userupload.net Open in urlscan Pro
51.89.234.230 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://userupload.net/114qkz10novb
Submission: On March 06 via manual (March 6th 2022, 10:52:06 am UTC) from IE — Scanned from GB

Summary HTTP 164 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 33 IPs in 7 countries across 26 domains to perform 164 HTTP transactions. The main IP is 51.89.234.230, located in London, United Kingdom and belongs to OVH, FR. The main domain is userupload.net.
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 12th 2022. Valid for: 3 months.

This is the only time userupload.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
21	51.89.234.230 51.89.234.230	16276 (OVH) (OVH)
1	2606:4700::68... 2606:4700::6811:480e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 8	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
2	13.32.99.22 13.32.99.22	16509 (AMAZON-02) (AMAZON-02)
22	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
2	95.217.229.114 95.217.229.114	24940 (HETZNER-AS) (HETZNER-AS)
1	2600:9000:223... 2600:9000:223c:9200:c:abe:f440:93a1	16509 (AMAZON-02) (AMAZON-02)
1	3.69.69.173 3.69.69.173	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c07::9a	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
1	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
36	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
3	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2006	15169 (GOOGLE) (GOOGLE)
1	13.32.121.68 13.32.121.68	16509 (AMAZON-02) (AMAZON-02)
6	2600:9000:231... 2600:9000:2315:9800:1d:85c3:6640:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
1	64.135.83.163 64.135.83.163	13645 (BROADBANDONE) (BROADBANDONE)
1	2a00:1288:110... 2a00:1288:110:c305::1:4000	34010 (YAHOO-IRD) (YAHOO-IRD)
1 1	209.197.79.97 209.197.79.97	7859 (PAIR-NETW...) (PAIR-NETWORKS)
1	66.39.3.7 66.39.3.7	7859 (PAIR-NETW...) (PAIR-NETWORKS)
1 1	52.215.248.120 52.215.248.120	16509 (AMAZON-02) (AMAZON-02)
6	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1 1	3.127.180.130 3.127.180.130	16509 (AMAZON-02) (AMAZON-02)
2 2	104.92.72.137 104.92.72.137	16625 (AKAMAI-AS) (AKAMAI-AS)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
1 1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8100:39fb:2754:c941:3afb	16509 (AMAZON-02) (AMAZON-02)
1 1	141.94.242.148 141.94.242.148	16276 (OVH) (OVH)
164	33

21 51.89.234.230 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ns31202426.ip-51-89-234.eu

userupload.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:480e (United States)

ASN13335 (CLOUDFLARENET, US)

ajax.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.99.22 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-22.fra60.r.cloudfront.net

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.217.229.114 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: static.114.229.217.95.clients.your-server.de

tgwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:9200:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.69.69.173 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-69-69-173.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

36 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.58.212.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s01-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.121.68 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-68.fra60.r.cloudfront.net

count-server.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:2315:9800:1d:85c3:6640:93a1 (United States)

ASN16509 (AMAZON-02, US)

platform-cdn.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.135.83.163 (Fort Lauderdale, United States)

ASN13645 (BROADBANDONE, US)

as.inbox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::1:4000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)

advertising.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.197.79.97 (United States) 1 redirects

ASN7859 (PAIR-NETWORKS, US)
PTR: promote.pair.com

promote.pair.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.39.3.7 (United States)

ASN7859 (PAIR-NETWORKS, US)
PTR: www.pair.com

www.pair.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.215.248.120 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-248-120.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.127.180.130 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-180-130.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.92.72.137 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-72-137.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8100:39fb:2754:c941:3afb (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.94.242.148 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ns3210962.ip-141-94-242.eu

googlecm.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
58	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 90 tpc.googlesyndication.com — Cisco Umbrella Rank: 122	740 KB
24	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 68 googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 276 cm.g.doubleclick.net — Cisco Umbrella Rank: 176	189 KB
21	userupload.net userupload.net	456 KB
12	gstatic.com fonts.gstatic.com www.gstatic.com	608 KB
11	sharethis.com platform-api.sharethis.com — Cisco Umbrella Rank: 4644 buttons-config.sharethis.com — Cisco Umbrella Rank: 5510 l.sharethis.com — Cisco Umbrella Rank: 4230 count-server.sharethis.com — Cisco Umbrella Rank: 11093 platform-cdn.sharethis.com — Cisco Umbrella Rank: 10630	57 KB
11	google.com 2 redirects www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 57	26 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 147	228 KB
3	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 246	57 KB
3	google.de adservice.google.de — Cisco Umbrella Rank: 8832	1 KB
3	google-analytics.com 1 redirects ssl.google-analytics.com — Cisco Umbrella Rank: 243 www.google-analytics.com — Cisco Umbrella Rank: 31	37 KB
3	cloudflare.com ajax.cloudflare.com — Cisco Umbrella Rank: 5492 cdnjs.cloudflare.com — Cisco Umbrella Rank: 194	41 KB
2	addthis.com 2 redirects e.dlx.addthis.com — Cisco Umbrella Rank: 1530	1 KB
2	pair.com 1 redirects promote.pair.com — Cisco Umbrella Rank: 614078 www.pair.com — Cisco Umbrella Rank: 552964	236 B
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	2 KB
2	tgwidget.com tgwidget.com — Cisco Umbrella Rank: 708467	8 KB
1	gemius.pl 1 redirects googlecm.hit.gemius.pl — Cisco Umbrella Rank: 7401	337 B
1	innovid.com ag.innovid.com — Cisco Umbrella Rank: 1391	296 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 289	457 B
1	mookie1.com odr.mookie1.com — Cisco Umbrella Rank: 794	324 B
1	agkn.com 1 redirects d.agkn.com — Cisco Umbrella Rank: 492	760 B
1	everesttech.net 1 redirects pixel.everesttech.net — Cisco Umbrella Rank: 2828	376 B
1	yahoo.com advertising.yahoo.com — Cisco Umbrella Rank: 12783	3 KB
1	inbox.com as.inbox.com — Cisco Umbrella Rank: 860571
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 716	647 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 54	36 KB
0	aol.com Failed advertising.aol.com Failed
164	26

	Domain	Requested by
36	tpc.googlesyndication.com	googleads.g.doubleclick.net userupload.net tpc.googlesyndication.com pagead2.googlesyndication.com
22	pagead2.googlesyndication.com	userupload.net pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
21	userupload.net	userupload.net ajax.cloudflare.com
14	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
9	www.gstatic.com	www.google.com www.gstatic.com googleads.g.doubleclick.net
8	www.google.com	2 redirects userupload.net www.gstatic.com tpc.googlesyndication.com www.google.com googleads.g.doubleclick.net
6	cm.g.doubleclick.net	googleads.g.doubleclick.net
6	platform-cdn.sharethis.com
6	www.googletagservices.com	googleads.g.doubleclick.net
3	s0.2mdn.net	googleads.g.doubleclick.net
3	googleads4.g.doubleclick.net	userupload.net
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
3	fonts.gstatic.com	userupload.net www.google.com
2	e.dlx.addthis.com	2 redirects
2	fonts.googleapis.com	googleads.g.doubleclick.net
2	tgwidget.com	userupload.net tgwidget.com
2	ssl.google-analytics.com	1 redirects userupload.net
2	cdnjs.cloudflare.com	userupload.net ajax.cloudflare.com
2	platform-api.sharethis.com	userupload.net platform-api.sharethis.com
1	googlecm.hit.gemius.pl	1 redirects
1	ag.innovid.com	googleads.g.doubleclick.net
1	pixel.rubiconproject.com	1 redirects
1	odr.mookie1.com	googleads.g.doubleclick.net
1	d.agkn.com	1 redirects
1	pixel.everesttech.net	1 redirects
1	www.pair.com
1	promote.pair.com	1 redirects
1	advertising.yahoo.com
1	as.inbox.com
1	count-server.sharethis.com	platform-api.sharethis.com
1	www.google-analytics.com	www.googletagmanager.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.googletagmanager.com	tgwidget.com
1	stats.g.doubleclick.net	userupload.net
1	l.sharethis.com	platform-api.sharethis.com
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	ajax.cloudflare.com	userupload.net
0	advertising.aol.com Failed
164	39

This site contains links to these domains. Also see Links.

