6MWPgzUps&p=https%3A//userupload.net&dtd=156
Frame ID: 2DA3ECD22AE4438DA21C1E135EBE3FDF
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5644349740&adk=3102016549&adf=3760600436&pi=t.ma~as.5644349740&w=730&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287525&bpp=1&bdt=275&idt=157&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280%2C350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=625&ady=862&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=zGvrMgUhJ9&p=https%3A//userupload.net&dtd=159
Frame ID: FB50C97032CFAD9B104C518BDB835E0C
Requests: 10 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/YBeW4A8KRQKaUXRhZhiUEBaonRmLgznW2QKT5Kp-z2M.js
Frame ID: D236C7778C729C0E62E1368659C22948
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: B3A14F080D31FF5E7F68F5BB3EF796FE
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 19E55B0855619F585872210E878392B9
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012109102127000/amp4ads-v0.mjs
Frame ID: 7BBCD2A5C5EF06854847810972708023
Requests: 22 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 8C3229DA42803F8CC41CEBD32AF68D54
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/YBeW4A8KRQKaUXRhZhiUEBaonRmLgznW2QKT5Kp-z2M.js
Frame ID: 0690F2425A76AF44201D0629F35A97BF
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/YBeW4A8KRQKaUXRhZhiUEBaonRmLgznW2QKT5Kp-z2M.js
Frame ID: 017960B4DCF254A7D5346A4A4445079F
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/YBeW4A8KRQKaUXRhZhiUEBaonRmLgznW2QKT5Kp-z2M.js
Frame ID: D1CAA9AD225805F6B0276648C50BCF43
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfG5EUUAAAAAE7XFZvJfM0HHeaV1tQQqzZ7BTiX&co=aHR0cHM6Ly91c2VydXBsb2FkLm5ldDo0NDM.&hl=de&v=qljbK_DTcvY1PzbR7IG69z1r&size=normal&cb=l4nyp9oh2gdz
Frame ID: 26F7D6DD10D70FE0643EFE97F76C54A0
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&adk=1812271804&adf=3025194257&lmt=1634399288&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399288905&bpp=1&bdt=1655&idt=1&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D90714edadc3ad326-226111fef6ca00e3%3AT%3D1634399287%3ART%3D1634399287%3AS%3DALNI_MbEotF6ELDmHZDB-vuEZrTmZGVDKQ&prev_fmts=350x280%2C350x280%2C480x280%2C350x280%2C730x280&nras=1&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&psts=AGkb-H9MBXX-0UGEi7wo60qUuGG0eDOs5hOlaboUWCmWt1AsAe2FDcEZiLcmlkPVpt6fARDmWKUDWvPnftQ%2CAGkb-H_0_gH613o-A_r_dfDROIv84OJXEPp62uHYsIfIlWbH45NRZqBlCmUA5n5xyqc9urvrS3NR0IX_EMJdBA%2CAGkb-H-yRzG6LwjCmvrwgerjovdnYR9kfRZEDwLI1KLDe2vLol-7m7T-3Bi7V41m9Y_9dxfPsXtygyjVdg%2CAGkb-H-62niAh0G0JZfqvSU5Wo290HqvP1fnUn4A7efgq6HGrCvYUAcjkotx75ELAUDduB9wBeKFS1IdMffGXQ&pvsid=1408890542532897&pem=82&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=6&uci=a!6&fsb=1&dtd=53
Frame ID: F44071901EFF46B44BB9D636C148B4B6
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 3C9BD0887010731027588EF91A783FC8
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9B5FBB22CDF81EFC1291E0780EE0CDFB
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=qljbK_DTcvY1PzbR7IG69z1r&k=6LfG5EUUAAAAAE7XFZvJfM0HHeaV1tQQqzZ7BTiX
Frame ID: 0214CA65A51135B95AC5D6A27879B217
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211013/r20110914/zrt_lookup.html?fsb=1
Frame ID: 4EC25758D3152CF7B09D58188C932AAF
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: C617A82ED519275BD8C5E2EBF1F558D5
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: F928AC3397A84B618C11146E39249C70
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/YBeW4A8KRQKaUXRhZhiUEBaonRmLgznW2QKT5Kp-z2M.js
Frame ID: BFB7F877E9D4225441DE5FBBD2C71F45
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Download CCleaner Professional build 800008643 Mod User Upload apk

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Clipboard.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

clipboard(?:-([\d.]+))?(?:\.min)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

<script [^>]*src="[^"]*/popper\.js/([0-9.]+)
/popper\.js/([0-9.]+)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
/([\d.]+)/jquery(?:\.min)?\.js

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

<div[^>]+class="g-recaptcha"
/recaptcha/api\.js

Page Statistics

186
Requests

99 %
HTTPS

0 %
IPv6

26
Domains

39
Subdomains

33
IPs

7
Countries

2406 kB
Transfer

5993 kB
Size

25
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://apkland.net/netflix-mod-apk/
Title: Download NetFlix (March)

Search URL Search Domain Scan URL

URL: https://t.me/useruploadofficial

Search URL Search Domain Scan URL

URL: https://facebook.com/userupload
Title: Facebook

Search URL Search Domain Scan URL

URL: https://mobile.twitter.com/UserUpload
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.instagram.com/userupload/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://t.me/userupload_support
Title: Telegram Support

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 33

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1140510075&utmhn=userupload.net&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Download%20CCleaner%20Professional%20build%20800008643%20Mod%20User%20Upload%20apk&utmhid=1334984670&utmr=-&utmp=%2Fol727fk2j587&utmht=1634399287495&utmac=UA-80176776-3&utmcc=__utma%3D30043835.165182515.1634399287.1634399287.1634399287.1%3B%2B__utmz%3D30043835.1634399287.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=837281777&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-80176776-3&cid=165182515.1634399287&jid=837281777&_v=5.7.2&z=1140510075

Request Chain 85

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 118

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 121

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 177

https://rtb.openx.net/sync/dds?google_gid=CAESEE4TKBYQTPco8XcnDtSplcs&google_cver=1&google_push=AYg5qPJgmb42kPF4i62jWIqXsc8-aYol8KEC4So6StMX8tEQ-BQUDWTNajj5llpg791OAoPU-OGTb-4oyCbXRLJnJcy0PnwpwKvb HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEE4TKBYQTPco8XcnDtSplcs&google_cver=1&google_push=AYg5qPJgmb42kPF4i62jWIqXsc8-aYol8KEC4So6StMX8tEQ-BQUDWTNajj5llpg791OAoPU-OGTb-4oyCbXRLJnJcy0PnwpwKvb&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJgmb42kPF4i62jWIqXsc8-aYol8KEC4So6StMX8tEQ-BQUDWTNajj5llpg791OAoPU-OGTb-4oyCbXRLJnJcy0PnwpwKvb&google_hm=KI_27VsWyF4zNSA8TroB3Q==

Request Chain 178

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEOg_NTJXYbLUOSZ6us1GxCE&google_cver=1&google_push=AYg5qPLYEOmJihA27AVYzjCDsPPuacZYlY38Dnyz70Up7-03p08WkEyXmiZtRWBnnNb79_8AWCgUIwDbz44o2aK_ZGiWLB_xM7Vq HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEOg_NTJXYbLUOSZ6us1GxCE&google_cver=1&google_push=AYg5qPLYEOmJihA27AVYzjCDsPPuacZYlY38Dnyz70Up7-03p08WkEyXmiZtRWBnnNb79_8AWCgUIwDbz44o2aK_ZGiWLB_xM7Vq&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=DUoZo2SXRxqhHZwjZt1N9Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLYEOmJihA27AVYzjCDsPPuacZYlY38Dnyz70Up7-03p08WkEyXmiZtRWBnnNb79_8AWCgUIwDbz44o2aK_ZGiWLB_xM7Vq

Request Chain 179

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPkHOHsPgNBQEw0pwW5I4QI&google_cver=1&google_push=AYg5qPLifPOD_2kSkXgQ9kCdRFFuE5s9BOaFeNXQuE6wopVo1f7urHqzlpL6rwZvQHzvbaj-Ii2EZ-Si97eW35Kfe0KO5JkBLjXN HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VUWjRaNFQtVC1LTE1T&google_push=AYg5qPLifPOD_2kSkXgQ9kCdRFFuE5s9BOaFeNXQuE6wopVo1f7urHqzlpL6rwZvQHzvbaj-Ii2EZ-Si97eW35Kfe0KO5JkBLjXN

Request Chain 180

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD7IXzenrxZYnoEmaPMCJs463vkWjOf7c2N8_SgBi1urylNee6HhUSNpZllmkQl5R HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD7IXzenrxZYnoEmaPMCJs463vkWjOf7c2N8_SgBi1urylNee6HhUSNpZllmkQl5R&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD7IXzenrxZYnoEmaPMCJs463vkWjOf7c2N8_SgBi1urylNee6HhUSNpZllmkQl5R HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD7IXzenrxZYnoEmaPMCJs463vkWjOf7c2N8_SgBi1urylNee6HhUSNpZllmkQl5R HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD7IXzenrxZYnoEmaPMCJs463vkWjOf7c2N8_SgBi1urylNee6HhUSNpZllmkQl5R HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD7IXzenrxZYnoEmaPMCJs463vkWjOf7c2N8_SgBi1urylNee6HhUSNpZllmkQl5R HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD7IXzenrxZYnoEmaPMCJs463vkWjOf7c2N8_SgBi1urylNee6HhUSNpZllmkQl5R HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD7IXzenrxZYnoEmaPMCJs463vkWjOf7c2N8_SgBi1urylNee6HhUSNpZllmkQl5R HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD7IXzenrxZYnoEmaPMCJs463vkWjOf7c2N8_SgBi1urylNee6HhUSNpZllmkQl5R HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD7IXzenrxZYnoEmaPMCJs463vkWjOf7c2N8_SgBi1urylNee6HhUSNpZllmkQl5R HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD7IXzenrxZYnoEmaPMCJs463vkWjOf7c2N8_SgBi1urylNee6HhUSNpZllmkQl5R HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD7IXzenrxZYnoEmaPMCJs463vkWjOf7c2N8_SgBi1urylNee6HhUSNpZllmkQl5R HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD7IXzenrxZYnoEmaPMCJs463vkWjOf7c2N8_SgBi1urylNee6HhUSNpZllmkQl5R HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD7IXzenrxZYnoEmaPMCJs463vkWjOf7c2N8_SgBi1urylNee6HhUSNpZllmkQl5R HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD7IXzenrxZYnoEmaPMCJs463vkWjOf7c2N8_SgBi1urylNee6HhUSNpZllmkQl5R HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD7IXzenrxZYnoEmaPMCJs463vkWjOf7c2N8_SgBi1urylNee6HhUSNpZllmkQl5R HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD7IXzenrxZYnoEmaPMCJs463vkWjOf7c2N8_SgBi1urylNee6HhUSNpZllmkQl5R HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD7IXzenrxZYnoEmaPMCJs463vkWjOf7c2N8_SgBi1urylNee6HhUSNpZllmkQl5R HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD7IXzenrxZYnoEmaPMCJs463vkWjOf7c2N8_SgBi1urylNee6HhUSNpZllmkQl5R HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD7IXzenrxZYnoEmaPMCJs463vkWjOf7c2N8_SgBi1urylNee6HhUSNpZllmkQl5R HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD7IXzenrxZYnoEmaPMCJs463vkWjOf7c2N8_SgBi1urylNee6HhUSNpZllmkQl5R

Request Chain 182

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEL6d9X4mfQyrS5-60rWhKA4&google_cver=1&google_push=AYg5qPI8moZ4KvcWxZ-0KbxU3_0d2QAmKZ3cgXFtL0toNpnm48iR3ClR2GA_z8Pr3JnSp2ujy4XGScISYZ9cxAn_yvN1e6Z--5m2Ow HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPI8moZ4KvcWxZ-0KbxU3_0d2QAmKZ3cgXFtL0toNpnm48iR3ClR2GA_z8Pr3JnSp2ujy4XGScISYZ9cxAn_yvN1e6Z--5m2Ow&google_hm=

Request Chain 190

https://adn.ebay.com/2WUf.jpg HTTP 301
https://partnernetwork.ebay.com/affiliate-marketing-tools HTTP 302
https://partnernetwork.ebay.com/solutions

Request Chain 191

https://adn.ebay.com/skyscraper.jpg HTTP 301
https://partnernetwork.ebay.com/affiliate-marketing-tools HTTP 302
https://partnernetwork.ebay.com/solutions

186 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set ol727fk2j587 Show response
userupload.net/ 14 KB
5 KB 177ms
127ms Document
text/html 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://userupload.net/ol727fk2j587

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ns31202426.ip-51-89-234.eu

Software

Apache /

Resource Hash

6c8dec7d0be418ac8202374da867b3b1d0cd801668f74a8b8082b244f041d376

Security Headers

Name	Value
Strict-Transport-Security	max-age=0;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Host: userupload.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Sat, 16 Oct 2021 15:48:07 GMT
Server: Apache
Strict-Transport-Security: max-age=0;includeSubDomains;
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Expires: Fri, 15 Oct 2021 15:48:07 GMT
Set-Cookie: lang=german; domain=.userupload.net; path=/ aff=18440; domain=.userupload.net; path=/; expires=Sat, 30-Oct-2021 15:48:07 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 4328
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK jquery-1.9.1.min.js Show response
userupload.net/ds2/js/ 90 KB
32 KB 21ms
21ms Script
application/javascript 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/js/jquery-1.9.1.min.js
Requested by: Host: userupload.net
URL: https://userupload.net/ol727fk2j587
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://userupload.net/ol727fk2j587
Cookie: lang=german; aff=18440
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/ol727fk2j587
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 16 Oct 2021 15:48:07 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Sep 2017 22:09:54 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 32775

GET
H/1.1 200
OK jquery.paging.js Show response
userupload.net/ds2/js/ 19 KB
5 KB 56ms
19ms Script
application/javascript 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/js/jquery.paging.js
Requested by: Host: userupload.net
URL: https://userupload.net/ol727fk2j587
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://userupload.net/ol727fk2j587
Cookie: lang=german; aff=18440
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/ol727fk2j587
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 16 Oct 2021 15:48:07 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Sep 2017 22:09:56 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 4362

GET
H/1.1 200
OK jquery.cookie.js Show response
userupload.net/ds2/js/ 3 KB
2 KB 54ms
18ms Script
application/javascript 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/js/jquery.cookie.js
Requested by: Host: userupload.net
URL: https://userupload.net/ol727fk2j587
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://userupload.net/ol727fk2j587
Cookie: lang=german; aff=18440
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/ol727fk2j587
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 16 Oct 2021 15:48:07 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Sep 2017 22:09:56 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1365

GET
H/1.1 200
OK paging.js Show response
userupload.net/ds2/js/ 2 KB
975 B 56ms
19ms Script
application/javascript 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/js/paging.js
Requested by: Host: userupload.net
URL: https://userupload.net/ol727fk2j587
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: e1d4f21db649ec5795e70cb72e59fdec97af300c64b5d8abbc67f00688eb0ecd

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://userupload.net/ol727fk2j587
Cookie: lang=german; aff=18440
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/ol727fk2j587
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 16 Oct 2021 15:48:07 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Sep 2017 22:09:57 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 662

GET
H/1.1 200
OK style.min.css
userupload.net/ds2/css/ 179 KB
35 KB 57ms
21ms Stylesheet
text/css 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/css/style.min.css?v=0.2
Requested by: Host: userupload.net
URL: https://userupload.net/ol727fk2j587
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 2df25ed583d39ca73718949dd3c20036cdfba57ce4725b2a4564a47071b8be9c

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://userupload.net/ol727fk2j587
Cookie: lang=german; aff=18440
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/ol727fk2j587
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 16 Oct 2021 15:48:07 GMT
Content-Encoding: gzip
Last-Modified: Thu, 11 Feb 2021 19:11:32 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 35078

GET
H/1.1 200
OK logo.png
userupload.net/ds2/img/ 3 KB
3 KB 33ms
18ms Image
image/png 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://userupload.net/ds2/img/logo.png
Requested by: Host: userupload.net
URL: https://userupload.net/ol727fk2j587
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 57ee478f48f0c5119a65bcab51b18ab6e7db8cb4db90a0fc8a6bfbb4c1af2d23

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://userupload.net/ol727fk2j587
Cookie: lang=german; aff=18440
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/ol727fk2j587
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 16 Oct 2021 15:48:07 GMT
Last-Modified: Mon, 01 Mar 2021 06:10:59 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2979

GET
H/1.1 200
OK countdown.js Show response
userupload.net/ds2/js/ 640 B
665 B 18ms
18ms Script
application/javascript 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/js/countdown.js
Requested by: Host: userupload.net
URL: https://userupload.net/ol727fk2j587
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 6b1116dbdcc8665059c0163cb6cd034a949402f5bc6294390e8ffee39952f6ae

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://userupload.net/ol727fk2j587
Cookie: lang=german; aff=18440
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/ol727fk2j587
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 16 Oct 2021 15:48:07 GMT
Content-Encoding: gzip
Last-Modified: Wed, 27 Sep 2017 05:59:30 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 353

GET
H2 200 rocket-loader.min.js Show response
ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/ 12 KB
4 KB 44ms
13ms Script
application/javascript 104.17.73.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Requested by

Host: userupload.net
URL: https://userupload.net/ol727fk2j587

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.73.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:48:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
last-modified: Wed, 13 Oct 2021 10:17:24 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"6166b234-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FQpnvYAwJWxp9nGV5GghZWCwilyvhbPvAgo102YQzj0sBUs4tNQRKgNiWuWCEaE37B8GfOrDqq6%2BduR%2BypPkBhKCseDvpMxgeOUL3YX37QkAjkYGcpFbiSUGFqPH46GnzxGsvMA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 69f26dfa097321ab-DUS
expires: Mon, 18 Oct 2021 15:48:07 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 850 B
989 B 88ms
32ms Script
text/javascript 142.250.185.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: userupload.net
URL: https://userupload.net/ol727fk2j587

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f4.1e100.net

Software

GSE /

Resource Hash

257c07e40f4fdd78d66090a4347816a4777d8f2ab8b266d4aebf56da90538cbc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:48:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 555
x-xss-protection: 1; mode=block
expires: Sat, 16 Oct 2021 15:48:07 GMT

GET
H/1.1 200
OK tele.png
userupload.net/ds2/img/ 4 KB
5 KB 23ms
18ms Image
image/png 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://userupload.net/ds2/img/tele.png
Requested by: Host: userupload.net
URL: https://userupload.net/ol727fk2j587
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 58a5608dd5df2fe0edf71e0f3f1bf2c583040a9579817b26e392d0c1d1af979a

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://userupload.net/ol727fk2j587
Cookie: lang=german; aff=18440
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/ol727fk2j587
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 16 Oct 2021 15:48:07 GMT
Last-Modified: Mon, 01 Mar 2021 06:11:52 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 4441

GET
H/1.1 200
OK bootstrap.min.js Show response
userupload.net/ds2/js/ 57 KB
15 KB 20ms
19ms Script
application/javascript 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/js/bootstrap.min.js
Requested by: Host: userupload.net
URL: https://userupload.net/ol727fk2j587
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://userupload.net/ol727fk2j587
Cookie: lang=german; aff=18440
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/ol727fk2j587
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 16 Oct 2021 15:48:07 GMT
Content-Encoding: gzip
Last-Modified: Sat, 24 Aug 2019 22:42:17 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 15437

GET
H/1.1 200
OK clipboard.min.js Show response
userupload.net/ds2/js/ 11 KB
4 KB 19ms
18ms Script
application/javascript 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/js/clipboard.min.js
Requested by: Host: userupload.net
URL: https://userupload.net/ol727fk2j587
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 0da7fc1ae23678b2872653962d147fcd1cbd0a5a9c8f84d44ae99bc581fd9062

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://userupload.net/ol727fk2j587
Cookie: lang=german; aff=18440
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/ol727fk2j587
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 16 Oct 2021 15:48:07 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Sep 2017 22:09:53 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 3397

GET
H/1.1 200
OK main.js Show response
userupload.net/ds2/js/ 423 B
562 B 19ms
18ms Script
application/javascript 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/js/main.js
Requested by: Host: userupload.net
URL: https://userupload.net/ol727fk2j587
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: c1bd88cc54165fd50700598361e7484401e4cc1525866fa5a73e8a463df5c226

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://userupload.net/ol727fk2j587
Cookie: lang=german; aff=18440
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/ol727fk2j587
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 16 Oct 2021 15:48:07 GMT
Content-Encoding: gzip
Last-Modified: Thu, 31 Oct 2019 22:11:55 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 250

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 183 KB
41 KB 62ms
7ms Script
text/javascript 13.32.29.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://platform-api.sharethis.com/js/sharethis.js
Requested by: Host: userupload.net
URL: https://userupload.net/ol727fk2j587
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.29.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-29-6.fra56.r.cloudfront.net
Software: /
Resource Hash: b3dca6992b4f8770bc3dba5f82f6325a82d2adabf685da88d950f6fe87b16716

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:47:47 GMT
content-encoding: gzip
age: 20
etag: W/"2dcf1-RQaJcGO9+DuZ32kDJGMESLkOoPg"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
via: 1.1 93b0598b43d63761f1a129690721f888.cloudfront.net (CloudFront)
edge-control: cache-maxage=60m,downstream-ttl=60m
cache-control: max-age=600, public
x-amz-cf-pop: FRA56-C2
x-amz-cf-id: HQaQlkAUDSKTZjeoERMANdZYar6KhsBj_pcwyVwE8ad9DISCOQv1FA==

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
51 KB 99ms
43ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: userupload.net
URL: https://userupload.net/ol727fk2j587

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

2111c2f729eb37e28915862281651c614ab08bfac15bb8cbe6c38949c061b172

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:48:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51482
x-xss-protection: 0
server: cafe
etag: 17257018023470032218
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 16 Oct 2021 15:48:07 GMT

GET
H2 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/ 21 KB
7 KB 44ms
21ms Script
application/javascript 104.16.18.94
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js

Requested by

Host: userupload.net
URL: https://userupload.net/ol727fk2j587

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.18.94 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:48:07 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 5077009
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 6646
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:15:37 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fa9-520c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wzAg%2FaX5c6zH72Do9zKEr2hXT%2BHJSCsOOptcBQpP6KsJ8%2FbBVaYDKz6CdicXZuOiT0ll7IrwEFLoRp1453L%2FlkY%2FXtV1RedERULfw68ZGInIuP%2FPGudR13c0SH1zse8COmYQW%2FbH"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 69f26dfa0c968749-DUS
expires: Thu, 06 Oct 2022 15:48:07 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 73ms
22ms Script
text/javascript 142.250.185.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: userupload.net
URL: https://userupload.net/ol727fk2j587

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f8.1e100.net

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Oct 2021 16:38:54 GMT
server: Golfe2
age: 3040
date: Sat, 16 Oct 2021 14:57:27 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Sat, 16 Oct 2021 16:57:27 GMT

GET
H/1.1 200
OK bootstrap.min.css
userupload.net/ds2/css/ 152 KB
23 KB 21ms
20ms Stylesheet
text/css 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/css/bootstrap.min.css
Requested by: Host: userupload.net
URL: https://userupload.net/ds2/css/style.min.css?v=0.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://userupload.net/ds2/css/style.min.css?v=0.2
Cookie: lang=german; aff=18440
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/ds2/css/style.min.css?v=0.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 16 Oct 2021 15:48:07 GMT
Content-Encoding: gzip
Last-Modified: Sat, 24 Aug 2019 22:42:18 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 23238

GET
H/1.1 200
OK brandon_bld-webfont.woff2
userupload.net/ds2/fonts/ 27 KB
27 KB 19ms
18ms Font
font/woff2 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/fonts/brandon_bld-webfont.woff2
Requested by: Host: userupload.net
URL: https://userupload.net/ds2/css/style.min.css?v=0.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: c56fd6b910ca93a3fb1875e35074b8ce8501c319ebaa0e8b7252f7e4a7023fe6

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://userupload.net
Accept-Encoding: gzip, deflate, br
Host: userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://userupload.net/ds2/css/style.min.css?v=0.2
Cookie: lang=german; aff=18440
Connection: keep-alive
Referer: https://userupload.net/ds2/css/style.min.css?v=0.2
Origin: https://userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 16 Oct 2021 15:48:07 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Sep 2019 21:56:34 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: font/woff2
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 27492

GET
H/1.1 200
OK fa-duotone-900.woff2
userupload.net/ds2/fa/webfonts/ 162 KB
161 KB 19ms
19ms Font
font/woff2 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/fa/webfonts/fa-duotone-900.woff2
Requested by: Host: userupload.net
URL: https://userupload.net/ds2/css/style.min.css?v=0.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 3477023d8b7129eb517abf377492a608f2469ae91405fa62974e6771751e04ae

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://userupload.net
Accept-Encoding: gzip, deflate, br
Host: userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://userupload.net/ds2/css/style.min.css?v=0.2
Cookie: lang=german; aff=18440
Connection: keep-alive
Referer: https://userupload.net/ds2/css/style.min.css?v=0.2
Origin: https://userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 16 Oct 2021 15:48:07 GMT
Content-Encoding: gzip
Last-Modified: Sat, 24 Aug 2019 23:45:51 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: font/woff2
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96

GET
H2 200 va9E4kDNxMZdWfMOD5Vvl4jO.ttf
fonts.gstatic.com/s/firasans/v10/ 54 KB
26 KB 107ms
49ms Font
font/ttf 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/firasans/v10/va9E4kDNxMZdWfMOD5Vvl4jO.ttf

Requested by

Host: userupload.net
URL: https://userupload.net/ds2/css/style.min.css?v=0.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

08d4e6308d4549372380e8a8d6b3de7613d304b43c2e6f50053af0338e5e0f67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://userupload.net/
Origin: https://userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 08:50:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 284282
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26757
x-xss-protection: 0
last-modified: Mon, 22 Jul 2019 19:21:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 13 Oct 2022 08:50:05 GMT

GET
H2 200 va9B4kDNxMZdWfMOD5VnLK3eRhf_.ttf
fonts.gstatic.com/s/firasans/v10/ 58 KB
28 KB 73ms
22ms Font
font/ttf 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/firasans/v10/va9B4kDNxMZdWfMOD5VnLK3eRhf_.ttf

Requested by

Host: userupload.net
URL: https://userupload.net/ds2/css/style.min.css?v=0.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

7b1ed14c8d4e5852e773d44304a3a33507ff993a4b6b70ea1d9fb8c6f68e7318

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://userupload.net/
Origin: https://userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 18:15:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 423179
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28042
x-xss-protection: 0
last-modified: Mon, 22 Jul 2019 19:22:45 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 11 Oct 2022 18:15:08 GMT

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/ 346 KB
135 KB 86ms
25ms Script
text/javascript 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

24888ff57c1714336f283a67e22f1207ef9826694a9078e1cda9d581ff148407

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://userupload.net/
Origin: https://userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 14:36:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4301
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137921
x-xss-protection: 0
last-modified: Mon, 04 Oct 2021 04:21:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="recaptcha"
expires: Sun, 16 Oct 2022 14:36:26 GMT

GET
H/1.1 200
OK / Show response
tgwidget.com/widget/count/ Frame 7155 2 KB
1 KB 90ms
27ms Document
text/html 95.217.229.114
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tgwidget.com/widget/count/?id=6022da5783ba8816118b4567
Requested by: Host: userupload.net
URL: https://userupload.net/ol727fk2j587
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.217.229.114 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.114.229.217.95.clients.your-server.de
Software: nginx /
Resource Hash: 303691584e2a6cdc4c595a005b869ad0a9cca864c24ae5ad9147848763d8354d

Request headers

Host: tgwidget.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://userupload.net/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/

Response headers

Server: nginx
Date: Sat, 16 Oct 2021 15:48:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

GET
H/1.1 200
OK get.php Show response
userupload.net/ds2/file_info/ 327 B
534 B 539ms
538ms XHR
text/html 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/file_info/get.php?ext=apk
Requested by: Host: userupload.net
URL: https://userupload.net/ds2/js/jquery-1.9.1.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 739f8fd9f6a110835a0901eeeec97c8c76840147a99314629103e9bf3ef98ca2

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: empty
X-Requested-With: XMLHttpRequest
Cookie: lang=german; aff=18440
Connection: keep-alive
Referer: https://userupload.net/ol727fk2j587
Accept: */*
Referer: https://userupload.net/ol727fk2j587
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 16 Oct 2021 15:48:07 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=96
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK brandon_med-webfont.woff2
userupload.net/ds2/fonts/ 27 KB
28 KB 19ms
18ms Font
font/woff2 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/fonts/brandon_med-webfont.woff2
Requested by: Host: userupload.net
URL: https://userupload.net/ds2/css/style.min.css?v=0.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 8bedd3a9d3d20f71aa28c17e75c18ddc9a323b823275ae9bec6a1b673ea646f5

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://userupload.net
Accept-Encoding: gzip, deflate, br
Host: userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://userupload.net/ds2/css/style.min.css?v=0.2
Cookie: lang=german; aff=18440
Connection: keep-alive
Referer: https://userupload.net/ds2/css/style.min.css?v=0.2
Origin: https://userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 16 Oct 2021 15:48:07 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Sep 2019 21:56:34 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: font/woff2
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 28003

GET
H/1.1 200
OK fa-brands-400.woff2
userupload.net/ds2/fa/webfonts/ 73 KB
73 KB 19ms
18ms Font
font/woff2 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/fa/webfonts/fa-brands-400.woff2
Requested by: Host: userupload.net
URL: https://userupload.net/ds2/css/style.min.css?v=0.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 433d970f04c9cfdfe1eef18106807714cffa2ec96651af41c1be35d00a87bc1c

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://userupload.net
Accept-Encoding: gzip, deflate, br
Host: userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://userupload.net/ds2/css/style.min.css?v=0.2
Cookie: lang=german; aff=18440
Connection: keep-alive
Referer: https://userupload.net/ds2/css/style.min.css?v=0.2
Origin: https://userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 16 Oct 2021 15:48:07 GMT
Content-Encoding: gzip
Last-Modified: Sat, 24 Aug 2019 23:45:51 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: font/woff2
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98

GET
H/1.1 200
OK brandon_blk-webfont.woff2
userupload.net/ds2/fonts/ 26 KB
27 KB 19ms
19ms Font
font/woff2 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/fonts/brandon_blk-webfont.woff2
Requested by: Host: userupload.net
URL: https://userupload.net/ds2/css/style.min.css?v=0.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: f13d4a23664d1a212e275c7ccd6073d3751cd3554820a78fbf697a1fd6e251a3

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://userupload.net
Accept-Encoding: gzip, deflate, br
Host: userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://userupload.net/ds2/css/style.min.css?v=0.2
Cookie: lang=german; aff=18440
Connection: keep-alive
Referer: https://userupload.net/ds2/css/style.min.css?v=0.2
Origin: https://userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 16 Oct 2021 15:48:07 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Sep 2019 21:56:34 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: font/woff2
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 26941

GET
H/1.1 200
OK 1.min.js Show response
userupload.net/ds2/js/ 23 KB
8 KB 20ms
18ms Script
application/javascript 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/js/1.min.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 0f36b1fb32a4629666406b3cddae258555f52cd7a33ee7877a0cb9215d521e08

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://userupload.net/ol727fk2j587
Cookie: lang=german; aff=18440
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/ol727fk2j587
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 16 Oct 2021 15:48:07 GMT
Content-Encoding: gzip
Last-Modified: Sun, 14 Feb 2021 19:05:05 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 7722

GET
H/1.1 200
OK fuckadblock.js Show response
userupload.net/ds2/js/ 6 KB
2 KB 19ms
18ms Script
application/javascript 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/js/fuckadblock.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 36b7cdabca53eda8f9ccdb9e449f9c22dc4841ab4b2a888bb5700fb5dfbc778c

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: userupload.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://userupload.net/ol727fk2j587
Cookie: lang=german; aff=18440
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/ol727fk2j587
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 16 Oct 2021 15:48:07 GMT
Content-Encoding: gzip
Last-Modified: Sun, 14 Feb 2021 19:05:50 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 1688

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/1.11.3/ 94 KB
30 KB 18ms
17ms Script
application/javascript 104.16.18.94
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.3/jquery.min.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.18.94 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:48:07 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4393781
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 29929
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-176f8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x7OnEq51Lis3vT49m11SaULxv%2FpWwbx%2BsJCFG4ks5KDQrWXANREXwC8eL105YYsGV6RMostYO9FnyxUnc3wdJS4glRw%2BIPYGFlZYMzqXe%2FJhiKOsY%2B6%2BRp5NyNoknmPllnpIowpP"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 69f26dfa9d658749-DUS
expires: Thu, 06 Oct 2022 15:48:07 GMT

GET
H2 200 5c3f7ca0c9830d001319a65d.js Show response
buttons-config.sharethis.com/js/ 975 B
1 KB 45ms
9ms Script
text/javascript 65.9.71.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://buttons-config.sharethis.com/js/5c3f7ca0c9830d001319a65d.js
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.71.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 64ef1788e2c86fe9b9f65689843ec0d459ee8c1477b4fe26b88a3b3cc1e98c56

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sat, 16 Oct 2021 15:48:07 GMT
via: 1.1 47a7b8b932d91b0edbfc42f1ba94ebc1.cloudfront.net (CloudFront)
last-modified: Sat, 11 Apr 2020 08:06:55 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
etag: "603d865a6a864b43f642e595a6f198f6"
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 975
x-amz-cf-id: uNbOeDsqm1tpivCRxahRAQUM-eDx-ImFJ0XHUDVumy6WQyCxgBQ7QA==

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
336 B 40ms
9ms XHR
text/plain 52.29.0.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/pview?event=pview&hostname=userupload.net&location=%2Fol727fk2j587&product=inline-share-buttons&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=Download%20CCleaner%20Professional%20build%20800008643%20Mod%20User%20Upload%20apk&cms=unknown&publisher=5c3f7ca0c9830d001319a65d&sop=true&version=st_sop.js&lang=en&description=Datei%20herunterladen%20CCleaner%20Professional%20build%20800008643%20Mod%20User%20Upload%20apk
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.0.64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-29-0-64.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 16 Oct 2021 15:48:07 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: https://userupload.net
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1140510075&utmhn=userupload.net&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Downl...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-80176776-3&cid=165182515.1634399287&jid=837281777&_v=5.7.2&z=1140510075

35 B
401 B

64ms
21ms

Image
image/gif

74.125.206.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-80176776-3&cid=165182515.1634399287&jid=837281777&_v=5.7.2&z=1140510075