Domain
ammapettai.com
t.me
facebook.com
mobile.twitter.com
www.instagram.com

Subject Issuer	Validity	Valid
userupload.net cPanel, Inc. Certification Authority	`2022-02-12` - `2022-05-13`	3 months	crt.sh
ajax.cloudflare.com DigiCert ECC Secure Server CA	`2020-08-11` - `2022-08-16`	2 years	crt.sh
www.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
sharethis.com Amazon	`2021-07-19` - `2022-08-17`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.tgwidget.com Sectigo RSA Domain Validation Secure Server CA	`2021-12-01` - `2022-12-01`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
www.adwave.com GeoTrust DV SSL CA - G4	`2014-09-14` - `2018-10-17`	4 years	crt.sh
*.autos.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-11-19` - `2022-05-11`	6 months	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-24` - `2023-03-27`	a year	crt.sh
*.innovid.com RapidSSL RSA CA 2018	`2020-02-07` - `2022-04-07`	2 years	crt.sh

This page contains 27 frames:

Primary Page: https://userupload.net/114qkz10novb
Frame ID: A65C23B0D50AB9B2E05C9B73C3F22E31
Requests: 58 HTTP requests in this frame

Frame: https://tgwidget.com/widget/count/?id=6022da5783ba8816118b4567
Frame ID: E6C0FEEEBE4808E96175C9901AC89497
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220302/r20190131/zrt_lookup.html
Frame ID: E5434F740D2F69E9E3E7283A715BDD7F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=9237283852&adk=1997398430&adf=4108538649&pi=t.ma~as.9237283852&w=350&fwrn=4&fwrnh=100&lmt=1646563921&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563921670&bpp=4&bdt=534&idt=268&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&correlator=4906903281951&frm=20&pv=2&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=MJrqDjf2Qd&p=https%3A//userupload.net&dtd=284
Frame ID: 036947E4C4B310B91E04E4CCD1D064D2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5298038844&adk=3658158944&adf=3044448856&pi=t.ma~as.5298038844&w=350&fwrn=4&fwrnh=100&lmt=1646563921&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563921674&bpp=1&bdt=538&idt=284&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280&correlator=4906903281951&frm=20&pv=1&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=XHVHh6V268&p=https%3A//userupload.net&dtd=287
Frame ID: 34A63C8ABF89D8D896785152F57A355C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=4007740924&adk=2448036532&adf=2560393268&pi=t.ma~as.4007740924&w=480&fwrn=4&fwrnh=100&lmt=1646563921&rafmt=1&psa=0&format=480x280&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563921675&bpp=1&bdt=539&idt=288&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280&correlator=4906903281951&frm=20&pv=1&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=695&ady=150&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=NNftSSvI3C&p=https%3A//userupload.net&dtd=290
Frame ID: 8C57F667EB38C7124CC96EAB3B1AD5B4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=1042759759&adk=2198837252&adf=2833722400&pi=t.ma~as.1042759759&w=350&fwrn=4&fwrnh=100&lmt=1646563921&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563921675&bpp=1&bdt=538&idt=292&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280&correlator=4906903281951&frm=20&pv=1&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1005&ady=512&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=W8eEBueuPh&p=https%3A//userupload.net&dtd=293
Frame ID: 3179902209C12763F25CEDF5E0F41B7A
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5644349740&adk=3102016549&adf=3760600436&pi=t.ma~as.5644349740&w=730&fwrn=4&fwrnh=100&lmt=1646563921&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563921676&bpp=1&bdt=539&idt=294&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280%2C350x280&correlator=4906903281951&frm=20&pv=1&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=625&ady=862&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=hhApSUYAU3&p=https%3A//userupload.net&dtd=295
Frame ID: 8B3F5002D88507DB3DA54BF2E99665A2
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 0F3C7F1B897425DCDD9831767714BF38
Requests: 2 HTTP requests in this frame

Frame: https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvIdFuXxOtjTmRijz7q9EEXkAHvS1dxCaj7Bnu1XREbn_sMgzicJ5WPVaUwWEDLKGDktyRz-PlsfIUFbamhgJJtNdLyVK0nq4gMOlW9rNhCKKVj-_L_WbuMQFQYOq0BU-q9gx2GYW6iUfGmR-PempNUor0sz4e1BQObxhxaLS4sK9VDcRhXmPTojKacq1sKI0SELi90bFmLv5B-hZcXWdxSt0uZ45yf_NkKnULkN1D9VpB4L9JqK_N9a7Hp57qTiB4wWjjHntVqfmXtu15n89wIlvHD0kf6RR6k9gRSIxRMISlmmRo-WOnEnrHoC25M-IeE4ueiyDdeJ0qRnY1jwT-Yxn0ut83W4BmOuAACYeozk5yPxhbQCqK8bHE9E8-J0R89aWt7_JMYA7Zgd8UGLUoyvS3P2MReyiOCx9KnuizMkZNxMRV6thX4t1JTMaX_bQZ8Ut_GDT_iFVFtO28dcYgvRGr8OR6IgsNGiad2pIxX2mqHsrrSQcfNf2jReo2X0U28jPytyex8AAfLZCVMgtR7Enf2LsHHj8WVeCdBm36RAFZvdKI0_kHzm86L9y7SmQN1LAf20g42jVLZmRK26ZkI-YIHTRUQmEE_FKjyGUBkCW3IXpVb4U39GOdLwfhuPwVfGZT4Vfc6Z7loLenHzjmmQ26EwMQ_QPLCGi4XEHEw5YCvZwLtFHGxrk2HczwSB5sxggCRqXGUqfDtAvO-qkoYfMOTE8bMvXUA7VTAaOkA37I_dDV3IQ7AcFbGdV1J4f5x-5BxVTOHEz9Ce-unWoL81zdfq3_OvFl_fAMnpWjZyZCSm6JKlgsKloMwfufd2i69d1ll_LzBiJ-osMGCoAqLTzWLCMuYk1qLg1Xcs4-U7z-ARHSak_pnv7rpw7ClCnF2yyFPP-1QANPqzACqh8kfiVrtadm2l8n62av6gHrw_DI_2zNXbU6qbr3mL4muMN7GqQlKnoIGhcMf7Yz0vB9YtfANf2_8&sai=AMfl-YRgcdqhOZduCBypvdfN1jZWUJ8wfso5vmSimGie_AEzMWd-4y_X9v7bog&sig=Cg0ArKJSzF8g_8z7ay6-EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=
Frame ID: DFD12911B36C0661FA856305EF542349
Requests: 10 HTTP requests in this frame

Frame: https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssGj7dInkB7Fga440JjLzGx4c0YknYsT-lqIaqC4FFWRyjmYwGk8l0xyHv67SHAsM_n3p9Vj35BYLR71tSHIXLT9bkw7LzIPeMu-YQ09ZJMPddc_foNAoFN2-0SSnhRd2um9Xdy8KYEnzmO0J2q7KdyQjZR28AffK8IihQ-NiTRkb_5RujK-sjQbkKPCGvsWK0JydR795bWNbPbaYKC3HSEwr2cvXU6Is_mm6khaRxgGzn_VUbakaafn24sf54OTOKeG6cyKdBD49e0gCXcUrYr9OjqphZdWVBUdw9npIIIPA4GyJZvG3rovgTYl32yPNh04-m40kl_Cv1qO3-VBG2bLIHqOEoK9y24chxD2k10XAD2dBwH0Z7U3z7ZtvJ4I6MlsEEGgJx4BPeXHddZ0NI17WxJZ-J9hiNIa1ShqVa9MqyGDdX4zUr6N0oZeb5nB1RH-e5AWooo-atggDFv5tmRvxn9aT0iSLgekG72Akn5OaQ7wlpRHqku1FluUIDuK_Oa5DrgRUhVatA7XUc1EyjYKpgzPDjOlaPGPuA0-WXb7pNNhoX30W9LUMi-5Kv92pdf4MWI42fIwOQlVFPihsxejCVPTdbPZYO4dghpizV2AgWa7GmUe3Omh0Y8a1Lvp5rVLfd51JhQKiEH3ZlhW0ANsyhVErRnXB6qELf2VZexfoAiSjdIVG-YLArAnayE4bFphIAeB9si7SLZJ_Nw9Bsb-M4SDtRr0jmZji2dMqfEQrpN6TPyvrnMeCKm_4-_3HWZnhQj2pnkNz8CLOJVRjWNm6a1uH7XWL9p9GXS2ijP0LbI-uvM8d56eW1smYo6BirMDm8ScQkp1kUYqFoZpUL4YMWRoZZux0yt9Oh8ta-2edDg8xIxpXRCzdyTrrX2Ijiy34YVqAk3dYXYaVNGqPYb5_L5-Mbo6DfiRQi1IP1h-eKVn3OaPYNpyAP6i3wr_1hHKEXHC99W0Rb8H2lRcOkRlGL4qzUeedHFn9MLxlOdIQ&sai=AMfl-YTH8piHXCw0kFNo66fdJ53VrLcU3UzNzGN545T2LpqwdvPW0-IS4Xp62g&sig=Cg0ArKJSzMX8HfcMHsYFEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=
Frame ID: D83462B09DD85893118D7880D8BFA094
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 9D1A4F95DF85B65E8F055F328F347E0C
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 80F3518003D7B618075BC581544E1CEC
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 12CBEA602B3C6B4DEF97A844310333CD
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js
Frame ID: CE173564DFDB4C52B992D639148AA33F
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js
Frame ID: 6B92FAEC929B977E3D372FBFCDC8B2C8
Requests: 1 HTTP requests in this frame