Requested by

Host: userupload.net
URL: https://userupload.net/ol727fk2j587

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.206.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wk-in-f155.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 16 Oct 2021 15:48:07 GMT
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 16 Oct 2021 15:48:07 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-80176776-3&cid=165182515.1634399287&jid=837281777&_v=5.7.2&z=1140510075
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 369
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110080101/ 272 KB
98 KB 83ms
51ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5228806306542248&plah=userupload.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

b20c447b3d7f66aa1c71305e4a91983b14e3174c651ec6460e73a79e58a3bb3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:48:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 99860
x-xss-protection: 0
server: cafe
etag: 5832577822734846258
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 16 Oct 2021 15:48:07 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211013/r20190131/ Frame 2B25 10 KB
5 KB 87ms
23ms Document
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211013/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

8f297a42c731c5e6412ef47dff5d7697e142a28abe98d34b515951d40e5e9f7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20211013/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://userupload.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 15 Oct 2021 21:22:20 GMT
expires: Fri, 29 Oct 2021 21:22:20 GMT
content-type: text/html; charset=UTF-8
etag: 9069739545958607985
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4691
x-xss-protection: 0
age: 66347
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK tg.png
tgwidget.com/widget/count/img/ Frame 7155 7 KB
7 KB 26ms
26ms Image
image/png 95.217.229.114
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tgwidget.com/widget/count/img/tg.png
Requested by: Host: tgwidget.com
URL: https://tgwidget.com/widget/count/?id=6022da5783ba8816118b4567
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.217.229.114 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.114.229.217.95.clients.your-server.de
Software: nginx /
Resource Hash: b106807d0b065185b4fb475481db10ee8457583101dc9a8b13385627e07d01c0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tgwidget.com/widget/count/?id=6022da5783ba8816118b4567
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 16 Oct 2021 15:48:07 GMT
Last-Modified: Sat, 13 Feb 2021 11:38:44 GMT
Server: nginx
ETag: "6027ba44-1c1d"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7197

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 7155 95 KB
38 KB 35ms
34ms Script
application/javascript 142.250.185.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-121815413-1

Requested by

Host: tgwidget.com
URL: https://tgwidget.com/widget/count/?id=6022da5783ba8816118b4567

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.104 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

4bf5649278f2f381f0a27542f9a5a795c8b22c1d0e2aa462de7d0cf801fbd45d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tgwidget.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:48:07 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38559
x-xss-protection: 0
last-modified: Sat, 16 Oct 2021 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 16 Oct 2021 15:48:07 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 7155 48 KB
20 KB 72ms
23ms Script
text/javascript 142.250.185.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-121815413-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tgwidget.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Oct 2021 16:38:54 GMT
server: Golfe2
age: 3670
date: Sat, 16 Oct 2021 14:46:57 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Sat, 16 Oct 2021 16:46:57 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 204 B
404 B 33ms
33ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=userupload.net&callback=_gfp_s_&client=ca-pub-5228806306542248

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5228806306542248&plah=userupload.net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

65f8cfb6eaca50d0be95533eb00d027720ad44db8e47918e4d8f7c9fbf6b4015

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:48:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 195
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 92ms
32ms Script
application/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=userupload.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 16 Oct 2021 15:48:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 81ms
31ms Script
application/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=userupload.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 16 Oct 2021 15:48:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E6A8 87 KB
30 KB 749ms
720ms Document
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=9237283852&adk=1997398430&adf=4108538649&pi=t.ma~as.9237283852&w=350&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287515&bpp=7&bdt=265&idt=132&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&correlator=4704249857057&frm=20&pv=2&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=245&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=2&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=3TavoX83Rz&p=https%3A//userupload.net&dtd=145

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

d79fe42da7baa3437073875f4e51fd6a6ba54ba70194cba9066effe29e03d9e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=9237283852&adk=1997398430&adf=4108538649&pi=t.ma~as.9237283852&w=350&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287515&bpp=7&bdt=265&idt=132&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&correlator=4704249857057&frm=20&pv=2&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=245&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=2&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=3TavoX83Rz&p=https%3A//userupload.net&dtd=145
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://userupload.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 16 Oct 2021 15:48:08 GMT
server: cafe
content-length: 30327
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 16-Oct-2021 16:03:07 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 16 Oct 2021 15:48:08 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7013 225 KB
20 KB 786ms
764ms Document
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5298038844&adk=3658158944&adf=3044448856&pi=t.ma~as.5298038844&w=350&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287522&bpp=2&bdt=272&idt=144&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=245&ady=533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=SRWQhCVLta&p=https%3A//userupload.net&dtd=146

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

2cba2916c78e3f442584243b33feccbaa758139e7c858129d18d10edce2f7978

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5298038844&adk=3658158944&adf=3044448856&pi=t.ma~as.5298038844&w=350&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287522&bpp=2&bdt=272&idt=144&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=245&ady=533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=SRWQhCVLta&p=https%3A//userupload.net&dtd=146
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://userupload.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-expose-headers: x-google-amp-ad-validated-version
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 16 Oct 2021 15:48:08 GMT
server: cafe
content-length: 20447
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 16-Oct-2021 16:03:07 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 16 Oct 2021 15:48:08 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
28 KB 100ms
45ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

006b67e717e5f1b16d776c1627b298cbab7183711957008cdc8579535f64cff8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:48:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27689
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1634125440057750"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 16 Oct 2021 15:48:07 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6381 86 KB
29 KB 670ms
652ms Document
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=4007740924&adk=2448036532&adf=2560393268&pi=t.ma~as.4007740924&w=480&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=480x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287524&bpp=1&bdt=274&idt=146&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=695&ady=150&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=hMRjaMCfrD&p=https%3A//userupload.net&dtd=148

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

de2132007c5489410805fd79a358b87827b8d43f05e937d4cb0841d614957deb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=4007740924&adk=2448036532&adf=2560393268&pi=t.ma~as.4007740924&w=480&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=480x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287524&bpp=1&bdt=274&idt=146&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=695&ady=150&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=hMRjaMCfrD&p=https%3A//userupload.net&dtd=148
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://userupload.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 16 Oct 2021 15:48:08 GMT
server: cafe
content-length: 29372
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 16-Oct-2021 16:03:07 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 16 Oct 2021 15:48:08 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2DA3 85 KB
27 KB 311ms
301ms Document
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=1042759759&adk=2198837252&adf=2833722400&pi=t.ma~as.1042759759&w=350&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287524&bpp=1&bdt=273&idt=154&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=1005&ady=512&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=z6MWPgzUps&p=https%3A//userupload.net&dtd=156

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

4378dcc91e2680b3390bb2593f91e01c3908419c9ec02d2c263ad64f724ee2ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=1042759759&adk=2198837252&adf=2833722400&pi=t.ma~as.1042759759&w=350&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287524&bpp=1&bdt=273&idt=154&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=1005&ady=512&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=z6MWPgzUps&p=https%3A//userupload.net&dtd=156
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://userupload.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 16 Oct 2021 15:48:07 GMT
server: cafe
content-length: 27799
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 16-Oct-2021 16:03:07 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 16 Oct 2021 15:48:07 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FB50 69 KB
25 KB 825ms
819ms Document
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5644349740&adk=3102016549&adf=3760600436&pi=t.ma~as.5644349740&w=730&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287525&bpp=1&bdt=275&idt=157&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280%2C350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=625&ady=862&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=zGvrMgUhJ9&p=https%3A//userupload.net&dtd=159

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

734719a5e01b6d01625fdc1581ec1e8ea1a8de1ff6df221b51c337743b012127

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5644349740&adk=3102016549&adf=3760600436&pi=t.ma~as.5644349740&w=730&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287525&bpp=1&bdt=275&idt=157&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280%2C350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=625&ady=862&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=zGvrMgUhJ9&p=https%3A//userupload.net&dtd=159
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://userupload.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 16 Oct 2021 15:48:08 GMT
server: cafe
content-length: 25821
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 16-Oct-2021 16:03:07 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 16 Oct 2021 15:48:08 GMT
cache-control: private

GET
H2 200 css
fonts.googleapis.com/ Frame 2DA3 4 KB
1 KB 86ms
33ms Stylesheet
text/css 142.250.186.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=1042759759&adk=2198837252&adf=2833722400&pi=t.ma~as.1042759759&w=350&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287524&bpp=1&bdt=273&idt=154&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=1005&ady=512&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=z6MWPgzUps&p=https%3A//userupload.net&dtd=156

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.42 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f10.1e100.net

Software

ESF /

Resource Hash

2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 16 Oct 2021 15:00:44 GMT
server: ESF
date: Sat, 16 Oct 2021 15:48:08 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Sat, 16 Oct 2021 15:48:08 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/ Frame 2DA3 2 KB
991 B 66ms
29ms Script
text/javascript 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

cafe /

Resource Hash

1b4e852fde612daeb72f1f4cca801a99cc2730875048c5ac3faa9f5ca5854155

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:29:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1101
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 885
x-xss-protection: 0
server: cafe
etag: 638833322182864030
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Oct 2021 15:29:47 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/ Frame 2DA3 18 KB
8 KB 49ms
17ms Script
text/javascript 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

cafe /

Resource Hash

b2ec3db0c3ffe01385ebd2fa36b83708e505fada5609f9859a8e04a9cbdcaefd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:44:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 234
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7691
x-xss-protection: 0
server: cafe
etag: 14402072889669646931
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Oct 2021 15:44:14 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/ Frame 2DA3 3 KB
1 KB 48ms
16ms Script
text/javascript 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:47:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Oct 2021 15:47:11 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/ Frame 2DA3 14 KB
7 KB 46ms
14ms Script
text/javascript 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:47:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Oct 2021 15:47:24 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2DA3 123 KB
37 KB 69ms
36ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

41d9de265e720a301cbd9c525fa7089a677e0b099b422579a401516212b5add3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:48:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37919
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1634125446224599"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 16 Oct 2021 15:48:08 GMT

GET
H3 200 94b9e9edb15b7c220f12fa63d878a5af.js Show response
www.gstatic.com/mysidia/ Frame 2DA3 27 KB
11 KB 55ms
23ms Script
text/javascript 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/94b9e9edb15b7c220f12fa63d878a5af.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

3d1246d2fe982f57c0a911530b2fa93a679e42c0d897151f39cffa4762c55f5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 11:43:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14666
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11213
x-xss-protection: 0
last-modified: Tue, 12 Oct 2021 03:34:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Fri, 14 Jan 2022 11:43:42 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/16295134962900264000/ Frame 2DA3 11 KB
11 KB 55ms
25ms Image
image/jpeg 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16295134962900264000/downsize_200k_v1?w=400&h=209

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

sffe /

Resource Hash

0d0f3ef57b5ca725823a5952f4f19fdde76751a8035b74b256a6a0500cca592e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 08:55:24 GMT
x-content-type-options: nosniff
age: 370364
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10811
x-xss-protection: 0
last-modified: Fri, 16 Jul 2021 11:51:09 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Oct 2022 08:55:24 GMT

GET
DATA 200
OK truncated
/ Frame 2DA3 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 2DA3 0
0 96ms
95ms Fetch
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cz52lN_RqYZC6LOqBxgLqyLLQB8zFjfZj8O2r2bQOt9qivcABEAEg7KecS2CV4pCCoAegAb7o0NgDyAEJqQL2ddabsXWzPqgDAcgDywSqBNABT9DHQr-XlbEfvd7Sx5u0yx1OOZBlyeV6nigFH0XiogJFKSyNNODv5cMGGiR0PuxaS5zGl7Og7vK-tZxVFVFPvDV2Uwnwwa59c_tw7oUwh3r8kwTbyOo-ZGrvO3Ng2ptdUeZQ5EvqZsWiC_6NzoJXb3hvbJ8Oqr0XHfW64t0DijKluapg4SY0Ijqfx6A-uIrcpF6JyvkERY9fs5aMcInxPf8jKyXHSHvS2eyDb2qxwBPd5vFZt4C2MzAa37xUA-6uh-09PNnRHC5ALyQABDJIicAE69T2688DoAYugAfIuP5AqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAfVyRuoB6a-G9gHAPIHBBCK8S3SCAkIgOGAEBABGF-ACgHICwG4E4gn2BMDiBQB0BUBgBcBshccChoIABIUcHViLTUyMjg4MDYzMDY1NDIyNDgYAA&sigh=i5yguoebY10&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=1042759759&adk=2198837252&adf=2833722400&pi=t.ma~as.1042759759&w=350&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287524&bpp=1&bdt=273&idt=154&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=1005&ady=512&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=z6MWPgzUps&p=https%3A//userupload.net&dtd=156
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 16 Oct 2021 15:48:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sat, 16 Oct 2021 15:48:08 GMT

GET
DATA 200
OK truncated
/ Frame 2DA3 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c4c672b1245d35672dcd49b615ca91fb8949b712645dc7e847c1d6105d83ee94

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 2DA3 16 KB
16 KB 51ms
20ms Font
font/woff2 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 16:31:57 GMT
x-content-type-options: nosniff
age: 256571
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:21 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 13 Oct 2022 16:31:57 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 2DA3 15 KB
15 KB 50ms
22ms Font
font/woff2 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 16:31:41 GMT
x-content-type-options: nosniff
age: 256587
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 13 Oct 2022 16:31:41 GMT

GET
H3 200 YBeW4A8KRQKaUXRhZhiUEBaonRmLgznW2QKT5Kp-z2M.js Show response
pagead2.googlesyndication.com/bg/ Frame D236 35 KB
13 KB 22ms
21ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YBeW4A8KRQKaUXRhZhiUEBaonRmLgznW2QKT5Kp-z2M.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

601796e00f0a45029a5174616618941016a89d198b8339d6d90293e4aa7ecf63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:35:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 780
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13430
x-xss-protection: 0
last-modified: Mon, 11 Oct 2021 11:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Sun, 16 Oct 2022 15:35:08 GMT

GET
H3 200 e8e197e378ee874e03267c2064571e79.js Show response
www.gstatic.com/mysidia/ Frame 6381 7 KB
3 KB 24ms
24ms Script
text/javascript 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e8e197e378ee874e03267c2064571e79.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=4007740924&adk=2448036532&adf=2560393268&pi=t.ma~as.4007740924&w=480&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=480x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287524&bpp=1&bdt=274&idt=146&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=695&ady=150&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=hMRjaMCfrD&p=https%3A//userupload.net&dtd=148

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

7ce8fde1e19d45e140ba1f2e2756d7e564eb85c8888cc49547ee6a7cf87bc081

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 06:33:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 206056
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3152
x-xss-protection: 0
last-modified: Tue, 12 Oct 2021 03:34:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Wed, 12 Jan 2022 06:33:52 GMT

GET
H3 200 6cfce8a19e8436dfedf3d88a9491c013.js Show response
www.gstatic.com/mysidia/ Frame 6381 8 KB
3 KB 25ms
25ms Script
text/javascript 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6cfce8a19e8436dfedf3d88a9491c013.js?tag=text/vanilla_highlight

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

9ecb912e3d60eed3050ca2825ff8dc7796d86154539d1c0c8a5d819430c5b9db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 07:34:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 202433
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3411
x-xss-protection: 0
last-modified: Thu, 07 Oct 2021 05:48:38 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Wed, 12 Jan 2022 07:34:15 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 6381 3 KB
580 B 65ms
33ms Stylesheet
text/css 142.250.186.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.42 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f10.1e100.net

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 16 Oct 2021 14:47:59 GMT
server: ESF
date: Sat, 16 Oct 2021 15:48:08 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Sat, 16 Oct 2021 15:48:08 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/ Frame 6381 2 KB
912 B 18ms
17ms Script
text/javascript 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

cafe /

Resource Hash

1b4e852fde612daeb72f1f4cca801a99cc2730875048c5ac3faa9f5ca5854155

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:29:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1101
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 885
x-xss-protection: 0
server: cafe
etag: 638833322182864030
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Oct 2021 15:29:47 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/ Frame 6381 18 KB
8 KB 43ms
18ms Script
text/javascript 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

cafe /

Resource Hash

b2ec3db0c3ffe01385ebd2fa36b83708e505fada5609f9859a8e04a9cbdcaefd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:44:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 234
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7691
x-xss-protection: 0
server: cafe
etag: 14402072889669646931
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Oct 2021 15:44:14 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/ Frame 6381 3 KB
1 KB 16ms
16ms Script
text/javascript 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:47:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Oct 2021 15:47:11 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6381 123 KB
37 KB 36ms
35ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

41d9de265e720a301cbd9c525fa7089a677e0b099b422579a401516212b5add3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:48:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37919
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1634125446224599"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 16 Oct 2021 15:48:08 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/ Frame 6381 14 KB
6 KB 40ms
16ms Script
text/javascript 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:47:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Oct 2021 15:47:24 GMT

GET
H3 200 94b9e9edb15b7c220f12fa63d878a5af.js Show response
www.gstatic.com/mysidia/ Frame 6381 27 KB
11 KB 23ms
23ms Script
text/javascript 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/94b9e9edb15b7c220f12fa63d878a5af.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

3d1246d2fe982f57c0a911530b2fa93a679e42c0d897151f39cffa4762c55f5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 11:43:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14666
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11213
x-xss-protection: 0
last-modified: Tue, 12 Oct 2021 03:34:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Fri, 14 Jan 2022 11:43:42 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 6381 0
0 98ms
98ms Fetch
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CIzifN_RqYYfaLa2yiQaLnoTAApqTyeNlhuyMjooMopTEko0OEAEg7KecS2CV4pCCoAegAc_I-vwDyAEBqQL2ddabsXWzPqgDAcgDywSqBPgBT9B_nxVhLGNIJuCY3EHHkfXwKzlvuc_RV4ngu6GJc9H5itvJFTusqSl1Tb79WlIrapfDl8W75odgn5dXhC5yiwkieQiqJXq0F-_GXrMxa76u89Tlm43eTNHiGLpxjbz6Gt9zCfqeDTLH_F250xLBOWLPmws6vPv4zdPbd2F14dBrOI1_psAOVVQp-IU-ZZuHlotD2S1D7yI6ARBWGTPdqi1zfQTv8w7sLzD0oZNG2x9nokA1God49GTs1btEVPaCXLQj5290Pzb4LwMOMsAZgIsBaEWVeUuyyIJ-MWksPACzkJNmnU09Mj_h0ssYxGEqDjRnQN3cwP_ABNquwISaA5IFBAgEGAGSBQQIBRgEgAe55JeYAagH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgH1ckbqAemvhvYBwHyBwQQgptl0ggJCIDhgBAQARhfgAoByAsB2BMMiBQE0BUBgBcBshccChoIABIUcHViLTUyMjg4MDYzMDY1NDIyNDgYAA&sigh=EHgjgGo3LP4

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=4007740924&adk=2448036532&adf=2560393268&pi=t.ma~as.4007740924&w=480&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=480x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287524&bpp=1&bdt=274&idt=146&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=695&ady=150&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=hMRjaMCfrD&p=https%3A//userupload.net&dtd=148
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 16 Oct 2021 15:48:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B3A1 143 B
163 B 23ms
23ms Document
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=4007740924&adk=2448036532&adf=2560393268&pi=t.ma~as.4007740924&w=480&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=480x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287524&bpp=1&bdt=274&idt=146&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=695&ady=150&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=hMRjaMCfrD&p=https%3A//userupload.net&dtd=148
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUmHJ6sLURINSkpi_sxMgY5NtpInX22C5Tm9dKQwLnQdZTE2kLaN8sZTuCVBXy0; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=4007740924&adk=2448036532&adf=2560393268&pi=t.ma~as.4007740924&w=480&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=480x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287524&bpp=1&bdt=274&idt=146&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=695&ady=150&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=hMRjaMCfrD&p=https%3A//userupload.net&dtd=148

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 16 Oct 2021 15:09:53 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2295
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 6381 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 77407a0e9cedc922ef369f777cb8d705f22a46cf192ce5d09bae21e08a6c96d2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 6381 21 KB
21 KB 22ms
21ms Font
font/woff2 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 19:46:29 GMT
x-content-type-options: nosniff
age: 417699
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21660
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:07:18 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 Oct 2022 19:46:29 GMT

GET
H3 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 6381 21 KB
21 KB 23ms
23ms Font
font/woff2 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 18:21:26 GMT
x-content-type-options: nosniff
age: 422802
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21424
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:24 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 11 Oct 2022 18:21:26 GMT

GET
H3 200 e8e197e378ee874e03267c2064571e79.js Show response
www.gstatic.com/mysidia/ Frame E6A8 7 KB
3 KB 24ms
24ms Script
text/javascript 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e8e197e378ee874e03267c2064571e79.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=9237283852&adk=1997398430&adf=4108538649&pi=t.ma~as.9237283852&w=350&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287515&bpp=7&bdt=265&idt=132&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&correlator=4704249857057&frm=20&pv=2&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=245&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=2&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=3TavoX83Rz&p=https%3A//userupload.net&dtd=145

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

7ce8fde1e19d45e140ba1f2e2756d7e564eb85c8888cc49547ee6a7cf87bc081

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 06:33:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 206056
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3152
x-xss-protection: 0
last-modified: Tue, 12 Oct 2021 03:34:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Wed, 12 Jan 2022 06:33:52 GMT

GET
H3 200 6cfce8a19e8436dfedf3d88a9491c013.js Show response
www.gstatic.com/mysidia/ Frame E6A8 8 KB
3 KB 25ms
24ms Script
text/javascript 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6cfce8a19e8436dfedf3d88a9491c013.js?tag=text/vanilla_highlight

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

9ecb912e3d60eed3050ca2825ff8dc7796d86154539d1c0c8a5d819430c5b9db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 07:34:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 202433
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3411
x-xss-protection: 0
last-modified: Thu, 07 Oct 2021 05:48:38 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Wed, 12 Jan 2022 07:34:15 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame E6A8 3 KB
580 B 33ms
33ms Stylesheet
text/css 142.250.186.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.42 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f10.1e100.net

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 16 Oct 2021 15:03:32 GMT
server: ESF
date: Sat, 16 Oct 2021 15:48:08 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Sat, 16 Oct 2021 15:48:08 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/ Frame E6A8 2 KB
912 B 16ms
16ms Script
text/javascript 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

cafe /

Resource Hash

1b4e852fde612daeb72f1f4cca801a99cc2730875048c5ac3faa9f5ca5854155

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:29:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1101
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 885
x-xss-protection: 0
server: cafe
etag: 638833322182864030
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Oct 2021 15:29:47 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/ Frame E6A8 18 KB
8 KB 16ms
16ms Script
text/javascript 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

cafe /

Resource Hash

b2ec3db0c3ffe01385ebd2fa36b83708e505fada5609f9859a8e04a9cbdcaefd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:44:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 234
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7691
x-xss-protection: 0
server: cafe
etag: 14402072889669646931
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Oct 2021 15:44:14 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/ Frame E6A8 3 KB
1 KB 17ms
17ms Script
text/javascript 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:47:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Oct 2021 15:47:11 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E6A8 123 KB
37 KB 36ms
36ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

41d9de265e720a301cbd9c525fa7089a677e0b099b422579a401516212b5add3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:48:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37919
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1634125446224599"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 16 Oct 2021 15:48:08 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/ Frame E6A8 14 KB
6 KB 18ms
17ms Script
text/javascript 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:47:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Oct 2021 15:47:24 GMT

GET
H3 200 94b9e9edb15b7c220f12fa63d878a5af.js Show response
www.gstatic.com/mysidia/ Frame E6A8 27 KB
11 KB 23ms
23ms Script
text/javascript 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/94b9e9edb15b7c220f12fa63d878a5af.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

3d1246d2fe982f57c0a911530b2fa93a679e42c0d897151f39cffa4762c55f5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 11:43:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14666
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11213
x-xss-protection: 0
last-modified: Tue, 12 Oct 2021 03:34:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Fri, 14 Jan 2022 11:43:42 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B3A1
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
17 B

96ms
96ms

Document
text/html

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUmHJ6sLURINSkpi_sxMgY5NtpInX22C5Tm9dKQwLnQdZTE2kLaN8sZTuCVBXy0; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 16 Oct 2021 15:48:08 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sat, 16-Oct-2021 16:48:08 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 16 Oct 2021 15:48:08 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 16 Oct 2021 15:48:08 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 19E5 143 B
163 B 23ms
23ms Document
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=9237283852&adk=1997398430&adf=4108538649&pi=t.ma~as.9237283852&w=350&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287515&bpp=7&bdt=265&idt=132&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&correlator=4704249857057&frm=20&pv=2&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=245&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=2&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=3TavoX83Rz&p=https%3A//userupload.net&dtd=145
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUmHJ6sLURINSkpi_sxMgY5NtpInX22C5Tm9dKQwLnQdZTE2kLaN8sZTuCVBXy0; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=9237283852&adk=1997398430&adf=4108538649&pi=t.ma~as.9237283852&w=350&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287515&bpp=7&bdt=265&idt=132&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&correlator=4704249857057&frm=20&pv=2&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=245&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=2&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=3TavoX83Rz&p=https%3A//userupload.net&dtd=145

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 16 Oct 2021 15:09:53 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2295
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012109102127000/ Frame 7BBC 189 KB
55 KB 105ms
24ms Script
text/javascript 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012109102127000/amp4ads-v0.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5298038844&adk=3658158944&adf=3044448856&pi=t.ma~as.5298038844&w=350&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287522&bpp=2&bdt=272&idt=144&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=245&ady=533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=SRWQhCVLta&p=https%3A//userupload.net&dtd=146

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

sffe /

Resource Hash

ba870dd4f1f375d33aa3770685227bd38160d194969b3840232fad67c1989bb8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 322983
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55506
x-xss-protection: 0
server: sffe
date: Tue, 12 Oct 2021 22:05:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c42e3b94efe0099e"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 12 Oct 2022 22:05:05 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012109102127000/v0/ Frame 7BBC 13 KB
5 KB 143ms
62ms Script
text/javascript 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012109102127000/v0/amp-ad-exit-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

sffe /

Resource Hash

19ad029fe2230dc2b7eda8d3c2b8d872aae2e718c0209bcaec04cd51a04d9165

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 296010
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4995
x-xss-protection: 0
server: sffe
date: Wed, 13 Oct 2021 05:34:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "bc03df60ee69192f"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 13 Oct 2022 05:34:38 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012109102127000/v0/ Frame 7BBC 89 KB
28 KB 151ms
70ms Script
text/javascript 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012109102127000/v0/amp-analytics-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

sffe /

Resource Hash

d4cb8e3d3f1d9da69c5096249099aaa6ec5942dc20f922cc6c99f7b7b4557584

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 248364
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28507
x-xss-protection: 0
server: sffe
date: Wed, 13 Oct 2021 18:48:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "283b6526337df106"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 13 Oct 2022 18:48:44 GMT

GET
H2 200 amp-animation-0.1.mjs Show response
cdn.ampproject.org/rtv/012109102127000/v0/ Frame 7BBC 71 KB
17 KB 159ms
78ms Script
text/javascript 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012109102127000/v0/amp-animation-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

sffe /

Resource Hash

5b706a52c0ae673c9803f61e3a901a23c78f6e845a3dc68036c5a4f72602953a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 338439
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16796
x-xss-protection: 0
server: sffe
date: Tue, 12 Oct 2021 17:47:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "72e3028abbd677c0"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 12 Oct 2022 17:47:29 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012109102127000/v0/ Frame 7BBC 4 KB
2 KB 150ms
70ms Script
text/javascript 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012109102127000/v0/amp-fit-text-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

sffe /

Resource Hash

d50905d9c0e2c1f4a30e217e1eade952d04600860ccf4aec5240e6fd31eb9b29

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 296506
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1638
x-xss-protection: 0
server: sffe
date: Wed, 13 Oct 2021 05:26:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b3f838efba7b15f2"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 13 Oct 2022 05:26:22 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012109102127000/v0/ Frame 7BBC 40 KB
13 KB 145ms
65ms Script
text/javascript 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012109102127000/v0/amp-form-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

sffe /

Resource Hash

235dd149eac993d9f773d67eb3432fda6c4d81c98d29c4fb150707fae2b59908

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 511039
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12820
x-xss-protection: 0
server: sffe
date: Sun, 10 Oct 2021 17:50:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "2e8049efde94274d"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 10 Oct 2022 17:50:49 GMT

GET
DATA 200
OK truncated
/ Frame 7BBC 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 86196c284a16a96d2892a865dc7eb13e6c227292ce6b6fbbe462d97af0a17b8b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 txt1.png
tpc.googlesyndication.com/sadbundle/5793012853004892767/images/ Frame 7BBC 2 KB
2 KB 19ms
19ms Image
image/png 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/5793012853004892767/images/txt1.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

sffe /

Resource Hash

b159722b91f7663d33ce1f0e95de72389955edfa5a12cfe6c94b6705468ae805

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 10 Oct 2021 07:01:42 GMT
x-content-type-options: nosniff
age: 549986
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1896
x-xss-protection: 0
last-modified: Wed, 16 Jun 2021 14:56:08 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 10 Oct 2022 07:01:42 GMT

GET
H3 200 txt2.png
tpc.googlesyndication.com/sadbundle/5793012853004892767/images/ Frame 7BBC 1 KB
1 KB 20ms
19ms Image
image/png 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/5793012853004892767/images/txt2.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

sffe /

Resource Hash

93aea7e3c21a5bc34e432149592dfbe6a432f4039a8f93bdb6b43db00b8d40c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 10 Oct 2021 22:06:10 GMT
x-content-type-options: nosniff
age: 495718
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1434
x-xss-protection: 0
last-modified: Wed, 16 Jun 2021 14:56:08 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 10 Oct 2022 22:06:10 GMT

GET
H3 200 puls.png
tpc.googlesyndication.com/sadbundle/5793012853004892767/images/ Frame 7BBC 236 B
263 B 22ms
21ms Image
image/png 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/5793012853004892767/images/puls.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

sffe /

Resource Hash

4ca6dd97b62c2f6e9263710d88f9ccb54612bdccd98c08ead481a0347e9a4e1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 22:13:14 GMT
x-content-type-options: nosniff
age: 236094
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 236
x-xss-protection: 0
last-modified: Wed, 16 Jun 2021 14:56:08 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 13 Oct 2022 22:13:14 GMT

GET
H3 200 txt3.png
tpc.googlesyndication.com/sadbundle/5793012853004892767/images/ Frame 7BBC 1009 B
1 KB 24ms
22ms Image
image/png 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/5793012853004892767/images/txt3.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

sffe /

Resource Hash

c7e3eac1b2c0f5c2d934241ee44a85b4a1a1f3c7c85e05381e2c4b622fe5501d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 10:33:05 GMT
x-content-type-options: nosniff
age: 191703
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1009
x-xss-protection: 0
last-modified: Wed, 16 Jun 2021 14:56:08 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 14 Oct 2022 10:33:05 GMT

GET
H3 200 txt4.png
tpc.googlesyndication.com/sadbundle/5793012853004892767/images/ Frame 7BBC 863 B
888 B 22ms
21ms Image
image/png 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/5793012853004892767/images/txt4.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

sffe /

Resource Hash

5189658b1f2daae71ab3b070b6e0b54f412ed79e468c14a1d16c92824a3b2af7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 10 Oct 2021 22:05:33 GMT
x-content-type-options: nosniff
age: 495755
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 863
x-xss-protection: 0
last-modified: Wed, 16 Jun 2021 14:56:08 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 10 Oct 2022 22:05:33 GMT

GET
H3 200 txt5.png
tpc.googlesyndication.com/sadbundle/5793012853004892767/images/ Frame 7BBC 1 KB
1 KB 22ms
21ms Image
image/png 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/5793012853004892767/images/txt5.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

sffe /

Resource Hash

f50cd1f9a7d3ab95391225b3a8d36eca059105990afdada14ca150953df3f6c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 22:13:14 GMT
x-content-type-options: nosniff
age: 236094
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1373
x-xss-protection: 0
last-modified: Wed, 16 Jun 2021 14:56:08 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 13 Oct 2022 22:13:14 GMT

GET
H3 200 preisButt.png
tpc.googlesyndication.com/sadbundle/5793012853004892767/images/ Frame 7BBC 3 KB
3 KB 26ms
25ms Image
image/png 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/5793012853004892767/images/preisButt.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

sffe /

Resource Hash

8a1c951a818174eaaaf001a306bad640b788f504b3b55a86970c8c49220bdb1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 10:51:59 GMT
x-content-type-options: nosniff
age: 449769
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3292
x-xss-protection: 0
last-modified: Wed, 16 Jun 2021 14:56:08 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 11 Oct 2022 10:51:59 GMT

GET
H3 200 ll.png
tpc.googlesyndication.com/sadbundle/5793012853004892767/images/ Frame 7BBC 622 B
652 B 25ms
24ms Image
image/png 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/5793012853004892767/images/ll.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

sffe /

Resource Hash

f69adcb2ca28e3e811ad5b88d7b6d86a68d736c715bca3d4953f0566d1447321

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 13:17:28 GMT
x-content-type-options: nosniff
age: 268240
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 622
x-xss-protection: 0
last-modified: Wed, 16 Jun 2021 14:56:08 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 13 Oct 2022 13:17:28 GMT

GET
H3 200 CTA.png
tpc.googlesyndication.com/sadbundle/5793012853004892767/images/ Frame 7BBC 761 B
787 B 24ms
22ms Image
image/png 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/5793012853004892767/images/CTA.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

sffe /

Resource Hash

c8db9f853525deceda9c0749a25a9f2639355d88231b31d6e2b9cc22c206ff41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 04:19:18 GMT
x-content-type-options: nosniff
age: 386930
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 761
x-xss-protection: 0
last-modified: Wed, 16 Jun 2021 14:56:08 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Oct 2022 04:19:18 GMT

GET
H3 200 DBx.png
tpc.googlesyndication.com/sadbundle/5793012853004892767/images/ Frame 7BBC 946 B
975 B 25ms
23ms Image
image/png 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/5793012853004892767/images/DBx.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

sffe /

Resource Hash

d7dcbf991e3140883fbb0cea57b778db313c0ee8f57205404257ac98e1aa1444

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 15 Oct 2021 18:17:02 GMT
x-content-type-options: nosniff
age: 77466
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 946
x-xss-protection: 0
last-modified: Wed, 16 Jun 2021 14:56:08 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 15 Oct 2022 18:17:02 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7BBC 2 KB
2 KB 24ms
22ms Image
image/png 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 16 Oct 2021 13:18:13 GMT
x-content-type-options: nosniff
server: cafe
age: 8995
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sun, 17 Oct 2021 13:18:13 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7BBC 295 B
319 B 23ms
22ms Image
image/png 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 15 Oct 2021 20:55:41 GMT
x-content-type-options: nosniff
server: cafe
age: 67947
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sat, 16 Oct 2021 20:55:41 GMT