Frame: https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsubWwglYYpQ6P1br5-inLezSVoWFcT6odrgWsuLKeHQ3rzoi64gj5Kwme5L8NPbq_H-ImS9m8bspoDG9oNvf4Y1SaoWr17IaIfOD9R4rwvnPQ_utgxDwdirsTD2uG2JaER67J0xkS_JjM3BCs4txGI3k6sj7kXcR3xNzYPkRnGTlOGIlZrAMWWwqLovnsyhTaak3uPLhynpWPk1qdeUKXwoIs67vHpTqTaTw42pRXXtgzuO__cEs61nbF1NINM8sV73uBONlnibR6K4Gl-ajy3wH-zqiTerHbz6YDHqtuSQzdN1pdz9bx9qN0ZnyjIno0Kik58xiuLPgTegnntWvmDqw2JD7Yd3Qj7kvg-ghOQDRzZk69q9HeEZOBnIwgUJC4yZ2ieYaUqtnzM27l4jFc---dVyTUih2KgWauOdPQUT8QO33KFhRs1lbpHfN7KbVMRVAUjHx1oPPdHy159o0AC7IUVgjPrqmTZ5BzXDUS8Q4NCT7-yaR6XvvsGbrRM6WFtZ-zk1A4I5AazRA_VlggtjjD53XDRvx7SQ0LCAxDKNR4M355jjqQWTnZxUBtLsyH_QMX4OuvIqxhF4-vXp1TYoIU3NNwJJ096KbcGoduuLa6iYNUY5Y12jeZ9E5HCsxkJcVv9tgxFgKAz0HLRCI0JBgYQD8EW8kKiKKFn_W7d8EHipONtqZp4o4i5Zf6eNYjPARPRcxwWUP1QcF98-8yGdYke1kwVoLpExWJhd2H7bU6FB-hvcIHb9s2piF4rSP4d9S571TIAV2kVWCjtYVjC8GC76smWseYkiA4KaMMrP5k2U1uDhpHA3MbZHkuvHGb9rEIJiYO5dCvaPItNn0v2CPEjSYSSf6BthcUhB7j0YsHeSo-WufQTBSQkCISBvTEKx7JOC806H50v57qLrR-ghAx3skargGnvQEvZEzCkTk1t5y1bY1SLoJnWn1N8aLHd7A_hYfThUdYnvHmviuMVKDZo0AtXSZw&sai=AMfl-YSBSp62QeImo3GbI1ZVATX5Z0VfTN-qevqx123IoBFWQCEnmiKGyF1iLg&sig=Cg0ArKJSzBHLTILz6Xn3EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=
Frame ID: AA7788A8FFD8C07505F419DCAAB05A42
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 1D86F76A9F8B2A8FC4154220AAEF3C95
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfG5EUUAAAAAE7XFZvJfM0HHeaV1tQQqzZ7BTiX&co=aHR0cHM6Ly91c2VydXBsb2FkLm5ldDo0NDM.&hl=en&v=_exWVY_hlNJJl2Abm8pI9i1L&size=normal&cb=jj6yt3ajgdw4
Frame ID: 437D21B42E88C1878C696AAF53581D36
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&adk=1812271804&adf=3025194257&lmt=1646563923&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563923295&bpp=1&bdt=2159&idt=1&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D8c39d6f7a29d7f99-22d5eeec53cd000e%3AT%3D1646563922%3ART%3D1646563922%3AS%3DALNI_MYOaJzt9svEyPiGkL0rUFIQ9NAT3g&prev_fmts=350x280%2C350x280%2C480x280%2C350x280%2C730x280&nras=1&correlator=4906903281951&frm=20&pv=1&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&psts=AGkb-H8HKLHKIrIi7zYjhGt7tO6DSskxpBjxuAulc2OimgQDfe2LzwVJkSPFeMGtZe2qiqJDA8YpOvk-__irsQ%2CAGkb-H9NEisBBmlAzx035V46pOWXMdFiV59-rEZ0_mDkSDjV7ZYQgCcapybgyi-nhZPYV1_kljIBq6ZSOhjHfA&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=6&uci=a!6&fsb=1&dtd=44
Frame ID: 7EA7346CD58009E075E2A81254965C81
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B17C38E6DA77E71D1077BC051EC9B1BD
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 274781763C38611D1D2E376356713EA8
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=_exWVY_hlNJJl2Abm8pI9i1L&k=6LfG5EUUAAAAAE7XFZvJfM0HHeaV1tQQqzZ7BTiX
Frame ID: 8DEF4C984F728A646983B78987320872
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220302/r20110914/zrt_lookup.html?fsb=1
Frame ID: B713D543C6CE965129425D77734A0810
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 750D41576F618D09C7D3AE9DFD302F01
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 8827C20D9C397169AFA33141D660F443
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js
Frame ID: 4642CDA4AF2D6774E27287AF87C086B0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Download Tiktok armv8a ultra Zip User Upload apk

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Clipboard.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

clipboard(?:-([\d.]+))?(?:\.min)?\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/popper\.js/([0-9.]+)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

<div[^>]+class="g-recaptcha"
/recaptcha/api\.js

Page Statistics

164
Requests

95 %
HTTPS

55 %
IPv6

26
Domains

39
Subdomains

33
IPs

7
Countries

2491 kB
Transfer

5758 kB
Size

22
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://ammapettai.com/netflix-premium-apk/
Title: Download NetFlix APK(feb-2022)

Search URL Search Domain Scan URL

URL: https://t.me/useruploadofficial

Search URL Search Domain Scan URL

URL: https://facebook.com/userupload
Title: Facebook

Search URL Search Domain Scan URL

URL: https://mobile.twitter.com/UserUpload
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.instagram.com/userupload/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://t.me/userupload_support
Title: Telegram Support

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 33

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1392126071&utmhn=userupload.net&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Download%20Tiktok%20armv8a%20ultra%20Zip%20User%20Upload%20apk&utmhid=1983380085&utmr=-&utmp=%2F114qkz10novb&utmht=1646563921635&utmac=UA-80176776-3&utmcc=__utma%3D30043835.788578537.1646563922.1646563922.1646563922.1%3B%2B__utmz%3D30043835.1646563922.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=522695825&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-80176776-3&cid=788578537.1646563922&jid=522695825&_v=5.7.2&z=1392126071

Request Chain 71

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 86

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 159

https://promote.pair.com/LCqPxRXgVFA6D5.jpg HTTP 302
https://www.pair.com/

Request Chain 160

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPJ0fSPYgDZkNLkmVmIntIEAeTE9EWF6b9oMjelYmV683e4XWSDwMZBQbAxWlcVz83A-0kJA-Ges86I8gaaZ7O3Tx-rQfj4h&google_gid=CAESECzWwo83LycAjrXtE2ENOG8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWlTU1ZBQUFCTmN5Q1FoUQ&google_push=AYg5qPJ0fSPYgDZkNLkmVmIntIEAeTE9EWF6b9oMjelYmV683e4XWSDwMZBQbAxWlcVz83A-0kJA-Ges86I8gaaZ7O3Tx-rQfj4h

Request Chain 161

https://d.agkn.com/pixel/2175/?google_gid=CAESEPLPboUlVGOsm9zCj9D0D6c&google_cver=1&google_push=AYg5qPKA4-wv8q92OA6AvXRXq1_NjhmQmBYS_yJld9IXcbUzrw8rzX_gVK4KOh31xy-4vU0QLvxE6G9sCrLmLXYyfm27JSwk_ak HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKA4-wv8q92OA6AvXRXq1_NjhmQmBYS_yJld9IXcbUzrw8rzX_gVK4KOh31xy-4vU0QLvxE6G9sCrLmLXYyfm27JSwk_ak&google_hm=Q0FFU0VQTFBib1VsVkdPc205ekNqOUQwRDZj

Request Chain 162

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKb__Yvw9KV23Stpeh-RWSZUx9UDtkcO8dAsK4vngDhh7AdldPgAYobzuuiXQKyNtjsxAxE5CV8UphKRz6HTkDgRqAeabQ&google_gid=CAESEIBBmUPzDXF9J0ObOEgqbow&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKb__Yvw9KV23Stpeh-RWSZUx9UDtkcO8dAsK4vngDhh7AdldPgAYobzuuiXQKyNtjsxAxE5CV8UphKRz6HTkDgRqAeabQ&google_gid=CAESEIBBmUPzDXF9J0ObOEgqbow&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjAzMDYxMDUyMDQwMDAxNTg2NDI2MTQ2Ng%3D%3D&google_push=AYg5qPKb__Yvw9KV23Stpeh-RWSZUx9UDtkcO8dAsK4vngDhh7AdldPgAYobzuuiXQKyNtjsxAxE5CV8UphKRz6HTkDgRqAeabQ

Request Chain 164

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDMJHI1XqhL2g95izTSWpeA&google_cver=1&google_push=AYg5qPJeKZh824IR6aGvIIxoEI-vNKf1yGFvFeKCal9UFX4VIaOK3IuJs0wNSqFA_bkayWMzv2fFzfTBCyM2InR5cun4brKRdY5_ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBGNU5CRE4tNS0zQjEy&google_push=AYg5qPJeKZh824IR6aGvIIxoEI-vNKf1yGFvFeKCal9UFX4VIaOK3IuJs0wNSqFA_bkayWMzv2fFzfTBCyM2InR5cun4brKRdY5_

Request Chain 166

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEP5NwVQdFC4D-l2o6EFYPSw&google_cver=1&google_push=AYg5qPIroKz9G-cDtbtmii_KtcJtamqeTToy55CHTzAzcRPj8NhQfbB0DTMy2nufD1DMSGR5esDRnxBhdpdwzTEXVA2Bg1YVHgLgMA HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPIroKz9G-cDtbtmii_KtcJtamqeTToy55CHTzAzcRPj8NhQfbB0DTMy2nufD1DMSGR5esDRnxBhdpdwzTEXVA2Bg1YVHgLgMA&google_hm=

164 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 114qkz10novb Show response
userupload.net/ 14 KB
5 KB 336ms
183ms Document
text/html 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://userupload.net/114qkz10novb

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ns31202426.ip-51-89-234.eu

Software

Apache /

Resource Hash

b262df0c0b790a38e06a84643195e4342853a1da798ad642a7e622f6d04ae944

Security Headers

Name	Value
Strict-Transport-Security	max-age=0;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9

Response headers

Date: Sun, 06 Mar 2022 10:52:00 GMT
Server: Apache
Strict-Transport-Security: max-age=0;includeSubDomains;
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Expires: Sat, 05 Mar 2022 10:52:01 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 4305
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK jquery-1.9.1.min.js Show response
userupload.net/ds2/js/ 90 KB
32 KB 68ms
68ms Script
application/javascript 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/js/jquery-1.9.1.min.js
Requested by: Host: userupload.net
URL: https://userupload.net/114qkz10novb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/114qkz10novb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 06 Mar 2022 10:52:01 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Sep 2017 22:09:54 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 32775

GET
H/1.1 200
OK jquery.paging.js Show response
userupload.net/ds2/js/ 19 KB
5 KB 196ms
66ms Script
application/javascript 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/js/jquery.paging.js
Requested by: Host: userupload.net
URL: https://userupload.net/114qkz10novb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/114qkz10novb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 06 Mar 2022 10:52:01 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Sep 2017 22:09:56 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 4362

GET
H/1.1 200
OK jquery.cookie.js Show response
userupload.net/ds2/js/ 3 KB
2 KB 197ms
66ms Script
application/javascript 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/js/jquery.cookie.js
Requested by: Host: userupload.net
URL: https://userupload.net/114qkz10novb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/114qkz10novb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 06 Mar 2022 10:52:01 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Sep 2017 22:09:56 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1365

GET
H/1.1 200
OK paging.js Show response
userupload.net/ds2/js/ 2 KB
975 B 195ms
65ms Script
application/javascript 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/js/paging.js
Requested by: Host: userupload.net
URL: https://userupload.net/114qkz10novb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: e1d4f21db649ec5795e70cb72e59fdec97af300c64b5d8abbc67f00688eb0ecd

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/114qkz10novb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 06 Mar 2022 10:52:01 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Sep 2017 22:09:57 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 662

GET
H/1.1 200
OK style.min.css
userupload.net/ds2/css/ 179 KB
35 KB 198ms
69ms Stylesheet
text/css 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/css/style.min.css?v=0.2
Requested by: Host: userupload.net
URL: https://userupload.net/114qkz10novb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 2df25ed583d39ca73718949dd3c20036cdfba57ce4725b2a4564a47071b8be9c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/114qkz10novb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 06 Mar 2022 10:52:01 GMT
Content-Encoding: gzip
Last-Modified: Thu, 11 Feb 2021 19:11:32 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 35078

GET
H/1.1 200
OK logo.png
userupload.net/ds2/img/ 3 KB
3 KB 129ms
65ms Image
image/png 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://userupload.net/ds2/img/logo.png
Requested by: Host: userupload.net
URL: https://userupload.net/114qkz10novb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 57ee478f48f0c5119a65bcab51b18ab6e7db8cb4db90a0fc8a6bfbb4c1af2d23

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/114qkz10novb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 06 Mar 2022 10:52:01 GMT
Last-Modified: Mon, 01 Mar 2021 06:10:59 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 2979

GET
H/1.1 200
OK countdown.js Show response
userupload.net/ds2/js/ 640 B
665 B 66ms
66ms Script
application/javascript 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/js/countdown.js
Requested by: Host: userupload.net
URL: https://userupload.net/114qkz10novb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 6b1116dbdcc8665059c0163cb6cd034a949402f5bc6294390e8ffee39952f6ae

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/114qkz10novb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 06 Mar 2022 10:52:01 GMT
Content-Encoding: gzip
Last-Modified: Wed, 27 Sep 2017 05:59:30 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 353

GET
H2 200 rocket-loader.min.js Show response
ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/ 12 KB
4 KB 152ms
49ms Script
application/javascript 2606:4700::6811:480e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Requested by

Host: userupload.net
URL: https://userupload.net/114qkz10novb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:480e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:52:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
last-modified: Wed, 02 Mar 2022 15:11:12 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"621f8910-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JTiEdOFi5iq5ANXUlqOj%2F9f%2FlJxwqLwy1RzPlYXXnjYTL8RHJnaqkZ57FMKjH9%2FDuj%2FV%2BrjlthETEsxX5JWHN0Cn7NQzBYjBwGf5hGoIw0hVP3PEy%2FlIoo%2Bj3fAdN4QqEIWoo23JrXf4Gop%2BusPjsUE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 6e7a8a1d4cf47199-LHR
expires: Tue, 08 Mar 2022 10:52:01 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 850 B
968 B 182ms
63ms Script
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: userupload.net
URL: https://userupload.net/114qkz10novb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a9f32abd1df5f2624a39b9911169fa30dc69da1467751ea060eb492b07c62129

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:52:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 555
x-xss-protection: 1; mode=block
expires: Sun, 06 Mar 2022 10:52:01 GMT

GET
H/1.1 200
OK tele.png
userupload.net/ds2/img/ 4 KB
5 KB 67ms
65ms Image
image/png 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://userupload.net/ds2/img/tele.png
Requested by: Host: userupload.net
URL: https://userupload.net/114qkz10novb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 58a5608dd5df2fe0edf71e0f3f1bf2c583040a9579817b26e392d0c1d1af979a

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/114qkz10novb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 06 Mar 2022 10:52:01 GMT
Last-Modified: Mon, 01 Mar 2021 06:11:52 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 4441

GET
H/1.1 200
OK bootstrap.min.js Show response
userupload.net/ds2/js/ 57 KB
15 KB 67ms
67ms Script
application/javascript 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/js/bootstrap.min.js
Requested by: Host: userupload.net
URL: https://userupload.net/114qkz10novb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/114qkz10novb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 06 Mar 2022 10:52:01 GMT
Content-Encoding: gzip
Last-Modified: Sat, 24 Aug 2019 22:42:17 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 15437

GET
H/1.1 200
OK clipboard.min.js Show response
userupload.net/ds2/js/ 11 KB
4 KB 68ms
66ms Script
application/javascript 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/js/clipboard.min.js
Requested by: Host: userupload.net
URL: https://userupload.net/114qkz10novb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 0da7fc1ae23678b2872653962d147fcd1cbd0a5a9c8f84d44ae99bc581fd9062

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/114qkz10novb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 06 Mar 2022 10:52:01 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Sep 2017 22:09:53 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 3397

GET
H/1.1 200
OK main.js Show response
userupload.net/ds2/js/ 423 B
562 B 66ms
64ms Script
application/javascript 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/js/main.js
Requested by: Host: userupload.net
URL: https://userupload.net/114qkz10novb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: c1bd88cc54165fd50700598361e7484401e4cc1525866fa5a73e8a463df5c226

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/114qkz10novb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 06 Mar 2022 10:52:01 GMT
Content-Encoding: gzip
Last-Modified: Thu, 31 Oct 2019 22:11:55 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 250

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 184 KB
41 KB 182ms
62ms Script
text/javascript 13.32.99.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform-api.sharethis.com/js/sharethis.js

Requested by

Host: userupload.net
URL: https://userupload.net/114qkz10novb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-22.fra60.r.cloudfront.net

Software

Resource Hash

0ee3ba8d62688a5dcd8b12d596ab5256e567d0d314e79a12904ff428a666e27e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:43:52 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 489
etag: W/"2e0b4-HqSCmdOd0X+0faUgjZuvR/26Oog"
x-frame-options: SAMEORIGIN
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
via: 1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront)
edge-control: cache-maxage=60m,downstream-ttl=60m
cache-control: max-age=600, public
x-amz-cf-pop: FRA60-P3
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-id: q72bnfxC18g-K23FyEKPmJcFLPvFxbAHYVBSOYtdelDLYIb-9swj-g==

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 153 KB
53 KB 213ms
96ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: userupload.net
URL: https://userupload.net/114qkz10novb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dae183958c03f92814f22f515adc75246071af9eac063a5035949326069ab9b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:52:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54036
x-xss-protection: 0
server: cafe
etag: 14471481343174724778
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 06 Mar 2022 10:52:01 GMT

GET
H2 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/ 21 KB
7 KB 142ms
50ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js

Requested by

Host: userupload.net
URL: https://userupload.net/114qkz10novb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:52:01 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 749013
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6646
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:15:37 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fa9-520c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p3OshfgW1MoPSIyTIa8spU%2B52eU3J1unkDjksOiAtL4PUbRmtlpyTLv5Aa5JwjtnrlUS3q8bMccHNYWJivSrG4xBbOsTTRhoin7K6sMKnbOK4SI6QFie2qer4DDsVi2deS35CgVX%2BC6TViRStVZDFuXl"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6e7a8a1d2bcb775c-LHR
expires: Fri, 24 Feb 2023 10:52:01 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 186ms
53ms Script
text/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: userupload.net
URL: https://userupload.net/114qkz10novb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 1678
date: Sun, 06 Mar 2022 10:24:03 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Sun, 06 Mar 2022 12:24:03 GMT

GET
H/1.1 200
OK bootstrap.min.css
userupload.net/ds2/css/ 152 KB
23 KB 68ms
68ms Stylesheet
text/css 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/css/bootstrap.min.css
Requested by: Host: userupload.net
URL: https://userupload.net/ds2/css/style.min.css?v=0.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/ds2/css/style.min.css?v=0.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 06 Mar 2022 10:52:01 GMT
Content-Encoding: gzip
Last-Modified: Sat, 24 Aug 2019 22:42:18 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 23238