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame 7BBC 43 B
1 KB 62ms
17ms Image
image/gif 85.14.248.91
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=5&extPu=14058-gaw&extLi=11829094681&extCr=115065628556-527621586220&cb=377615341

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

85.14.248.91 Gelsenkirchen, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
Pragma: no-cache
X-ET-Code: 0
Last-Modified: Sa, 16 Okt 2021 03:48:08 GMT
Server: Microsoft-IIS/8.5
Date: Sat, 16 Oct 2021 15:48:08 GMT
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://googleads.g.doubleclick.net
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1053
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 7BBC 0
17 B 65ms
64ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CsCuLN_RqYdS8LMbAmLAPkdCOsAe0m8uwZZ6zqcbsDZaCzYWIFhABIOynnEtgleKQgqAHoAGLrsDkA8gBCakC9nXWm7F1sz6oAwHIAwiqBPgBT9AGssdnvTsX0Lv7XQoTKT0cWYj34PP9CCof9QfDEyOkU32hC8ZKtnN6_ghEop048e2fB26f0cfPij4YpFPq_rOwtKRqjs3RZJHJ6TazuLrCSWwfwo93rl2muwP5c92bc-qHpG4WbO0rjMP7xfb-WfI4-uXnVO9qW1j0rkWD5Jn4XQIf1KDXOEvw30gpLNnLox4Q3uWd1ppG8DlzpsDndA9Kc6hjDF8fDye7hND9ElmIjDE1-EPuZdMHYDJ0v0nuS94SNQuqfbrnjJsjpdDtTfbmyjyJiD_WQUwG4gN8enM9FKRcIEn2T7Cg7Fxn1wTQTv-O0aTcxz3ABIzPyNOsA5IFBAgEGAGSBQQIBRgEoAYugAfd0b8bqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAfVyRuoB6a-G9gHAPIHBBDfyGDSCAkIgOGAEBABGF-ACgHICwHYEw2IFAHQFQGYFgGAFwGyFxwKGggAEhRwdWItNTIyODgwNjMwNjU0MjI0OBgA&sigh=lgz7m9Yexrc&template_id=419

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5298038844&adk=3658158944&adf=3044448856&pi=t.ma~as.5298038844&w=350&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287522&bpp=2&bdt=272&idt=144&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=245&ady=533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=SRWQhCVLta&p=https%3A//userupload.net&dtd=146
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 16 Oct 2021 15:48:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame E6A8 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de5000d7b67ac82e8bdf37267546a359a9a4bdb41bc33a14fa51b43a2b6adfdf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 2279546117893684187
tpc.googlesyndication.com/daca_images/simgad/ Frame FB50 96 KB
96 KB 18ms
17ms Image
image/png 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/2279546117893684187

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5644349740&adk=3102016549&adf=3760600436&pi=t.ma~as.5644349740&w=730&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287525&bpp=1&bdt=275&idt=157&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280%2C350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=625&ady=862&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=zGvrMgUhJ9&p=https%3A//userupload.net&dtd=159

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

sffe /

Resource Hash

5f88139bb8e51d7af2e12f42570fda1196c256f3229f2bf241c1436e46312a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 03:42:05 GMT
x-content-type-options: nosniff
age: 389163
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 98111
x-xss-protection: 0
last-modified: Fri, 01 Oct 2021 15:34:08 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 12 Oct 2022 03:42:05 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/ Frame FB50 18 KB
8 KB 16ms
16ms Script
text/javascript 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5644349740&adk=3102016549&adf=3760600436&pi=t.ma~as.5644349740&w=730&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287525&bpp=1&bdt=275&idt=157&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280%2C350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=625&ady=862&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=zGvrMgUhJ9&p=https%3A//userupload.net&dtd=159

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

cafe /

Resource Hash

b2ec3db0c3ffe01385ebd2fa36b83708e505fada5609f9859a8e04a9cbdcaefd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:44:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 234
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7691
x-xss-protection: 0
server: cafe
etag: 14402072889669646931
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Oct 2021 15:44:14 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/ Frame FB50 3 KB
1 KB 25ms
25ms Script
text/javascript 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5644349740&adk=3102016549&adf=3760600436&pi=t.ma~as.5644349740&w=730&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287525&bpp=1&bdt=275&idt=157&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280%2C350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=625&ady=862&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=zGvrMgUhJ9&p=https%3A//userupload.net&dtd=159

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:47:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Oct 2021 15:47:11 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FB50 123 KB
37 KB 35ms
35ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5644349740&adk=3102016549&adf=3760600436&pi=t.ma~as.5644349740&w=730&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287525&bpp=1&bdt=275&idt=157&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280%2C350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=625&ady=862&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=zGvrMgUhJ9&p=https%3A//userupload.net&dtd=159

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

41d9de265e720a301cbd9c525fa7089a677e0b099b422579a401516212b5add3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:48:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37919
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1634125446224599"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 16 Oct 2021 15:48:08 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/ Frame FB50 14 KB
6 KB 17ms
16ms Script
text/javascript 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5644349740&adk=3102016549&adf=3760600436&pi=t.ma~as.5644349740&w=730&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287525&bpp=1&bdt=275&idt=157&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280%2C350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=625&ady=862&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=zGvrMgUhJ9&p=https%3A//userupload.net&dtd=159

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:47:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Oct 2021 15:47:24 GMT

GET
H3 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/ Frame FB50 27 KB
11 KB 26ms
25ms Script
text/javascript 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5644349740&adk=3102016549&adf=3760600436&pi=t.ma~as.5644349740&w=730&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287525&bpp=1&bdt=275&idt=157&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280%2C350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=625&ady=862&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=zGvrMgUhJ9&p=https%3A//userupload.net&dtd=159

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

cafe /

Resource Hash

8ed8383deb802055202735bd86f7b951b661e93fa119966f5f4ad0cc29e02685

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 05:29:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37145
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11228
x-xss-protection: 0
server: cafe
etag: 2676785842392005630
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Oct 2021 05:29:03 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame FB50 0
0 95ms
94ms Fetch
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C67UAN_RqYbfBLYuViQa4_6eAA_XVqtNl7_Cu_ZUPhre4k64JEAEg7KecS2CV4pCCoAegAZyv-6gCyAECqAMByAPJBKoE7QFP0P5VeHLJ7bSgNdTuKtKc9tY08BUu0w6cqi_AAZTvh_cBZNVj_Y62alZh9w2WU3tqAhyP0G9ipIlzM9yyytsOZsw-2VYgwC2YxVS95Vj-PhVxesSaYnED2mBFSr_EXD5w0XLbaO8YoLEBz3OUZAY5kNd1xqrZF83uKJq_eUt4h6ix7mgzx5XPorIaodvYTJ0ce8DVADlV4Gcl7rPuH13fvi0CynqWZvyLBewD3KXF1T8XfimJsxdHvBNMxtd9E3LOdWEldCp-dy4y1pTL_bO0vnQdTy25nIjFo24HvEBq4DMBFnGPay3o6bGMsSrABO-mgb3YA5IFBAgEGAGSBQQIBRgEoAYCgAfM0ITXAagH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgH1ckbqAemvhvYBwHyBwQQ47Mj0ggJCIDhgBAQARhfgAoByAsB2BMN0BUBmBYBgBcBshccChoIABIUcHViLTUyMjg4MDYzMDY1NDIyNDgYAA&sigh=irzgzVEji_Q

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5644349740&adk=3102016549&adf=3760600436&pi=t.ma~as.5644349740&w=730&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287525&bpp=1&bdt=275&idt=157&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280%2C350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=625&ady=862&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=zGvrMgUhJ9&p=https%3A//userupload.net&dtd=159

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5644349740&adk=3102016549&adf=3760600436&pi=t.ma~as.5644349740&w=730&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287525&bpp=1&bdt=275&idt=157&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280%2C350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=625&ady=862&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=zGvrMgUhJ9&p=https%3A//userupload.net&dtd=159
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 16 Oct 2021 15:48:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame E6A8 21 KB
21 KB 20ms
20ms Font
font/woff2 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 19:46:29 GMT
x-content-type-options: nosniff
age: 417699
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21660
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:07:18 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 Oct 2022 19:46:29 GMT

GET
H3 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame E6A8 21 KB
21 KB 23ms
22ms Font
font/woff2 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 18:21:26 GMT
x-content-type-options: nosniff
age: 422802
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21424
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:24 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 11 Oct 2022 18:21:26 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 19E5
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

82ms
82ms

Document
text/html

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUmHJ6sLURINSkpi_sxMgY5NtpInX22C5Tm9dKQwLnQdZTE2kLaN8sZTuCVBXy0; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 16 Oct 2021 15:48:08 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sat, 16-Oct-2021 16:48:08 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 16 Oct 2021 15:48:08 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 16 Oct 2021 15:48:08 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8C32 143 B
163 B 24ms
23ms Document
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5644349740&adk=3102016549&adf=3760600436&pi=t.ma~as.5644349740&w=730&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287525&bpp=1&bdt=275&idt=157&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280%2C350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=625&ady=862&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=zGvrMgUhJ9&p=https%3A//userupload.net&dtd=159

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5644349740&adk=3102016549&adf=3760600436&pi=t.ma~as.5644349740&w=730&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287525&bpp=1&bdt=275&idt=157&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280%2C350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=625&ady=862&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=zGvrMgUhJ9&p=https%3A//userupload.net&dtd=159
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUmHJ6sLURINSkpi_sxMgY5NtpInX22C5Tm9dKQwLnQdZTE2kLaN8sZTuCVBXy0; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5644349740&adk=3102016549&adf=3760600436&pi=t.ma~as.5644349740&w=730&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287525&bpp=1&bdt=275&idt=157&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280%2C350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=625&ady=862&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=zGvrMgUhJ9&p=https%3A//userupload.net&dtd=159

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 16 Oct 2021 15:09:53 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2295
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame FB50 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5aa68ca86b16149946a83c4f3338c5010e0edfde7283afc65c92ffb4cd2a77d3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8C32
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

84ms
84ms

Document
text/html

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5644349740&adk=3102016549&adf=3760600436&pi=t.ma~as.5644349740&w=730&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287525&bpp=1&bdt=275&idt=157&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280%2C350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=625&ady=862&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=zGvrMgUhJ9&p=https%3A//userupload.net&dtd=159

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUmHJ6sLURINSkpi_sxMgY5NtpInX22C5Tm9dKQwLnQdZTE2kLaN8sZTuCVBXy0; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 16 Oct 2021 15:48:08 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sat, 16-Oct-2021 16:48:08 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 16 Oct 2021 15:48:08 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 16 Oct 2021 15:48:08 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 YBeW4A8KRQKaUXRhZhiUEBaonRmLgznW2QKT5Kp-z2M.js Show response
pagead2.googlesyndication.com/bg/ Frame 0690 35 KB
13 KB 21ms
21ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YBeW4A8KRQKaUXRhZhiUEBaonRmLgznW2QKT5Kp-z2M.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5644349740&adk=3102016549&adf=3760600436&pi=t.ma~as.5644349740&w=730&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287525&bpp=1&bdt=275&idt=157&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280%2C350x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=625&ady=862&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=zGvrMgUhJ9&p=https%3A//userupload.net&dtd=159

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

601796e00f0a45029a5174616618941016a89d198b8339d6d90293e4aa7ecf63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:35:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 780
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13430
x-xss-protection: 0
last-modified: Mon, 11 Oct 2021 11:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Sun, 16 Oct 2022 15:35:08 GMT

GET
H3 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/012109102127000/ 20 KB
7 KB 78ms
25ms Script
text/javascript 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012109102127000/amp4ads-host-v0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

sffe /

Resource Hash

ea837fce2c9f11270b9b941e875abb7403de8dcfa960350eab3524663869d6ff

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 296346
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7337
x-xss-protection: 0
server: sffe
date: Wed, 13 Oct 2021 05:29:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "baff4e4cf8d00f8d"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 13 Oct 2022 05:29:02 GMT

GET
H3 200 YBeW4A8KRQKaUXRhZhiUEBaonRmLgznW2QKT5Kp-z2M.js Show response
pagead2.googlesyndication.com/bg/ Frame 0179 35 KB
13 KB 22ms
21ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YBeW4A8KRQKaUXRhZhiUEBaonRmLgznW2QKT5Kp-z2M.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

601796e00f0a45029a5174616618941016a89d198b8339d6d90293e4aa7ecf63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:35:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 780
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13430
x-xss-protection: 0
last-modified: Mon, 11 Oct 2021 11:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Sun, 16 Oct 2022 15:35:08 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame E6A8 0
17 B 97ms
96ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C2YUWN_RqYa__K4OA1fAP_OOy8A7UorPSZIGYo6OkDrCQHxABIOynnEtgleKQgqAHoAGzxuHVA8gBAakCcQ86X98mfz6oAwHIA8sEqgThAU_QP3gD8AMQdvXqCIgh4yeb6N7ZnEDIvUbVnaFmHeoizu68zICi2nge_5-8if978iFrnYD4RhKnO7liNb5LJIOALNpRRmw7Lb5GWCRy4ltsoF0wglYU6vDJh8fy3I1HFiSexLQQeY5HDL2kvbL7mGlwejatUhNCRb7PYC33uqUnOgPyd4US0r9RjaOll1LxZAjnJmhA9owHqceXKmKWCufikZJ5b7KK4_4aLi7iXu896o5zh2H-Ncjf8R7TrxXpifL3EYqfTfR74C2wqNoS8Y3w9US0hrsxFvYvPF7KWpCjPsAExLuZ_N8DkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGAB7W5niqoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB9XJG6gHpr4b2AcB8gcFEJqKiQHSCAkIgOGAEBABGF-ACgHICwHYEwKIFAXQFQGAFwGyFxwKGggAEhRwdWItNTIyODgwNjMwNjU0MjI0OBgA&sigh=QRQFOTHz6GI&cbvp=2&vis=1

Requested by

Host: userupload.net
URL: https://userupload.net/ol727fk2j587

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=9237283852&adk=1997398430&adf=4108538649&pi=t.ma~as.9237283852&w=350&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287515&bpp=7&bdt=265&idt=132&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&correlator=4704249857057&frm=20&pv=2&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=245&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=2&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=3TavoX83Rz&p=https%3A//userupload.net&dtd=145
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 16 Oct 2021 15:48:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 YBeW4A8KRQKaUXRhZhiUEBaonRmLgznW2QKT5Kp-z2M.js Show response
pagead2.googlesyndication.com/bg/ Frame D1CA 35 KB
13 KB 22ms
21ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YBeW4A8KRQKaUXRhZhiUEBaonRmLgznW2QKT5Kp-z2M.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

601796e00f0a45029a5174616618941016a89d198b8339d6d90293e4aa7ecf63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:35:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 780
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13430
x-xss-protection: 0
last-modified: Mon, 11 Oct 2021 11:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Sun, 16 Oct 2022 15:35:08 GMT

GET
H2 200 get_counts Show response
count-server.sharethis.com/v2.0/ 135 B
454 B 226ms
189ms Script
text/javascript 65.9.71.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.71.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: c940770302eed1edf1a25377cbc28bcb16dad8eb78618df9a3cd6c05b6688fd8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:48:09 GMT
via: 1.1 afcdbc9d4d397c4a65e6b312552ff7ee.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
etag: 73bec87aeaa193c8e5b9454e653105bd
x-cache: Miss from cloudfront
content-type: text/javascript
cache-control: no-cache, no-store, must-revalidate
content-length: 135
apigw-requestid: HTsY8is7IAMEPNg=
x-amz-cf-id: Nzk23G8qb-HkAchvl07oSFuTj0Xbo0zmMjmwcsJSUjEXwXJmAj1xKw==

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 26F7 40 KB
20 KB 45ms
45ms Document
text/html 142.250.185.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfG5EUUAAAAAE7XFZvJfM0HHeaV1tQQqzZ7BTiX&co=aHR0cHM6Ly91c2VydXBsb2FkLm5ldDo0NDM.&hl=de&v=qljbK_DTcvY1PzbR7IG69z1r&size=normal&cb=l4nyp9oh2gdz

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f4.1e100.net

Software

GSE /

Resource Hash

c10e76692f6c5195a94baec074956037445e2abd7f48aa97fb3941e4ae641c4b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-T+lbvhMPRiP0PVj6ZsiFhg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LfG5EUUAAAAAE7XFZvJfM0HHeaV1tQQqzZ7BTiX&co=aHR0cHM6Ly91c2VydXBsb2FkLm5ldDo0NDM.&hl=de&v=qljbK_DTcvY1PzbR7IG69z1r&size=normal&cb=l4nyp9oh2gdz
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://userupload.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 16 Oct 2021 15:48:08 GMT
content-security-policy: script-src 'report-sample' 'nonce-T+lbvhMPRiP0PVj6ZsiFhg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 20819
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 66ms
35ms XHR
application/json 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211013&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

9a82b39ba4c8ed3ba145465bbd912734451484a3830a75eb5dfb1618312a7c11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 16 Oct 2021 15:48:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8619
x-xss-protection: 0