GET
H/1.1 200
OK brandon_bld-webfont.woff2
userupload.net/ds2/fonts/ 27 KB
27 KB 68ms
68ms Font
font/woff2 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/fonts/brandon_bld-webfont.woff2
Requested by: Host: userupload.net
URL: https://userupload.net/ds2/css/style.min.css?v=0.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: c56fd6b910ca93a3fb1875e35074b8ce8501c319ebaa0e8b7252f7e4a7023fe6

Request headers

Referer: https://userupload.net/ds2/css/style.min.css?v=0.2
Origin: https://userupload.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 06 Mar 2022 10:52:01 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Sep 2019 21:56:34 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: font/woff2
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 27492

GET
H/1.1 200
OK fa-duotone-900.woff2
userupload.net/ds2/fa/webfonts/ 162 KB
161 KB 66ms
66ms Font
font/woff2 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/fa/webfonts/fa-duotone-900.woff2
Requested by: Host: userupload.net
URL: https://userupload.net/ds2/css/style.min.css?v=0.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 3477023d8b7129eb517abf377492a608f2469ae91405fa62974e6771751e04ae

Request headers

Referer: https://userupload.net/ds2/css/style.min.css?v=0.2
Origin: https://userupload.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 06 Mar 2022 10:52:01 GMT
Content-Encoding: gzip
Last-Modified: Sat, 24 Aug 2019 23:45:51 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: font/woff2
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96

GET
H2 200 va9E4kDNxMZdWfMOD5Vvl4jO.ttf
fonts.gstatic.com/s/firasans/v10/ 54 KB
27 KB 172ms
55ms Font
font/ttf 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/firasans/v10/va9E4kDNxMZdWfMOD5Vvl4jO.ttf

Requested by

Host: userupload.net
URL: https://userupload.net/ds2/css/style.min.css?v=0.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08d4e6308d4549372380e8a8d6b3de7613d304b43c2e6f50053af0338e5e0f67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://userupload.net/
Origin: https://userupload.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 05:45:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 363983
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26757
x-xss-protection: 0
last-modified: Mon, 22 Jul 2019 19:21:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 02 Mar 2023 05:45:38 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/_exWVY_hlNJJl2Abm8pI9i1L/ 356 KB
141 KB 178ms
55ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/_exWVY_hlNJJl2Abm8pI9i1L/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d526e08d2f18f7fea947247c440cf46473ed39655b4931e959939c383291f665

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://userupload.net/
Origin: https://userupload.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 13:37:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 162877
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 143652
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 23:43:01 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 04 Mar 2023 13:37:24 GMT

GET
H/1.1 200
OK / Show response
tgwidget.com/widget/count/ Frame E6C0 2 KB
1 KB 248ms
81ms Document
text/html 95.217.229.114
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tgwidget.com/widget/count/?id=6022da5783ba8816118b4567
Requested by: Host: userupload.net
URL: https://userupload.net/114qkz10novb
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.217.229.114 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.114.229.217.95.clients.your-server.de
Software: nginx /
Resource Hash: 1b44219f9dad1f711d72a211d3d9532146a5e626ce22e59a171e0bf49ea31e68

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/

Response headers

Server: nginx
Date: Sun, 06 Mar 2022 10:52:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

GET
H/1.1 200
OK get.php Show response
userupload.net/ds2/file_info/ 325 B
532 B 228ms
228ms XHR
text/html 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/file_info/get.php?ext=apk
Requested by: Host: userupload.net
URL: https://userupload.net/ds2/js/jquery-1.9.1.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 6da212f8852e71fec7a548df3fd23ec4bf5faaca5af818af4074e5240ca7b8d4

Request headers

Accept: */*
Referer: https://userupload.net/114qkz10novb
X-Requested-With: XMLHttpRequest
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 06 Mar 2022 10:52:01 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 va9B4kDNxMZdWfMOD5VnLK3eRhf_.ttf
fonts.gstatic.com/s/firasans/v10/ 58 KB
28 KB 217ms
114ms Font
font/ttf 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/firasans/v10/va9B4kDNxMZdWfMOD5VnLK3eRhf_.ttf

Requested by

Host: userupload.net
URL: https://userupload.net/ds2/css/style.min.css?v=0.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b1ed14c8d4e5852e773d44304a3a33507ff993a4b6b70ea1d9fb8c6f68e7318

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://userupload.net/
Origin: https://userupload.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 19:00:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 402696
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28042
x-xss-protection: 0
last-modified: Mon, 22 Jul 2019 19:22:45 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 01 Mar 2023 19:00:25 GMT

GET
H/1.1 200
OK brandon_med-webfont.woff2
userupload.net/ds2/fonts/ 27 KB
28 KB 66ms
66ms Font
font/woff2 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/fonts/brandon_med-webfont.woff2
Requested by: Host: userupload.net
URL: https://userupload.net/ds2/css/style.min.css?v=0.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 8bedd3a9d3d20f71aa28c17e75c18ddc9a323b823275ae9bec6a1b673ea646f5

Request headers

Referer: https://userupload.net/ds2/css/style.min.css?v=0.2
Origin: https://userupload.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 06 Mar 2022 10:52:01 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Sep 2019 21:56:34 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: font/woff2
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 28003

GET
H/1.1 200
OK brandon_blk-webfont.woff2
userupload.net/ds2/fonts/ 26 KB
27 KB 67ms
67ms Font
font/woff2 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/fonts/brandon_blk-webfont.woff2
Requested by: Host: userupload.net
URL: https://userupload.net/ds2/css/style.min.css?v=0.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: f13d4a23664d1a212e275c7ccd6073d3751cd3554820a78fbf697a1fd6e251a3

Request headers

Referer: https://userupload.net/ds2/css/style.min.css?v=0.2
Origin: https://userupload.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 06 Mar 2022 10:52:01 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Sep 2019 21:56:34 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: font/woff2
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 26941

GET
H/1.1 200
OK fa-brands-400.woff2
userupload.net/ds2/fa/webfonts/ 73 KB
73 KB 66ms
66ms Font
font/woff2 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/fa/webfonts/fa-brands-400.woff2
Requested by: Host: userupload.net
URL: https://userupload.net/ds2/css/style.min.css?v=0.2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 433d970f04c9cfdfe1eef18106807714cffa2ec96651af41c1be35d00a87bc1c

Request headers

Referer: https://userupload.net/ds2/css/style.min.css?v=0.2
Origin: https://userupload.net
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 06 Mar 2022 10:52:01 GMT
Content-Encoding: gzip
Last-Modified: Sat, 24 Aug 2019 23:45:51 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: font/woff2
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
OK 1.min.js Show response
userupload.net/ds2/js/ 23 KB
8 KB 93ms
68ms Script
application/javascript 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/js/1.min.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 0f36b1fb32a4629666406b3cddae258555f52cd7a33ee7877a0cb9215d521e08

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/114qkz10novb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 06 Mar 2022 10:52:01 GMT
Content-Encoding: gzip
Last-Modified: Sun, 14 Feb 2021 19:05:05 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 7722

GET
H/1.1 200
OK fuckadblock.js Show response
userupload.net/ds2/js/ 6 KB
2 KB 109ms
65ms Script
application/javascript 51.89.234.230
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://userupload.net/ds2/js/fuckadblock.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.89.234.230 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns31202426.ip-51-89-234.eu
Software: Apache /
Resource Hash: 36b7cdabca53eda8f9ccdb9e449f9c22dc4841ab4b2a888bb5700fb5dfbc778c

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/114qkz10novb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 06 Mar 2022 10:52:01 GMT
Content-Encoding: gzip
Last-Modified: Sun, 14 Feb 2021 19:05:50 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 1688

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/1.11.3/ 94 KB
30 KB 51ms
51ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.3/jquery.min.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:52:01 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 386962
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 29929
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-176f8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HZhVZu6mqK0bMmM%2FGi1KcLLRom2FQNMuq%2Bv3FgJQTdkthauuhDf3yqaJNy8Zyy97PdOdQ%2B5Bp7MydgE2P%2BwSfelC7OQfzP9kch6aUP9Pij8QVGAahzwOsrINXiN%2B1MrJjNiMeHPkpZnf8aY%2FPI4V1R7C"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6e7a8a1e2df3775c-LHR
expires: Fri, 24 Feb 2023 10:52:01 GMT

GET
H2 200 5c3f7ca0c9830d001319a65d.js Show response
buttons-config.sharethis.com/js/ 975 B
1 KB 189ms
58ms Script
text/javascript 2600:9000:223c:9200:c:abe:f440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://buttons-config.sharethis.com/js/5c3f7ca0c9830d001319a65d.js

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:9200:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

64ef1788e2c86fe9b9f65689843ec0d459ee8c1477b4fe26b88a3b3cc1e98c56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sun, 06 Mar 2022 10:51:49 GMT
via: 1.1 993c0866e705e48daa4fed5e30627712.cloudfront.net (CloudFront)
last-modified: Sat, 11 Apr 2020 08:06:55 GMT
server: AmazonS3
age: 28
etag: "603d865a6a864b43f642e595a6f198f6"
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=60
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
content-length: 975
x-amz-cf-id: 7xLgj7ZubK5q8jsaqh_63AkCaiQmBfoVYLdSEFlNDBWq6hIpzK0hbA==

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
401 B 286ms
56ms XHR
text/plain 3.69.69.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://l.sharethis.com/pview?event=pview&hostname=userupload.net&location=%2F114qkz10novb&product=inline-share-buttons&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=Download%20Tiktok%20armv8a%20ultra%20Zip%20User%20Upload%20apk&cms=unknown&publisher=5c3f7ca0c9830d001319a65d&sop=true&version=st_sop.js&lang=en&description=Download%20File%20Tiktok%20armv8a%20ultra%20Zip%20User%20Upload%20apk

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.69.69.173 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-69-69-173.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 06 Mar 2022 10:52:01 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Access-Control-Allow-Origin: https://userupload.net
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1392126071&utmhn=userupload.net&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Downl...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-80176776-3&cid=788578537.1646563922&jid=522695825&_v=5.7.2&z=1392126071

35 B
430 B

169ms
56ms

Image
image/gif

2a00:1450:400c:c07::9a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-80176776-3&cid=788578537.1646563922&jid=522695825&_v=5.7.2&z=1392126071

Requested by

Host: userupload.net
URL: https://userupload.net/114qkz10novb

Protocol

Server

2a00:1450:400c:c07::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sun, 06 Mar 2022 10:52:01 GMT
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 06 Mar 2022 10:52:01 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-80176776-3&cid=788578537.1646563922&jid=522695825&_v=5.7.2&z=1392126071
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 369
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202280101/ 291 KB
105 KB 149ms
86ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202280101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5228806306542248&plah=userupload.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8794e061485593c39efc9837dacd8a7e788b0c5f447fa072f66c65189f40f138

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:52:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 107237
x-xss-protection: 0
server: cafe
etag: 10164370745605110718
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 06 Mar 2022 10:52:01 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220302/r20190131/ Frame E543 10 KB
5 KB 171ms
54ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220302/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4502
x-xss-protection: 0
date: Sun, 06 Mar 2022 04:11:29 GMT
expires: Sun, 20 Mar 2022 04:11:29 GMT
cache-control: public, max-age=1209600
age: 24032
etag: 4044455266028820542
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK tg.png
tgwidget.com/widget/count/img/ Frame E6C0 7 KB
7 KB 80ms
80ms Image
image/png 95.217.229.114
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tgwidget.com/widget/count/img/tg.png
Requested by: Host: tgwidget.com
URL: https://tgwidget.com/widget/count/?id=6022da5783ba8816118b4567
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.217.229.114 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.114.229.217.95.clients.your-server.de
Software: nginx /
Resource Hash: b106807d0b065185b4fb475481db10ee8457583101dc9a8b13385627e07d01c0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tgwidget.com/widget/count/?id=6022da5783ba8816118b4567
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Sun, 06 Mar 2022 10:52:01 GMT
Last-Modified: Sat, 13 Feb 2021 11:38:44 GMT
Server: nginx
ETag: "6027ba44-1c1d"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7197

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame E6C0 92 KB
36 KB 182ms
64ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-121815413-1

Requested by

Host: tgwidget.com
URL: https://tgwidget.com/widget/count/?id=6022da5783ba8816118b4567

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c3e74a029f8e927bd80f13f4eb132b32bd60005b6319ba02c940b0477686ec7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tgwidget.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:52:01 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36674
x-xss-protection: 0
last-modified: Sun, 06 Mar 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 06 Mar 2022 10:52:01 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 218 B
647 B 194ms
62ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=userupload.net&callback=_gfp_s_&client=ca-pub-5228806306542248

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202280101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5228806306542248&plah=userupload.net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

adf8665bebfd9b0d676a8d3a284a19af1690e088a28100b6e69a43832f6998e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:52:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 203
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 208ms
63ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=userupload.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 06 Mar 2022 10:52:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 178ms
62ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=userupload.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 06 Mar 2022 10:52:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0369 58 KB
26 KB 654ms
592ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=9237283852&adk=1997398430&adf=4108538649&pi=t.ma~as.9237283852&w=350&fwrn=4&fwrnh=100&lmt=1646563921&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563921670&bpp=4&bdt=534&idt=268&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&correlator=4906903281951&frm=20&pv=2&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=MJrqDjf2Qd&p=https%3A//userupload.net&dtd=284

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d10ae726cd5a35b7793c202c6f5a167af3d4a0721402ca53294b6aaa6873fddf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 06 Mar 2022 10:52:02 GMT
server: cafe
content-length: 26414
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 06 Mar 2022 10:52:02 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 34A6 58 KB
26 KB 1024ms
968ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5298038844&adk=3658158944&adf=3044448856&pi=t.ma~as.5298038844&w=350&fwrn=4&fwrnh=100&lmt=1646563921&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563921674&bpp=1&bdt=538&idt=284&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280&correlator=4906903281951&frm=20&pv=1&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=XHVHh6V268&p=https%3A//userupload.net&dtd=287

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

03eeb531010954c9552c6131c6d88ec017da931dcbf07b3fac89ff8abaa1af7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 06 Mar 2022 10:52:02 GMT
server: cafe
content-length: 26359
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 06 Mar 2022 10:52:02 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8C57 58 KB
26 KB 633ms
581ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=4007740924&adk=2448036532&adf=2560393268&pi=t.ma~as.4007740924&w=480&fwrn=4&fwrnh=100&lmt=1646563921&rafmt=1&psa=0&format=480x280&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563921675&bpp=1&bdt=539&idt=288&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280&correlator=4906903281951&frm=20&pv=1&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=695&ady=150&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=NNftSSvI3C&p=https%3A//userupload.net&dtd=290

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5a06f2860006f86e9b1259631474b4407011ce71a4e7c1ac0e317b3107e2170d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 06 Mar 2022 10:52:02 GMT
server: cafe
content-length: 26394
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 06 Mar 2022 10:52:02 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3179 70 KB
28 KB 750ms
702ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=1042759759&adk=2198837252&adf=2833722400&pi=t.ma~as.1042759759&w=350&fwrn=4&fwrnh=100&lmt=1646563921&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563921675&bpp=1&bdt=538&idt=292&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280&correlator=4906903281951&frm=20&pv=1&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1005&ady=512&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=W8eEBueuPh&p=https%3A//userupload.net&dtd=293

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

090fb6923ed35377f75b33b9334da772a54dcb8c3004d5a65bb8a5dc3de0cfc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 06 Mar 2022 10:52:02 GMT
server: cafe
content-length: 28605
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 06 Mar 2022 10:52:02 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8B3F 70 KB
28 KB 409ms
363ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5644349740&adk=3102016549&adf=3760600436&pi=t.ma~as.5644349740&w=730&fwrn=4&fwrnh=100&lmt=1646563921&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563921676&bpp=1&bdt=539&idt=294&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280%2C350x280&correlator=4906903281951&frm=20&pv=1&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=625&ady=862&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=hhApSUYAU3&p=https%3A//userupload.net&dtd=295

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5ab0528ba35a8514cbbfaf5ae5eb05386792b6b5f2737fcb9c7d715424a28478

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 06 Mar 2022 10:52:02 GMT
server: cafe
content-length: 28648
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 06 Mar 2022 10:52:02 GMT
cache-control: private

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame E6C0 49 KB
20 KB 171ms
54ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-121815413-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tgwidget.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 2830
date: Sun, 06 Mar 2022 10:04:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Sun, 06 Mar 2022 12:04:52 GMT

GET
H2 200 568111984159760571
tpc.googlesyndication.com/daca_images/simgad/ Frame 8B3F 133 KB
133 KB 244ms
111ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/568111984159760571

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5644349740&adk=3102016549&adf=3760600436&pi=t.ma~as.5644349740&w=730&fwrn=4&fwrnh=100&lmt=1646563921&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563921676&bpp=1&bdt=539&idt=294&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280%2C350x280&correlator=4906903281951&frm=20&pv=1&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=625&ady=862&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=hhApSUYAU3&p=https%3A//userupload.net&dtd=295

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68f30b9bd309413b1274d8023504d62a9bed9a1333802a314071ecf6acd7580e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 02:13:22 GMT
x-content-type-options: nosniff
age: 203920
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136096
x-xss-protection: 0
last-modified: Wed, 17 Nov 2021 09:22:01 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 04 Mar 2023 02:13:22 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/ Frame 8B3F 19 KB
8 KB 187ms
54ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d67c6a30bbb9f841e5fc883687b07ecbd33f0292c148b0b6edf499de0e742a6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:46:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 356
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7872
x-xss-protection: 0
server: cafe
etag: 15461303091586157378
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Mar 2022 10:46:06 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/ Frame 8B3F 2 KB
1 KB 196ms
68ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:48:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 183
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Mar 2022 10:48:59 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8B3F 124 KB
39 KB 209ms
65ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ded445534230fe3d1274bd48ed100b17ea890a65d5c0250172369a5b522f3ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:52:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38860
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646224922100600"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 06 Mar 2022 10:52:02 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/ Frame 8B3F 15 KB
6 KB 191ms
62ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d054377044014c1069958d9c610330164f05edbf091b2be9b6be60dc4f043494

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:45:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 393
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6417
x-xss-protection: 0
server: cafe
etag: 10598556267281433416
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Mar 2022 10:45:29 GMT