GET
H2 200 facebook.svg
platform-cdn.sharethis.com/img/ 301 B
677 B 34ms
6ms Image
image/svg+xml 13.35.253.127
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/facebook.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-127.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sat, 02 Oct 2021 05:51:08 GMT
via: 1.1 04599a8a3c6eb66f23e5ae02d1ec4cf2.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
server: AmazonS3
age: 1245420
etag: "c6e9be45643e197ce1db1d7e24a99adc"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 301
x-amz-cf-id: 9Le2SD4pbHr-y2kXaUO2uv8hL7j_iLMKe9_kNBTGiDMPgkeGlXproA==

GET
H2 200 whatsapp.svg
platform-cdn.sharethis.com/img/ 832 B
1 KB 34ms
7ms Image
image/svg+xml 13.35.253.127
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/whatsapp.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-127.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 847eb36b4dc4b05f94052dcd98077319e74d882334a106bb9ca451ba211c9c2c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Fri, 15 Oct 2021 17:37:29 GMT
via: 1.1 04599a8a3c6eb66f23e5ae02d1ec4cf2.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
server: AmazonS3
age: 79840
etag: "afe7fc60ed757db39a88d2950fce69c9"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 832
x-amz-cf-id: Wz26oYSDKcRtyUC8zfMapywqCR-ZD1PTRdyUGIknmE3ua17o7opTZw==

GET
H2 200 messenger.svg
platform-cdn.sharethis.com/img/ 372 B
748 B 35ms
8ms Image
image/svg+xml 13.35.253.127
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/messenger.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-127.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2986551fd9e82929eabb8cba7c44f74a28d8496c744893432f067b320dff55da

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sat, 25 Sep 2021 08:29:07 GMT
via: 1.1 04599a8a3c6eb66f23e5ae02d1ec4cf2.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
server: AmazonS3
age: 1840742
etag: "a5aa43fa302867d3e888ac2f69b7b288"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 372
x-amz-cf-id: SC5gAppaCVuBbxuVKOhsfoao4pctmcnHJ1nn7PkTQwBIZhO1GvdHnA==

GET
H2 200 twitter.svg
platform-cdn.sharethis.com/img/ 731 B
1 KB 35ms
8ms Image
image/svg+xml 13.35.253.127
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/twitter.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-127.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7c93346d4f681a0be90d1dfc19346382a4700f1810f41caa54415688dee1777f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 28 Sep 2021 21:36:17 GMT
via: 1.1 04599a8a3c6eb66f23e5ae02d1ec4cf2.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
server: AmazonS3
age: 1534311
etag: "0af2fb38987598376c99e21af17ade45"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 731
x-amz-cf-id: u384YmtdZ2bGq7eQF1vgqKtx3OxCx3SyQwrMl_dKC0Y9UIXmMs_m9g==

GET
H2 200 telegram.svg
platform-cdn.sharethis.com/img/ 2 KB
1 KB 35ms
8ms Image
image/svg+xml 13.35.253.127
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/telegram.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-127.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8bdf772d9fc521b1bac964b3e1287466cc5e6497f058ef97112f9a17b2591dfb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Thu, 07 Oct 2021 23:13:34 GMT
content-encoding: gzip
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
server: AmazonS3
age: 750875
etag: W/"1e5f8bd74d9f0b6fbbae7c0cce36469e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 04599a8a3c6eb66f23e5ae02d1ec4cf2.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: f_1DZHJ_kP2s9klwzUTdroEcN0Cfm6WWv-SRKd2AFKuS7f_gfVWU6g==

GET
H2 200 sharethis.svg
platform-cdn.sharethis.com/img/ 514 B
889 B 35ms
9ms Image
image/svg+xml 13.35.253.127
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/sharethis.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-127.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9a83c65bdd0ff9488af9d25720686457ea7295c9c44f9f1d285a0c9ec89bab99

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Fri, 17 Sep 2021 06:11:13 GMT
via: 1.1 04599a8a3c6eb66f23e5ae02d1ec4cf2.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
server: AmazonS3
age: 2540216
etag: "deecdaa377907db5cc1722fc831670a1"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 514
x-amz-cf-id: qfZpKQRRCimmcwD2MiH04iyW5Aq61q4c76CECzi834Scli3IjJMWgA==

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 59ms
30ms Script
application/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=userupload.net

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 16 Oct 2021 15:48:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 78ms
34ms Script
application/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=userupload.net

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 16 Oct 2021 15:48:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F440 147 KB
41 KB 545ms
544ms Document
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&adk=1812271804&adf=3025194257&lmt=1634399288&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399288905&bpp=1&bdt=1655&idt=1&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D90714edadc3ad326-226111fef6ca00e3%3AT%3D1634399287%3ART%3D1634399287%3AS%3DALNI_MbEotF6ELDmHZDB-vuEZrTmZGVDKQ&prev_fmts=350x280%2C350x280%2C480x280%2C350x280%2C730x280&nras=1&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&psts=AGkb-H9MBXX-0UGEi7wo60qUuGG0eDOs5hOlaboUWCmWt1AsAe2FDcEZiLcmlkPVpt6fARDmWKUDWvPnftQ%2CAGkb-H_0_gH613o-A_r_dfDROIv84OJXEPp62uHYsIfIlWbH45NRZqBlCmUA5n5xyqc9urvrS3NR0IX_EMJdBA%2CAGkb-H-yRzG6LwjCmvrwgerjovdnYR9kfRZEDwLI1KLDe2vLol-7m7T-3Bi7V41m9Y_9dxfPsXtygyjVdg%2CAGkb-H-62niAh0G0JZfqvSU5Wo290HqvP1fnUn4A7efgq6HGrCvYUAcjkotx75ELAUDduB9wBeKFS1IdMffGXQ&pvsid=1408890542532897&pem=82&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=6&uci=a!6&fsb=1&dtd=53

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

b81c5bcea16a125169454bda7ad7c5958c2e3ecce83d5cfecc2cf7d64a3a17d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5228806306542248&output=html&adk=1812271804&adf=3025194257&lmt=1634399288&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399288905&bpp=1&bdt=1655&idt=1&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D90714edadc3ad326-226111fef6ca00e3%3AT%3D1634399287%3ART%3D1634399287%3AS%3DALNI_MbEotF6ELDmHZDB-vuEZrTmZGVDKQ&prev_fmts=350x280%2C350x280%2C480x280%2C350x280%2C730x280&nras=1&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&psts=AGkb-H9MBXX-0UGEi7wo60qUuGG0eDOs5hOlaboUWCmWt1AsAe2FDcEZiLcmlkPVpt6fARDmWKUDWvPnftQ%2CAGkb-H_0_gH613o-A_r_dfDROIv84OJXEPp62uHYsIfIlWbH45NRZqBlCmUA5n5xyqc9urvrS3NR0IX_EMJdBA%2CAGkb-H-yRzG6LwjCmvrwgerjovdnYR9kfRZEDwLI1KLDe2vLol-7m7T-3Bi7V41m9Y_9dxfPsXtygyjVdg%2CAGkb-H-62niAh0G0JZfqvSU5Wo290HqvP1fnUn4A7efgq6HGrCvYUAcjkotx75ELAUDduB9wBeKFS1IdMffGXQ&pvsid=1408890542532897&pem=82&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=6&uci=a!6&fsb=1&dtd=53
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://userupload.net/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUmHJ6sLURINSkpi_sxMgY5NtpInX22C5Tm9dKQwLnQdZTE2kLaN8sZTuCVBXy0; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 16 Oct 2021 15:48:09 GMT
server: cafe
content-length: 42180
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 26ms
26ms Script
text/javascript 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:48:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sat, 16 Oct 2021 15:48:09 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/ Frame 26F7 52 KB
25 KB 23ms
23ms Stylesheet
text/css 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfG5EUUAAAAAE7XFZvJfM0HHeaV1tQQqzZ7BTiX&co=aHR0cHM6Ly91c2VydXBsb2FkLm5ldDo0NDM.&hl=de&v=qljbK_DTcvY1PzbR7IG69z1r&size=normal&cb=l4nyp9oh2gdz

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 15 Oct 2021 12:02:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 99937
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25732
x-xss-protection: 0
last-modified: Mon, 04 Oct 2021 04:21:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="recaptcha"
expires: Sat, 15 Oct 2022 12:02:32 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/ Frame 26F7 346 KB
135 KB 31ms
31ms Script
text/javascript 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

24888ff57c1714336f283a67e22f1207ef9826694a9078e1cda9d581ff148407

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 14:36:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4303
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137921
x-xss-protection: 0
last-modified: Mon, 04 Oct 2021 04:21:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="recaptcha"
expires: Sun, 16 Oct 2022 14:36:26 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 3C9B 12 KB
5 KB 16ms
16ms Document
text/html 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://userupload.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Sat, 16 Oct 2021 15:21:17 GMT
expires: Sun, 16 Oct 2022 15:21:17 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1612
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9B5F 783 B
537 B 30ms
30ms Document
text/html 142.250.185.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f4.1e100.net

Software

GSE /

Resource Hash

f006ae99c8aeb51fef04f64b4c3eaa871047fdd8b04c006e7491fce87540db42

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-QVz/YCA6KxNZ2+0UwYIgGQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://userupload.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 16 Oct 2021 15:48:09 GMT
date: Sat, 16 Oct 2021 15:48:09 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-QVz/YCA6KxNZ2+0UwYIgGQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 515
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 YBeW4A8KRQKaUXRhZhiUEBaonRmLgznW2QKT5Kp-z2M.js Show response
pagead2.googlesyndication.com/bg/ Frame 3C9B 35 KB
13 KB 22ms
21ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YBeW4A8KRQKaUXRhZhiUEBaonRmLgznW2QKT5Kp-z2M.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

601796e00f0a45029a5174616618941016a89d198b8339d6d90293e4aa7ecf63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:35:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 781
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13430
x-xss-protection: 0
last-modified: Mon, 11 Oct 2021 11:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Sun, 16 Oct 2022 15:35:08 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9B5F 0
0 61ms
61ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211013&jk=1408890542532897&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 26F7 14 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 26F7 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 26F7 2 KB
2 KB 23ms
23ms Image
image/png 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 10 Oct 2021 11:16:19 GMT
x-content-type-options: nosniff
age: 534710
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="recaptcha"
expires: Sun, 17 Oct 2021 11:16:19 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 26F7 15 KB
15 KB 20ms
20ms Font
font/woff2 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 19:58:13 GMT
x-content-type-options: nosniff
age: 416996
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 Oct 2022 19:58:13 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 26F7 102 B
134 B 30ms
29ms Other
text/javascript 142.250.185.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=qljbK_DTcvY1PzbR7IG69z1r

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f4.1e100.net

Software

GSE /

Resource Hash

b09b62ea3362a0e9cdf0a6362e6f0c478744254a9d080b0a0e6c943a05376919

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfG5EUUAAAAAE7XFZvJfM0HHeaV1tQQqzZ7BTiX&co=aHR0cHM6Ly91c2VydXBsb2FkLm5ldDo0NDM.&hl=de&v=qljbK_DTcvY1PzbR7IG69z1r&size=normal&cb=l4nyp9oh2gdz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:48:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Sat, 16 Oct 2021 15:48:09 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 2DA3 0
0 62ms
61ms Fetch
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CKS5UN_RqYZC6LOqBxgLqyLLQB8zFjfZj8O2r2bQOt9qivcABEAEg7KecS2CV4pCCoAegAb7o0NgDyAEJqQL2ddabsXWzPqgDAaoE0AFP0MdCv5eVsR-93tLHm7TLHU45kGXJ5XqeKAUfReKiAkUpLI004O_lwwYaJHQ-7FpLnMaXs6Du8r61nFUVUU-8NXZTCfDBrn1z-3DuhTCHevyTBNvI6j5kau87c2Dam11R5lDkS-pmxaIL_o3OgldveG9snw6qvRcd9bri3QOKMqW5qmDhJjQiOp_HoD64itykXonK-QRFj1-zloxwifE9_yMrJcdIe9LZ7INvarHAE93m8Vm3gLYzMBrfvFQD7q6H7T082dEcLkAvJAAEMkiJwATr1PbrzwOgBi6AB8i4_kCoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB9XJG6gHpr4b2AcA8gcEEIrxLdIICQiA4YAQEAEYX4AKAcgLAbgTiCfYEwOIFAHQFQGAFwGyFxwKGggAEhRwdWItNTIyODgwNjMwNjU0MjI0OBgA&sigh=JhVxZzkD3TE&vt=1&template_id=5000&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=1042759759&adk=2198837252&adf=2833722400&pi=t.ma~as.1042759759&w=350&fwrn=4&fwrnh=100&lmt=1634399287&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2Fol727fk2j587&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634399287524&bpp=1&bdt=273&idt=154&shv=r20211013&mjsv=m202110080101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280&correlator=4704249857057&frm=20&pv=1&ga_vid=165182515.1634399287&ga_sid=1634399287&ga_hid=1334984670&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=1005&ady=512&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063044%2C31063046%2C31062524%2C31062949&oid=3&pvsid=1408890542532897&pem=82&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=z6MWPgzUps&p=https%3A//userupload.net&dtd=156
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 16 Oct 2021 15:48:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2DA3 42 B
64 B 57ms
57ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu5MSqzoDKZg0uIcpqf0ap7OqfTs2sseGvSWGqekpXyZjPDxUAtCOVRQOSTxrfv0jssE22yRgitrsBfxhCSWuXHE1um5SaZBtpug4TYFwB_P4brnblcEA&sai=AMfl-YQrsUZosctsgAsJIWnmMhNod0Uwd57HM1RjtRbOoOCBecugQH2nyu4a_8ijxEDctQaDX4bn7oe_qN81&sig=Cg0ArKJSzDn-UteEZjugEAE&id=lidar2&mcvt=1031&p=512,1005,792,1355&mtos=1031,1031,1031,1031,1031&tos=1031,0,0,0,0&v=20211013&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=2198837252&rs=2&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1634399287681&rpt=472&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Oct 2021 15:48:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame 0214 7 KB
1 KB 33ms
33ms Document
text/html 142.250.185.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=de&v=qljbK_DTcvY1PzbR7IG69z1r&k=6LfG5EUUAAAAAE7XFZvJfM0HHeaV1tQQqzZ7BTiX

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f4.1e100.net

Software

GSE /

Resource Hash

5d42d7a3477955a4a3377ce3570a5def55fd7fd224962057e48936c5f58af6ef

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-YFH98rinnMoxwZr/d1zuPg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=de&v=qljbK_DTcvY1PzbR7IG69z1r&k=6LfG5EUUAAAAAE7XFZvJfM0HHeaV1tQQqzZ7BTiX
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://userupload.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 16 Oct 2021 15:48:09 GMT
content-security-policy: script-src 'report-sample' 'nonce-YFH98rinnMoxwZr/d1zuPg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1112
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/ Frame 0214 52 KB
25 KB 23ms
23ms Stylesheet
text/css 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=qljbK_DTcvY1PzbR7IG69z1r&k=6LfG5EUUAAAAAE7XFZvJfM0HHeaV1tQQqzZ7BTiX

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 15 Oct 2021 12:02:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 99937
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25732
x-xss-protection: 0
last-modified: Mon, 04 Oct 2021 04:21:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="recaptcha"
expires: Sat, 15 Oct 2022 12:02:32 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/ Frame 0214 346 KB
135 KB 24ms
24ms Script
text/javascript 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=qljbK_DTcvY1PzbR7IG69z1r&k=6LfG5EUUAAAAAE7XFZvJfM0HHeaV1tQQqzZ7BTiX

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

24888ff57c1714336f283a67e22f1207ef9826694a9078e1cda9d581ff148407

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 14:36:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4303
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137921
x-xss-protection: 0
last-modified: Mon, 04 Oct 2021 04:21:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="recaptcha"
expires: Sun, 16 Oct 2022 14:36:26 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 57ms
57ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211013&jk=1408890542532897&bg=!GBulG1_NAAao6lBpqOo7ACkAdvg8Wt2MaakGweKO3LGkCEvBatAeWVOJ-HgGCknQaZDlAs6qP_JFxwIAAAB3UgAAAApoAQcKAHcvbvmyMW-3aVaP6IhOlQyn5v6kWULNKgo5SZkmu7lpcoewFwHcOFBu1uX3N5umxILwM3hHL60IrQtqS-sEQ7eI4nj4ww7zl4gnAeKzQiqG0W05w042a6xOKzxPvnkQUzeLpCENCbAd-9M5lMNp17WzDDgy2uGwwJkCnKuh3qGcooJC_RUPNbFznZvenNOtZIs2qgIxvrD5B9N_Ezi-eq_dvaBhwvKoj_UsTgz3_UKoCcolbZiOnbtlBVngBtLCvgkq5QSPIFHluMlGsQ9DAM2Vbd3Z1iTy70laSbrzwFgVhIpvbc03m033qQ4pC-b70F_a8kHBhIF4zJzV2ElF1yNo1DNQ5xVXXAKazdoz6W2hjp0Y1ccu3-P3hc3F3hemvjUhCtJhVCEza-7xfmmQ2CnkRhnwUK1fUJfp9jKobnQB3JXZN5XHaL5BRBUv4YI8LHfOR4E4m3c5a3km0wqHLGffUUvJPsJ5wtQSB4rgOCHfXywLMUiZYFg1lOLLR7SgvNZ1yluoD7CNlRkxtOewhJxbi0h52zQKmQNcI-BM0pWv5AIJZM9NW7ZoXNLoPm34dRTlxFGBm7GQ11Kfy8fBz_Wh0wHoPAvnLjM1Tbl7eic94B6a5cFvcOsBrJ4b2l4T3oOeQaTWKtVY31KRi14HE5QWJ7wh3YAOyvJ5BqtTtD0UsrpwoeKcm54mzpYWlqlRXZOx63TpPTjMM54-xK7xU6XeBDf2yRzAKTAy7RvRyXTyCIHyRQvFL3yog2KsF0SeTswy0RySu6B1ClgGlU4tuyMW3lREo58h64bopLTq4ag66LJ6UgiM_A4SFBn3neDPYjqi2csNZv81ldN-TLJpgakHMzEzhrta6_tZadEGXfSCoRypgFX89TAjDMUe2QXTg2Cu-89FGD3bjZ9bxU1CqHtocv-ZZaYlAwcEYcfQ6YqxnLbRQ5iJJAYDFu38OwNJ4_hLZUuqmltSlwEqNrFhX6NKy173r5cLRk26xaVD63EuAh0BiY7VFlNZ6RPrHROZYc9Gks2az3tCw9tStigZHlMlmB40k3oK