GET
H2 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/ Frame 8B3F 28 KB
12 KB 200ms
71ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f4b04166b6e23095feb89427b395cff80036ef313d35ca34e3b4d2ca6c5ef32d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 07:25:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12412
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11811
x-xss-protection: 0
server: cafe
etag: 8908131998612474304
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Mar 2022 07:25:10 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 8B3F 0
0 97ms
97ms Fetch
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CovOzUpIkYpLDBMS0YLHbgPAL-s3RwGjLmKqfvw_Z2R4QASDsp5xLYJUCoAGcr_uoAsgBAqgDAcgDyQSqBNcBT9D97aoq5UPY7lEIdcC46Q7p0BojyCiip5KontL4yRmusLZ1e8mDrUWb75pFKIRZcG9Pzo-Y8IJ9N_uY59ye8d6dZIXFrm4NBC8UtT9POoBnmXsbwYQw2oq5H8z-TpUI05LN1uSeHnV2OMIIFQbX51ogznQnPR7XA60Xs_3JyiUtAQAN9_BSA_AJ_WuDNsbH_Pub3ZXuJcndRTJLMqm7Yv9DQs2V2T2-tmOrS7hteuWxx00MW5Bd9G_A4W-_EhvmU43TQZ_BIp5Igs4EZPBoUBPMDAU7c_DABI31qq3wA5IFBAgEGAGSBQQIBRgEoAYCgAfM0ITXAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEELD4F9IICQiA4YAQEAEYH4AKAcgLAdgTDdAVAZgWAYAXAbIXHAoaCAASFHB1Yi01MjI4ODA2MzA2NTQyMjQ4GAA&sigh=PvC6VLkBDq0&uach_m=[UACH]

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5644349740&adk=3102016549&adf=3760600436&pi=t.ma~as.5644349740&w=730&fwrn=4&fwrnh=100&lmt=1646563921&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563921676&bpp=1&bdt=539&idt=294&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280%2C350x280&correlator=4906903281951&frm=20&pv=1&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=625&ady=862&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=hhApSUYAU3&p=https%3A//userupload.net&dtd=295
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 06 Mar 2022 10:52:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 06 Mar 2022 10:52:02 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 0F3C 143 B
163 B 54ms
54ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5644349740&adk=3102016549&adf=3760600436&pi=t.ma~as.5644349740&w=730&fwrn=4&fwrnh=100&lmt=1646563921&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563921676&bpp=1&bdt=539&idt=294&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280%2C350x280&correlator=4906903281951&frm=20&pv=1&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=625&ady=862&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=hhApSUYAU3&p=https%3A//userupload.net&dtd=295

Response headers

x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 145
x-xss-protection: 0
date: Sun, 06 Mar 2022 10:03:16 GMT
cache-control: public, max-age=3600
content-type: text/html; charset=UTF-8
age: 2926
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame DFD1 0
0 259ms
128ms Fetch
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvIdFuXxOtjTmRijz7q9EEXkAHvS1dxCaj7Bnu1XREbn_sMgzicJ5WPVaUwWEDLKGDktyRz-PlsfIUFbamhgJJtNdLyVK0nq4gMOlW9rNhCKKVj-_L_WbuMQFQYOq0BU-q9gx2GYW6iUfGmR-PempNUor0sz4e1BQObxhxaLS4sK9VDcRhXmPTojKacq1sKI0SELi90bFmLv5B-hZcXWdxSt0uZ45yf_NkKnULkN1D9VpB4L9JqK_N9a7Hp57qTiB4wWjjHntVqfmXtu15n89wIlvHD0kf6RR6k9gRSIxRMISlmmRo-WOnEnrHoC25M-IeE4ueiyDdeJ0qRnY1jwT-Yxn0ut83W4BmOuAACYeozk5yPxhbQCqK8bHE9E8-J0R89aWt7_JMYA7Zgd8UGLUoyvS3P2MReyiOCx9KnuizMkZNxMRV6thX4t1JTMaX_bQZ8Ut_GDT_iFVFtO28dcYgvRGr8OR6IgsNGiad2pIxX2mqHsrrSQcfNf2jReo2X0U28jPytyex8AAfLZCVMgtR7Enf2LsHHj8WVeCdBm36RAFZvdKI0_kHzm86L9y7SmQN1LAf20g42jVLZmRK26ZkI-YIHTRUQmEE_FKjyGUBkCW3IXpVb4U39GOdLwfhuPwVfGZT4Vfc6Z7loLenHzjmmQ26EwMQ_QPLCGi4XEHEw5YCvZwLtFHGxrk2HczwSB5sxggCRqXGUqfDtAvO-qkoYfMOTE8bMvXUA7VTAaOkA37I_dDV3IQ7AcFbGdV1J4f5x-5BxVTOHEz9Ce-unWoL81zdfq3_OvFl_fAMnpWjZyZCSm6JKlgsKloMwfufd2i69d1ll_LzBiJ-osMGCoAqLTzWLCMuYk1qLg1Xcs4-U7z-ARHSak_pnv7rpw7ClCnF2yyFPP-1QANPqzACqh8kfiVrtadm2l8n62av6gHrw_DI_2zNXbU6qbr3mL4muMN7GqQlKnoIGhcMf7Yz0vB9YtfANf2_8&sai=AMfl-YRgcdqhOZduCBypvdfN1jZWUJ8wfso5vmSimGie_AEzMWd-4y_X9v7bog&sig=Cg0ArKJSzF8g_8z7ay6-EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=

Requested by

Host: userupload.net
URL: https://userupload.net/114qkz10novb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sun, 06 Mar 2022 10:52:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame DFD1 41 KB
15 KB 218ms
153ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: userupload.net
URL: https://userupload.net/114qkz10novb

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 05 Mar 2022 11:40:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83502
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 05 Mar 2023 11:40:20 GMT

GET
H3 200 m_js_controller_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/ Frame DFD1 32 KB
13 KB 166ms
102ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/m_js_controller_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=4007740924&adk=2448036532&adf=2560393268&pi=t.ma~as.4007740924&w=480&fwrn=4&fwrnh=100&lmt=1646563921&rafmt=1&psa=0&format=480x280&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563921675&bpp=1&bdt=539&idt=288&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280&correlator=4906903281951&frm=20&pv=1&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=695&ady=150&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=NNftSSvI3C&p=https%3A//userupload.net&dtd=290

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bed9b4262d2ff6c062498919f5b33aa10d8b66eb940e14e8e439cbeeda5fcf4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:50:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13100
x-xss-protection: 0
server: cafe
etag: 1410534053808292774
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Mar 2022 10:50:35 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/ Frame DFD1 2 KB
1 KB 217ms
153ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:30:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1279
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Mar 2022 10:30:43 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DFD1 124 KB
38 KB 152ms
89ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ded445534230fe3d1274bd48ed100b17ea890a65d5c0250172369a5b522f3ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:52:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38860
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646224922100600"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 06 Mar 2022 10:52:02 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/ Frame DFD1 15 KB
6 KB 156ms
93ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d054377044014c1069958d9c610330164f05edbf091b2be9b6be60dc4f043494

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:51:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 59
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6417
x-xss-protection: 0
server: cafe
etag: 10598556267281433416
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Mar 2022 10:51:03 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/ Frame DFD1 19 KB
8 KB 148ms
85ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d67c6a30bbb9f841e5fc883687b07ecbd33f0292c148b0b6edf499de0e742a6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:37:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 848
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7872
x-xss-protection: 0
server: cafe
etag: 15461303091586157378
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Mar 2022 10:37:54 GMT

GET
H2 200 15448510939693400268
s0.2mdn.net/simgad/ Frame DFD1 17 KB
18 KB 172ms
55ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/15448510939693400268

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0af5c4eec37a645321c2ef51c7b9b24d948a822d9882a2f84ccb5a9fb1a22df1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 06:18:01 GMT
x-content-type-options: nosniff
age: 362041
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17397
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 22:12:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 02 Mar 2023 06:18:01 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame D834 0
0 250ms
128ms Fetch
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssGj7dInkB7Fga440JjLzGx4c0YknYsT-lqIaqC4FFWRyjmYwGk8l0xyHv67SHAsM_n3p9Vj35BYLR71tSHIXLT9bkw7LzIPeMu-YQ09ZJMPddc_foNAoFN2-0SSnhRd2um9Xdy8KYEnzmO0J2q7KdyQjZR28AffK8IihQ-NiTRkb_5RujK-sjQbkKPCGvsWK0JydR795bWNbPbaYKC3HSEwr2cvXU6Is_mm6khaRxgGzn_VUbakaafn24sf54OTOKeG6cyKdBD49e0gCXcUrYr9OjqphZdWVBUdw9npIIIPA4GyJZvG3rovgTYl32yPNh04-m40kl_Cv1qO3-VBG2bLIHqOEoK9y24chxD2k10XAD2dBwH0Z7U3z7ZtvJ4I6MlsEEGgJx4BPeXHddZ0NI17WxJZ-J9hiNIa1ShqVa9MqyGDdX4zUr6N0oZeb5nB1RH-e5AWooo-atggDFv5tmRvxn9aT0iSLgekG72Akn5OaQ7wlpRHqku1FluUIDuK_Oa5DrgRUhVatA7XUc1EyjYKpgzPDjOlaPGPuA0-WXb7pNNhoX30W9LUMi-5Kv92pdf4MWI42fIwOQlVFPihsxejCVPTdbPZYO4dghpizV2AgWa7GmUe3Omh0Y8a1Lvp5rVLfd51JhQKiEH3ZlhW0ANsyhVErRnXB6qELf2VZexfoAiSjdIVG-YLArAnayE4bFphIAeB9si7SLZJ_Nw9Bsb-M4SDtRr0jmZji2dMqfEQrpN6TPyvrnMeCKm_4-_3HWZnhQj2pnkNz8CLOJVRjWNm6a1uH7XWL9p9GXS2ijP0LbI-uvM8d56eW1smYo6BirMDm8ScQkp1kUYqFoZpUL4YMWRoZZux0yt9Oh8ta-2edDg8xIxpXRCzdyTrrX2Ijiy34YVqAk3dYXYaVNGqPYb5_L5-Mbo6DfiRQi1IP1h-eKVn3OaPYNpyAP6i3wr_1hHKEXHC99W0Rb8H2lRcOkRlGL4qzUeedHFn9MLxlOdIQ&sai=AMfl-YTH8piHXCw0kFNo66fdJ53VrLcU3UzNzGN545T2LpqwdvPW0-IS4Xp62g&sig=Cg0ArKJSzMX8HfcMHsYFEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=