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Oct 2021 15:48:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110080101/ 143 KB
51 KB 69ms
68ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110080101/reactive_library_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

31482b9e7989803c418ff1d8667f90efef846f1e4440bcf5a233dacf062c9491

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:48:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52637
x-xss-protection: 0
server: cafe
etag: 13857481073196887475
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sat, 16 Oct 2021 15:48:09 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 30ms
29ms Script
application/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=userupload.net

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 16 Oct 2021 15:48:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 34ms
34ms Script
application/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=userupload.net

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 16 Oct 2021 15:48:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211013/r20110914/ Frame 4EC2 10 KB
5 KB 24ms
23ms Document
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211013/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

8f297a42c731c5e6412ef47dff5d7697e142a28abe98d34b515951d40e5e9f7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20211013/r20110914/zrt_lookup.html?fsb=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://userupload.net/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUmHJ6sLURINSkpi_sxMgY5NtpInX22C5Tm9dKQwLnQdZTE2kLaN8sZTuCVBXy0; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 16 Oct 2021 00:26:23 GMT
expires: Sat, 30 Oct 2021 00:26:23 GMT
content-type: text/html; charset=UTF-8
etag: 9069739545958607985
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4691
x-xss-protection: 0
age: 55306
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame FB50 42 B
64 B 56ms
56ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssc2sRPYAfeibtbEkLBMS6YG0Z_JzW623ybpgJeKThFzacycY0Jxk1kicMRsdeTB80StIQ_KDWccN4fdP9YcUsqrId3ODQgBAy0EriEu308nXuU0jW7mw&sai=AMfl-YSvA5ft6jYx4Zg6arWoxXWoDCBX8J9i7_bOkm2ykp11Sm3_hBkPHghqgts4Bo9MxI9PRPHQBR8ITDcA&sig=Cg0ArKJSzAttsw3N1-SPEAE&id=lidar2&mcvt=1001&p=917,625,1105,1355&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20211013&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=3102016549&rs=2&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1634399287685&rpt=935&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Oct 2021 15:48:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css2
fonts.googleapis.com/ Frame 4EC2 4 KB
635 B 33ms
33ms Stylesheet
text/css 142.250.186.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211013/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.42 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f10.1e100.net

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 16 Oct 2021 14:21:35 GMT
server: ESF
date: Sat, 16 Oct 2021 15:48:09 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Sat, 16 Oct 2021 15:48:09 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4EC2 205 B
229 B 23ms
23ms Image
image/png 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211013/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 14:02:17 GMT
x-content-type-options: nosniff
age: 6352
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 16 Oct 2022 14:02:17 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4EC2 604 B
628 B 24ms
24ms Image
image/png 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211013/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:52:09 GMT
x-content-type-options: nosniff
age: 302160
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 13 Oct 2022 03:52:09 GMT

GET
H3 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/elements/html/ Frame 4EC2 18 KB
8 KB 16ms
16ms Script
text/javascript 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211013/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

cafe /

Resource Hash

77de1a1b00ac331116f7aa733e701b7d7af3780b94f85d21485426ae2e0b1013

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:18:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1771
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7847
x-xss-protection: 0
server: cafe
etag: 3335447531747852050
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Oct 2021 15:18:38 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame C617 3 KB
580 B 32ms
32ms Stylesheet
text/css 142.250.186.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211013/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.42 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f10.1e100.net

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 16 Oct 2021 14:07:47 GMT
server: ESF
date: Sat, 16 Oct 2021 15:48:09 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Sat, 16 Oct 2021 15:48:09 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/ Frame C617 2 KB
926 B 16ms
16ms Script
text/javascript 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211013/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

cafe /

Resource Hash

1b4e852fde612daeb72f1f4cca801a99cc2730875048c5ac3faa9f5ca5854155

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:29:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1102
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 885
x-xss-protection: 0
server: cafe
etag: 638833322182864030
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Oct 2021 15:29:47 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/ Frame C617 18 KB
8 KB 16ms
16ms Script
text/javascript 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211013/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

cafe /

Resource Hash

b2ec3db0c3ffe01385ebd2fa36b83708e505fada5609f9859a8e04a9cbdcaefd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:44:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 235
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7691
x-xss-protection: 0
server: cafe
etag: 14402072889669646931
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Oct 2021 15:44:14 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/ Frame C617 3 KB
1 KB 16ms
16ms Script
text/javascript 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211013/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:47:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Oct 2021 15:47:11 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C617 123 KB
37 KB 36ms
35ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211013/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

41d9de265e720a301cbd9c525fa7089a677e0b099b422579a401516212b5add3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:48:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37919
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1634125446224599"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 16 Oct 2021 15:48:09 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/ Frame C617 14 KB
6 KB 17ms
16ms Script
text/javascript 172.217.23.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211013/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f1.1e100.net

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:47:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 30 Oct 2021 15:47:24 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame C617 0
0 29ms
29ms Image
text/html 142.250.185.100
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQIPz8iP6naGyZbo3qZ040Iw79bqN7jRCvsvewn9y4FE1gavTXZpAI4pnCMekjNxUU9yUUvm-9ZkBzoa0J0u7x-YhSD7A
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211013/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s49-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H3 200 94b9e9edb15b7c220f12fa63d878a5af.js Show response
www.gstatic.com/mysidia/ Frame C617 27 KB
11 KB 23ms
23ms Script
text/javascript 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/94b9e9edb15b7c220f12fa63d878a5af.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211013/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

3d1246d2fe982f57c0a911530b2fa93a679e42c0d897151f39cffa4762c55f5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 11:43:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14667
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11213
x-xss-protection: 0
last-modified: Tue, 12 Oct 2021 03:34:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Fri, 14 Jan 2022 11:43:42 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6381 42 B
64 B 55ms
55ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstPQocZQlzn43qXHxoAYwYEHkS1SCEfnXoXNbW4H-z5OL2bkc238DNTj8gxYzCLDbsYkJH_K_KiUIQvb75ouCpan2nfcwF_x8_XFd4FtLMmGlM_r35rpg&sai=AMfl-YSm6JtKZOq11jNSCR-a-GFRIDlf73Z8qoSV8rARfrt0nnYo-S9NHQfQlgF_opLR5apuxHfuqVOj3iUk&sig=Cg0ArKJSzBCsvFnu8GwCEAE&id=lidar2&mcvt=1021&p=150,695,430,1175&mtos=1021,1021,1021,1021,1021&tos=1021,0,0,0,0&v=20211013&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=2448036532&rs=2&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1634399287673&rpt=1014&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Oct 2021 15:48:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame F928 1 KB
749 B 21ms
21ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211013/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 16 Oct 2021 08:58:57 GMT
expires: Sun, 17 Oct 2021 08:58:57 GMT
content-type: text/html; charset=ISO-8859-1
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 24552
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame F928 43 B
609 B 63ms
22ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESELhF2PH6LaUSANGR3Aa2YtY&google_push=AYg5qPLx7YamGIeE-WKl9pTwOM8CZUs1kTNDZt7pGW_g97SreUVXp4ZAv0xFpNVDyV7mSnetQMGc8OTpCTF9WTu24x0MEN2THSeH&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211013/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Oct 2021 15:48:09 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F928
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEE4TKBYQTPco8XcnDtSplcs&google_cver=1&google_push=AYg5qPJgmb42kPF4i62jWIqXsc8-aYol8KEC4So6StMX8tEQ-BQUDWTNajj5llpg791OAoPU-OGTb-4oyCbXRLJnJcy0PnwpwKvb
https://rtb.openx.net/sync/dds?google_gid=CAESEE4TKBYQTPco8XcnDtSplcs&google_cver=1&google_push=AYg5qPJgmb42kPF4i62jWIqXsc8-aYol8KEC4So6StMX8tEQ-BQUDWTNajj5llpg791OAoPU-OGTb-4oyCbXRLJnJcy0PnwpwKvb&...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJgmb42kPF4i62jWIqXsc8-aYol8KEC4So6StMX8tEQ-BQUDWTNajj5llpg791OAoPU-OGTb-4oyCbXRLJnJcy0PnwpwKvb&google_hm=KI_27VsWyF4zNSA8TroB3Q==

170 B
188 B

55ms
34ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJgmb42kPF4i62jWIqXsc8-aYol8KEC4So6StMX8tEQ-BQUDWTNajj5llpg791OAoPU-OGTb-4oyCbXRLJnJcy0PnwpwKvb&google_hm=KI_27VsWyF4zNSA8TroB3Q==

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Oct 2021 15:48:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 16 Oct 2021 15:48:08 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJgmb42kPF4i62jWIqXsc8-aYol8KEC4So6StMX8tEQ-BQUDWTNajj5llpg791OAoPU-OGTb-4oyCbXRLJnJcy0PnwpwKvb&google_hm=KI_27VsWyF4zNSA8TroB3Q==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: 8t74ffgki5te4d8spbteajq7no4t2b7k

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F928
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=DUoZo2SXRxqhHZwjZt1N9Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

64ms
33ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=DUoZo2SXRxqhHZwjZt1N9Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLYEOmJihA27AVYzjCDsPPuacZYlY38Dnyz70Up7-03p08WkEyXmiZtRWBnnNb79_8AWCgUIwDbz44o2aK_ZGiWLB_xM7Vq

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Oct 2021 15:48:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=DUoZo2SXRxqhHZwjZt1N9Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLYEOmJihA27AVYzjCDsPPuacZYlY38Dnyz70Up7-03p08WkEyXmiZtRWBnnNb79_8AWCgUIwDbz44o2aK_ZGiWLB_xM7Vq
date: Sat, 16 Oct 2021 15:48:09 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame F928
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPkHOHsPgNBQEw0pwW5I4QI&google_cver=1&google_push=AYg5qPLifPOD_2kSkXgQ9kCdRFFuE5s9BOaFeNXQuE6wopVo1f7urHqzlpL6rwZvQHzvbaj-Ii2...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VUWjRaNFQtVC1LTE1T&google_push=AYg5qPLifPOD_2kSkXgQ9kCdRFFuE5s9BOaFeNXQuE6wopVo1f7urHqzlpL6rwZvQHzvbaj-Ii2EZ-Si97eW35Kfe0KO5JkBLjXN

170 B
329 B

45ms
34ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VUWjRaNFQtVC1LTE1T&google_push=AYg5qPLifPOD_2kSkXgQ9kCdRFFuE5s9BOaFeNXQuE6wopVo1f7urHqzlpL6rwZvQHzvbaj-Ii2EZ-Si97eW35Kfe0KO5JkBLjXN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Oct 2021 15:48:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VUWjRaNFQtVC1LTE1T&google_push=AYg5qPLifPOD_2kSkXgQ9kCdRFFuE5s9BOaFeNXQuE6wopVo1f7urHqzlpL6rwZvQHzvbaj-Ii2EZ-Si97eW35Kfe0KO5JkBLjXN
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame F928
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD...

0
0

GET
H2 200 trk
ag.innovid.com/ Frame F928 43 B
297 B 103ms
19ms Image
image/gif 52.56.187.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEB_5XpyeV4ktDUlHjiYP5ho&google_cver=1&google_push=AYg5qPKa5tOT_FBNyeokOQdrpRWY-3_qFSGFjRo9vmmTtrQ5EG3GHkp8Djg0G0Nejt_CfjUbXPZ2DamPe4FqZBeXszeaQNJ6UlmS
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211013/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.56.187.155 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-56-187-155.eu-west-2.compute.amazonaws.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Oct 2021 15:48:09 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F928
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEL6d9X4mfQyrS5-60rWhKA4&google_cver=1&google_push=AYg5qPI8moZ4KvcWxZ-0KbxU...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPI8moZ4KvcWxZ-0KbxU3_0d2QAmKZ3cgXFtL0toNpnm48iR3ClR2GA_z8Pr3JnSp2ujy4XGScISYZ9cxAn_yvN1e6Z--5m2Ow&google_hm=

170 B
188 B

59ms
33ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPI8moZ4KvcWxZ-0KbxU3_0d2QAmKZ3cgXFtL0toNpnm48iR3ClR2GA_z8Pr3JnSp2ujy4XGScISYZ9cxAn_yvN1e6Z--5m2Ow&google_hm=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Oct 2021 15:48:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 16 Oct 2021 15:48:09 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPI8moZ4KvcWxZ-0KbxU3_0d2QAmKZ3cgXFtL0toNpnm48iR3ClR2GA_z8Pr3JnSp2ujy4XGScISYZ9cxAn_yvN1e6Z--5m2Ow&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Fri, 15 Oct 2021 15:48:09 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame F928 0
253 B 80ms
31ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KjZ3OXDtOzG8G2vO6ZYXRVRB9sBRJA33ea4UtBRItqgSVxVGNMra2gucfZPQTNkTQzj-AMIg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211013/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:48:09 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 YBeW4A8KRQKaUXRhZhiUEBaonRmLgznW2QKT5Kp-z2M.js Show response
pagead2.googlesyndication.com/bg/ Frame BFB7 35 KB
13 KB 22ms
22ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YBeW4A8KRQKaUXRhZhiUEBaonRmLgznW2QKT5Kp-z2M.js

Requested by

Host: userupload.net
URL: https://userupload.net/ol727fk2j587

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

601796e00f0a45029a5174616618941016a89d198b8339d6d90293e4aa7ecf63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:35:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 781
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13430
x-xss-protection: 0
last-modified: Mon, 11 Oct 2021 11:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Sun, 16 Oct 2022 15:35:08 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 7BBC 42 B
64 B 55ms
55ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstegTUwfjbqKo9VKCLNj_9P3UPA5CDv4wWisUwobbSepbpsRpF3EYPLB_YRTaGd-xE_IZwNE0YuIqt_64gRX8TlWd9rJKzSHXGPgK6Lkk2EF0tUU9Ptkg&sai=AMfl-YS4VsV1NzvGog1Saq37EqZOtFRj6BEVSapQeRkvJ3KPwmO6ls4pYvofHl3JQ0SMv8Wk67UGs-bg_Pqz&sig=Cg0ArKJSzB7ND2wZaaCkEAE&id=ampim&o=245,533&d=336,280&ss=1600,1200&bs=1600,1200&mcvt=1043&mtos=0,0,1043,1043,1043&tos=0,0,1043,0,0&tfs=182&tls=1225&g=100&h=100&tt=1225&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=3658158944

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Oct 2021 15:48:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E6A8 42 B
64 B 54ms
54ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsutUgU1w4z2zr2E8f3aC-EtAfe1J0rjazCbanwc0FnDG6apW1vltODfSJQHH0jNMszs7OoIqbtIuCj3UMt6AmtoFQsQBaaklYl9fGEqaa_10xl0zDGV7A&sai=AMfl-YT0SbjzB1RndpPdYBw5Wak3g4Q3zgtSbJuu2RkP03H3HE6UeqZrYxugQaJwiGhpDLFF6TwZQaEhe56n&sig=Cg0ArKJSzAvG4dj-Oxt1EAE&id=lidar2&mcvt=1000&p=0,0,280,350&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211013&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=1997398430&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1634399287662&rpt=1231&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 16 Oct 2021 15:48:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 6sD0slklPc.jpg
ads.yahoo.com/ 0
445 B 67ms
18ms Image
text/plain 87.248.118.22
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/6sD0slklPc.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

87.248.118.22 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

e1.ycpi.vip.deb.yahoo.com

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:48:10 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

GET
H/1.1 404
Not Found banner.jpg
cas.clickability.com/ 103 B
103 B 480ms
97ms Image
application/javascript 34.193.231.74
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cas.clickability.com/banner.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.193.231.74 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-193-231-74.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 527e36483bc438a88b8fdf6e45fd8c35e80cc233e565d3a8e3917dda396fa926

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 16 Oct 2021 15:48:10 GMT
X-Server-Name: az-adserver1
Connection: close
Content-Length: 103
Server: Apache
Content-Type: application/javascript

GET
H2 200 favicon.ico
advertising.yahoo.com/ 2 KB
3 KB 146ms
45ms Image
image/x-icon 87.248.100.208
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://advertising.yahoo.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

87.248.100.208 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

media-router-ui71.prod.media.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

c6f7ee2cadae2e121342a8c4245141175bfe887776206deb17149d46cf3aa827

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://yahoo.lookbookhq.com https://yahoo.lookbookhq.com http://b2bmarketing.yahoo.net https://b2bmarketing.yahoo.net analytics-cs.yahoo.com;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 15:40:59 GMT
x-content-type-options: nosniff
age: 431
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
strict-transport-security: max-age=31536000
content-length: 2238
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 23 Sep 2019 20:01:40 GMT
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: SAMEORIGIN
content-type: image/x-icon
cache-control: max-age=900, public
content-security-policy: frame-ancestors 'self' http://yahoo.lookbookhq.com https://yahoo.lookbookhq.com http://b2bmarketing.yahoo.net https://b2bmarketing.yahoo.net analytics-cs.yahoo.com;
accept-ranges: bytes
expires: Wed, 15 Dec 2021 15:40:59 GMT

GET
H/1.1

200
OK

solutions
partnernetwork.ebay.com/
Redirect Chain

https://adn.ebay.com/2WUf.jpg
https://partnernetwork.ebay.com/affiliate-marketing-tools
https://partnernetwork.ebay.com/solutions

0
0

216ms
208ms

Image
text/html

66.135.200.158
EBAY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partnernetwork.ebay.com/solutions
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 66.135.200.158 , United States, ASN11643 (EBAY, US),
Reverse DNS: epnpartnernetwork-web-public-1-1-slc.ebay.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Redirect headers

Date: Sat, 16 Oct 2021 15:48:11 GMT
x-frame-options: sameorigin
Vary: Accept, Accept-Encoding
Content-Type: text/plain; charset=utf-8
Location: /solutions
Connection: keep-alive
Strict-Transport-Security: max-age=600
Content-Length: 32

GET
H/1.1

200
OK

solutions
partnernetwork.ebay.com/
Redirect Chain

https://adn.ebay.com/skyscraper.jpg
https://partnernetwork.ebay.com/affiliate-marketing-tools
https://partnernetwork.ebay.com/solutions

0
0

220ms
213ms

Image
text/html

66.135.200.158
EBAY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partnernetwork.ebay.com/solutions
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 66.135.200.158 , United States, ASN11643 (EBAY, US),
Reverse DNS: epnpartnernetwork-web-public-1-1-slc.ebay.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Redirect headers

Date: Sat, 16 Oct 2021 15:48:11 GMT
x-frame-options: sameorigin
Vary: Accept, Accept-Encoding
Content-Type: text/plain; charset=utf-8
Location: /solutions
Connection: keep-alive
Strict-Transport-Security: max-age=600
Content-Length: 32

GET
H2 200 adclient-002147-host1-banner-ad.jpg
juicyads.com/ 0
0 69ms
34ms Image
text/html 151.139.128.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://juicyads.com/adclient-002147-host1-banner-ad.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map3.hwcdn.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: *

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD7IXzenrxZYnoEmaPMCJs463vkWjOf7c2N8_SgBi1urylNee6HhUSNpZllmkQl5R

Verdicts & Comments Add Verdict or Comment

113 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

25 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.userupload.net/	1969-12-31 23:59:59	Name: lang Value: german
.userupload.net/	1970-01-19 22:20:08	Name: aff Value: 18440
.userupload.net/	1970-01-20 15:31:11	Name: __utma Value: 30043835.165182515.1634399287.1634399287.1634399287.1
.userupload.net/	1969-12-31 23:59:59	Name: __utmc Value: 30043835
.userupload.net/	1970-01-20 02:22:47	Name: __utmz Value: 30043835.1634399287.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.userupload.net/	1970-01-19 21:59:59	Name: __utmt Value: 1
.userupload.net/	1970-01-19 22:00:01	Name: __utmb Value: 30043835.1.10.1634399287
.userupload.net/	1970-01-20 07:21:35	Name: __gads Value: ID=90714edadc3ad326-226111fef6ca00e3:T=1634399287:RT=1634399287:S=ALNI_MbEotF6ELDmHZDB-vuEZrTmZGVDKQ
.doubleclick.net/	1970-01-20 07:21:35	Name: IDE Value: AHWqTUmHJ6sLURINSkpi_sxMgY5NtpInX22C5Tm9dKQwLnQdZTE2kLaN8sZTuCVBXy0
m.exactag.com/	1970-01-20 00:09:35	Name: exactag_new_gk Value: 85d24c0a1bec4564a04060f8191b0540%7c15.12.2021+15%3a48%3a08
m.exactag.com/	1970-01-20 02:19:11	Name: exactag_new_uk Value: 5af1ed256f604f5d836baf127a39a862%7c
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: 0b93f9bbcc934d249444782d
.doubleclick.net/	1970-01-19 22:00:02	Name: DSID Value: NO_DATA
.casalemedia.com/	1970-01-20 06:45:35	Name: CMID Value: YWr0OWXv4wgYsbF6lS9ZMQAA
.casalemedia.com/	1970-01-20 00:09:35	Name: CMPS Value: 3223
.pubmatic.com/	1970-01-19 22:01:25	Name: KTPCACOOKIE Value: YES
.openx.net/	1970-01-20 06:45:35	Name: i Value: 24754388-5b17-4e87-8f97-a463f984089a\|1634399289
.mookie1.com/	1970-01-20 07:28:47	Name: id Value: 10812439019151949999
.mookie1.com/	1970-01-20 07:28:47	Name: mdata Value: 1\|10812439019151949999\|1634399289841
.mookie1.com/	1970-01-20 07:28:47	Name: ov Value: 558f0edbea77524f249458eb5b8a5306
.innovid.com/	1970-01-20 00:09:35	Name: uuid Value: a47d78be-8291-4733-b847-5d0e60dadf1b-20211016 11:48:09
.pubmatic.com/	1970-01-20 00:09:35	Name: KADUSERCOOKIE Value: 0D4A19A3-6497-471A-A11D-9C2366DD4DF5
.casalemedia.com/	1970-01-20 00:09:35	Name: CMPRO Value: 1204
.casalemedia.com/	1970-01-19 22:01:25	Name: CMST Value: YWr0OWFq9DkA
.yahoo.com/	1970-01-20 06:45:56	Name: A3 Value: d=AQABBDr0amECEMwym186rgYvDxbcbFXUEsUFEgEBAQFFbGF0YQAAAAAA_eMAAA&S=AQAAAoBHcYIYw_rNVe4SRz-9U0w

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cas.clickability.com/banner.jpg Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWr0OWXv4wgYsbF6lS9ZMQAABLQAAAAB&google_gid=CAESEL_Pp5ZvfPmcHDb7d3Haiwc&google_cver=1&google_push=AYg5qPIF-LOaBryjGlgaqmiigFe3wt9tByWBD7IXzenrxZYnoEmaPMCJs463vkWjOf7c2N8_SgBi1urylNee6HhUSNpZllmkQl5R Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adn.ebay.com
ads.yahoo.com
adservice.google.com
adservice.google.de
advertising.yahoo.com
ag.innovid.com
ajax.cloudflare.com
buttons-config.sharethis.com
cas.clickability.com
cdn.ampproject.org
cdnjs.cloudflare.com
cm.g.doubleclick.net
count-server.sharethis.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
image6.pubmatic.com
juicyads.com
l.sharethis.com
m.exactag.com
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
partnernetwork.ebay.com
pixel.rubiconproject.com
platform-api.sharethis.com
platform-cdn.sharethis.com
rtb.openx.net
ssl.google-analytics.com
stats.g.doubleclick.net
tgwidget.com
tpc.googlesyndication.com
userupload.net
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
cm.g.doubleclick.net
104.16.18.94
104.17.73.14
13.32.29.6
13.35.253.127
142.250.181.225
142.250.181.226
142.250.184.194
142.250.184.226
142.250.185.100
142.250.185.104
142.250.185.130
142.250.185.142
142.250.186.130
142.250.186.163
142.250.186.34
142.250.186.42
142.250.186.67
151.139.128.10
172.217.23.97
185.64.189.115
34.193.231.74
34.98.67.61
35.186.253.211
51.89.234.230
52.29.0.64
52.56.187.155
65.9.71.35
65.9.71.8
66.135.200.158
66.135.208.180
69.173.144.139
74.125.206.155
79.137.68.187
85.14.248.91
87.248.100.208
87.248.118.22
95.217.229.114
006b67e717e5f1b16d776c1627b298cbab7183711957008cdc8579535f64cff8
08d4e6308d4549372380e8a8d6b3de7613d304b43c2e6f50053af0338e5e0f67
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d
0d0f3ef57b5ca725823a5952f4f19fdde76751a8035b74b256a6a0500cca592e
0da7fc1ae23678b2872653962d147fcd1cbd0a5a9c8f84d44ae99bc581fd9062
0f36b1fb32a4629666406b3cddae258555f52cd7a33ee7877a0cb9215d521e08
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
19ad029fe2230dc2b7eda8d3c2b8d872aae2e718c0209bcaec04cd51a04d9165
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
1b4e852fde612daeb72f1f4cca801a99cc2730875048c5ac3faa9f5ca5854155
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
2111c2f729eb37e28915862281651c614ab08bfac15bb8cbe6c38949c061b172
235dd149eac993d9f773d67eb3432fda6c4d81c98d29c4fb150707fae2b59908
24888ff57c1714336f283a67e22f1207ef9826694a9078e1cda9d581ff148407
257c07e40f4fdd78d66090a4347816a4777d8f2ab8b266d4aebf56da90538cbc
2986551fd9e82929eabb8cba7c44f74a28d8496c744893432f067b320dff55da
2cba2916c78e3f442584243b33feccbaa758139e7c858129d18d10edce2f7978
2df25ed583d39ca73718949dd3c20036cdfba57ce4725b2a4564a47071b8be9c
2e8fa2037c41372ddc72ea1e08a477ba37998b54b5416b8cff0554fa5b865e27
303691584e2a6cdc4c595a005b869ad0a9cca864c24ae5ad9147848763d8354d
31482b9e7989803c418ff1d8667f90efef846f1e4440bcf5a233dacf062c9491
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
3477023d8b7129eb517abf377492a608f2469ae91405fa62974e6771751e04ae
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
36b7cdabca53eda8f9ccdb9e449f9c22dc4841ab4b2a888bb5700fb5dfbc778c
3d1246d2fe982f57c0a911530b2fa93a679e42c0d897151f39cffa4762c55f5d
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
41d9de265e720a301cbd9c525fa7089a677e0b099b422579a401516212b5add3
433d970f04c9cfdfe1eef18106807714cffa2ec96651af41c1be35d00a87bc1c
4378dcc91e2680b3390bb2593f91e01c3908419c9ec02d2c263ad64f724ee2ec
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27
4bf5649278f2f381f0a27542f9a5a795c8b22c1d0e2aa462de7d0cf801fbd45d
4ca6dd97b62c2f6e9263710d88f9ccb54612bdccd98c08ead481a0347e9a4e1f
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5189658b1f2daae71ab3b070b6e0b54f412ed79e468c14a1d16c92824a3b2af7
527e36483bc438a88b8fdf6e45fd8c35e80cc233e565d3a8e3917dda396fa926
57ee478f48f0c5119a65bcab51b18ab6e7db8cb4db90a0fc8a6bfbb4c1af2d23
58a5608dd5df2fe0edf71e0f3f1bf2c583040a9579817b26e392d0c1d1af979a
5aa68ca86b16149946a83c4f3338c5010e0edfde7283afc65c92ffb4cd2a77d3
5b706a52c0ae673c9803f61e3a901a23c78f6e845a3dc68036c5a4f72602953a
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5d42d7a3477955a4a3377ce3570a5def55fd7fd224962057e48936c5f58af6ef
5f88139bb8e51d7af2e12f42570fda1196c256f3229f2bf241c1436e46312a10
5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f
601796e00f0a45029a5174616618941016a89d198b8339d6d90293e4aa7ecf63
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
64ef1788e2c86fe9b9f65689843ec0d459ee8c1477b4fe26b88a3b3cc1e98c56
65f8cfb6eaca50d0be95533eb00d027720ad44db8e47918e4d8f7c9fbf6b4015
66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2
6b1116dbdcc8665059c0163cb6cd034a949402f5bc6294390e8ffee39952f6ae
6c8dec7d0be418ac8202374da867b3b1d0cd801668f74a8b8082b244f041d376
734719a5e01b6d01625fdc1581ec1e8ea1a8de1ff6df221b51c337743b012127
739f8fd9f6a110835a0901eeeec97c8c76840147a99314629103e9bf3ef98ca2
768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307
77407a0e9cedc922ef369f777cb8d705f22a46cf192ce5d09bae21e08a6c96d2
77de1a1b00ac331116f7aa733e701b7d7af3780b94f85d21485426ae2e0b1013
7b1ed14c8d4e5852e773d44304a3a33507ff993a4b6b70ea1d9fb8c6f68e7318
7c93346d4f681a0be90d1dfc19346382a4700f1810f41caa54415688dee1777f
7ce8fde1e19d45e140ba1f2e2756d7e564eb85c8888cc49547ee6a7cf87bc081
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
847eb36b4dc4b05f94052dcd98077319e74d882334a106bb9ca451ba211c9c2c
86196c284a16a96d2892a865dc7eb13e6c227292ce6b6fbbe462d97af0a17b8b
8a1c951a818174eaaaf001a306bad640b788f504b3b55a86970c8c49220bdb1e
8bdf772d9fc521b1bac964b3e1287466cc5e6497f058ef97112f9a17b2591dfb
8bedd3a9d3d20f71aa28c17e75c18ddc9a323b823275ae9bec6a1b673ea646f5
8ed8383deb802055202735bd86f7b951b661e93fa119966f5f4ad0cc29e02685
8f297a42c731c5e6412ef47dff5d7697e142a28abe98d34b515951d40e5e9f7d
93aea7e3c21a5bc34e432149592dfbe6a432f4039a8f93bdb6b43db00b8d40c9
9a82b39ba4c8ed3ba145465bbd912734451484a3830a75eb5dfb1618312a7c11
9a83c65bdd0ff9488af9d25720686457ea7295c9c44f9f1d285a0c9ec89bab99
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ecb912e3d60eed3050ca2825ff8dc7796d86154539d1c0c8a5d819430c5b9db
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b09b62ea3362a0e9cdf0a6362e6f0c478744254a9d080b0a0e6c943a05376919
b106807d0b065185b4fb475481db10ee8457583101dc9a8b13385627e07d01c0
b159722b91f7663d33ce1f0e95de72389955edfa5a12cfe6c94b6705468ae805
b20c447b3d7f66aa1c71305e4a91983b14e3174c651ec6460e73a79e58a3bb3c
b2ec3db0c3ffe01385ebd2fa36b83708e505fada5609f9859a8e04a9cbdcaefd
b3dca6992b4f8770bc3dba5f82f6325a82d2adabf685da88d950f6fe87b16716
b81c5bcea16a125169454bda7ad7c5958c2e3ecce83d5cfecc2cf7d64a3a17d2
ba870dd4f1f375d33aa3770685227bd38160d194969b3840232fad67c1989bb8
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
c10e76692f6c5195a94baec074956037445e2abd7f48aa97fb3941e4ae641c4b
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c1bd88cc54165fd50700598361e7484401e4cc1525866fa5a73e8a463df5c226
c4c672b1245d35672dcd49b615ca91fb8949b712645dc7e847c1d6105d83ee94
c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
c56fd6b910ca93a3fb1875e35074b8ce8501c319ebaa0e8b7252f7e4a7023fe6
c6f7ee2cadae2e121342a8c4245141175bfe887776206deb17149d46cf3aa827
c7e3eac1b2c0f5c2d934241ee44a85b4a1a1f3c7c85e05381e2c4b622fe5501d
c8db9f853525deceda9c0749a25a9f2639355d88231b31d6e2b9cc22c206ff41
c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6
c940770302eed1edf1a25377cbc28bcb16dad8eb78618df9a3cd6c05b6688fd8
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d4cb8e3d3f1d9da69c5096249099aaa6ec5942dc20f922cc6c99f7b7b4557584
d50905d9c0e2c1f4a30e217e1eade952d04600860ccf4aec5240e6fd31eb9b29
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d79fe42da7baa3437073875f4e51fd6a6ba54ba70194cba9066effe29e03d9e6
d7dcbf991e3140883fbb0cea57b778db313c0ee8f57205404257ac98e1aa1444
de2132007c5489410805fd79a358b87827b8d43f05e937d4cb0841d614957deb
de5000d7b67ac82e8bdf37267546a359a9a4bdb41bc33a14fa51b43a2b6adfdf
e1d4f21db649ec5795e70cb72e59fdec97af300c64b5d8abbc67f00688eb0ecd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea837fce2c9f11270b9b941e875abb7403de8dcfa960350eab3524663869d6ff
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f006ae99c8aeb51fef04f64b4c3eaa871047fdd8b04c006e7491fce87540db42
f13d4a23664d1a212e275c7ccd6073d3751cd3554820a78fbf697a1fd6e251a3
f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909
f50cd1f9a7d3ab95391225b3a8d36eca059105990afdada14ca150953df3f6c4
f69adcb2ca28e3e811ad5b88d7b6d86a68d736c715bca3d4953f0566d1447321
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

userupload.net Open in urlscan Pro 51.89.234.230 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

186 Requests

99 %HTTPS

0 %IPv6

26 Domains

39 Subdomains

33 IPs

7 Countries

2406 kBTransfer

5993 kBSize

25 Cookies

6 Outgoing links

Redirected requests

186 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

userupload.net Open in urlscan Pro
51.89.234.230 Public Scan

Screenshot
Live screenshot

Full Image

186
Requests

99 %
HTTPS

0 %
IPv6

26
Domains

39
Subdomains

33
IPs

7
Countries

2406 kB
Transfer

5993 kB
Size

25
Cookies

186 HTTP transactions
8 data transactions