Requested by

Host: userupload.net
URL: https://userupload.net/114qkz10novb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sun, 06 Mar 2022 10:52:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame D834 41 KB
15 KB 188ms
132ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: userupload.net
URL: https://userupload.net/114qkz10novb

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 05 Mar 2022 11:40:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83502
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 05 Mar 2023 11:40:20 GMT

GET
H3 200 m_js_controller_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/ Frame D834 32 KB
13 KB 111ms
56ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/m_js_controller_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=9237283852&adk=1997398430&adf=4108538649&pi=t.ma~as.9237283852&w=350&fwrn=4&fwrnh=100&lmt=1646563921&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563921670&bpp=4&bdt=534&idt=268&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&correlator=4906903281951&frm=20&pv=2&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=105&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=MJrqDjf2Qd&p=https%3A//userupload.net&dtd=284

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bed9b4262d2ff6c062498919f5b33aa10d8b66eb940e14e8e439cbeeda5fcf4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:50:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13100
x-xss-protection: 0
server: cafe
etag: 1410534053808292774
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Mar 2022 10:50:35 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/ Frame D834 2 KB
1 KB 207ms
152ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:30:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1279
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Mar 2022 10:30:43 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D834 124 KB
38 KB 117ms
63ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ded445534230fe3d1274bd48ed100b17ea890a65d5c0250172369a5b522f3ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:52:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38860
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646224922100600"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 06 Mar 2022 10:52:02 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/ Frame D834 15 KB
6 KB 131ms
76ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d054377044014c1069958d9c610330164f05edbf091b2be9b6be60dc4f043494

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:51:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 59
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6417
x-xss-protection: 0
server: cafe
etag: 10598556267281433416
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Mar 2022 10:51:03 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/ Frame D834 19 KB
8 KB 107ms
54ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d67c6a30bbb9f841e5fc883687b07ecbd33f0292c148b0b6edf499de0e742a6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:37:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 848
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7872
x-xss-protection: 0
server: cafe
etag: 15461303091586157378
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Mar 2022 10:37:54 GMT

GET
H2 200 14800297623583137336
s0.2mdn.net/simgad/ Frame D834 22 KB
22 KB 182ms
74ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/14800297623583137336

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bed3f7c31b12a8b3e892e8d6c9d3e0ac534d737f4eeccffc4c55e38460683162

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 08:07:04 GMT
x-content-type-options: nosniff
age: 9898
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22826
x-xss-protection: 0
last-modified: Fri, 30 Jul 2021 17:56:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 06 Mar 2023 08:07:04 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 0F3C
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

130ms
129ms

Document
text/html

2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 06 Mar 2022 10:52:02 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 06 Mar 2022 10:52:02 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 06 Mar 2022 10:52:02 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 8B3F 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3e3aaa32b2dba3a8e1d3499fbab21b83a6c729e6e0c569b9c1eeb2b641e657c6

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 14828492229214819266
tpc.googlesyndication.com/simgad/ Frame 3179 46 KB
46 KB 127ms
126ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14828492229214819266?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qntK6diN12SXYqD1N1Z_zlXziQvPw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=1042759759&adk=2198837252&adf=2833722400&pi=t.ma~as.1042759759&w=350&fwrn=4&fwrnh=100&lmt=1646563921&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563921675&bpp=1&bdt=538&idt=292&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280&correlator=4906903281951&frm=20&pv=1&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1005&ady=512&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=W8eEBueuPh&p=https%3A//userupload.net&dtd=293

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90398d274e093821b066f9bc367d1ddb8e2fa9d18d7660c10cc3704c4d9f519f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 05 Mar 2022 19:39:43 GMT
x-content-type-options: nosniff
age: 54739
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46612
x-xss-protection: 0
last-modified: Wed, 17 Nov 2021 09:20:46 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 05 Mar 2023 19:39:43 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/ Frame 3179 19 KB
8 KB 82ms
82ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d67c6a30bbb9f841e5fc883687b07ecbd33f0292c148b0b6edf499de0e742a6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:37:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 848
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7872
x-xss-protection: 0
server: cafe
etag: 15461303091586157378
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Mar 2022 10:37:54 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/ Frame 3179 2 KB
1 KB 128ms
127ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:30:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1279
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Mar 2022 10:30:43 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3179 124 KB
38 KB 120ms
119ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ded445534230fe3d1274bd48ed100b17ea890a65d5c0250172369a5b522f3ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:52:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38860
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646224922100600"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 06 Mar 2022 10:52:02 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/ Frame 3179 15 KB
6 KB 86ms
85ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d054377044014c1069958d9c610330164f05edbf091b2be9b6be60dc4f043494

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:51:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 59
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6417
x-xss-protection: 0
server: cafe
etag: 10598556267281433416
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Mar 2022 10:51:03 GMT

GET
H3 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/ Frame 3179 28 KB
12 KB 129ms
128ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f4b04166b6e23095feb89427b395cff80036ef313d35ca34e3b4d2ca6c5ef32d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 07:25:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12412
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11811
x-xss-protection: 0
server: cafe
etag: 8908131998612474304
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Mar 2022 07:25:10 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3179 0
0 131ms
130ms Fetch
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CcRYzUpIkYoj0BLyU7APLqLCYAvrN0cBo25aqn78P2dkeEAEg7KecS2CVAqABnK_7qALIAQKoAwHIA8kEqgTZAU_QEsfXK_e0GfEJ12npD6eSUEIu2qxzZhEB7o-_oDTebVX2OgCdPYdTF3_lsHU29Dsyimi5azKSxeW_Um_7jr2CP1F4ERQpAHULNP4QKBnSed7Ue4UIPwFdz8rFyX7NnjcitbCCZKs7N9AkXPQWwLWM8JbD5ao8rb_8A-nY-WVn2SkPZ0terKie5VUWPWGxoY8-2AjsUeI4_06GhF-2dWEqkrMolsIi4Scrf_dsmKBkGcKZffw3I0EQ9kUQ-5uJZKHFtlvM8I5oeLxXcImHQNqEHoT_YEHud6jABI31qq3wA5IFBAgEGAGSBQQIBRgEoAYCgAfM0ITXAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEOn1FdIICQiA4YAQEAEYH4AKAcgLAdgTDdAVAZgWAYAXAbIXHAoaCAASFHB1Yi01MjI4ODA2MzA2NTQyMjQ4GAA&sigh=rMYWRXdwpoA&uach_m=[UACH]

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=1042759759&adk=2198837252&adf=2833722400&pi=t.ma~as.1042759759&w=350&fwrn=4&fwrnh=100&lmt=1646563921&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563921675&bpp=1&bdt=538&idt=292&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280&correlator=4906903281951&frm=20&pv=1&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1005&ady=512&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=W8eEBueuPh&p=https%3A//userupload.net&dtd=293
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 06 Mar 2022 10:52:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 9D1A 143 B
163 B 54ms
53ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=1042759759&adk=2198837252&adf=2833722400&pi=t.ma~as.1042759759&w=350&fwrn=4&fwrnh=100&lmt=1646563921&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563921675&bpp=1&bdt=538&idt=292&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280%2C350x280%2C480x280&correlator=4906903281951&frm=20&pv=1&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1005&ady=512&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=W8eEBueuPh&p=https%3A//userupload.net&dtd=293

Response headers

x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 145
x-xss-protection: 0
date: Sun, 06 Mar 2022 10:03:16 GMT
cache-control: public, max-age=3600
content-type: text/html; charset=UTF-8
age: 2926
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame D834 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aeaa040ecbe92a972e0e4ea04f3aa289d347ad75aa18019790d28348ca97636f

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 80F3 22 KB
8 KB 54ms
53ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 05 Mar 2022 11:40:18 GMT
expires: Sun, 05 Mar 2023 11:40:18 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 83504
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame DFD1 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4d26e9610c392afa8c2768cca8f7cf0523f9dc86cd1f63ebc4df5813be2e77b4

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 12CB 22 KB
8 KB 54ms
54ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 05 Mar 2022 11:40:18 GMT
expires: Sun, 05 Mar 2023 11:40:18 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 83504
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 3179 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 253ac81b12fff75573fc2a585fde67f4ee4c232f467d159b70ed58713e8d3bdb

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 9D1A
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

110ms
109ms

Document
text/html

2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 06 Mar 2022 10:52:03 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 06 Mar 2022 10:52:03 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 06 Mar 2022 10:52:03 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame CE17 35 KB
13 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 05 Mar 2022 14:05:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74817
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 05 Mar 2023 14:05:05 GMT

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame 80F3 35 KB
13 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 05 Mar 2022 14:05:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74817
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 05 Mar 2023 14:05:05 GMT

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame 12CB 35 KB
13 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 05 Mar 2022 14:05:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74817
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 05 Mar 2023 14:05:05 GMT

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame 6B92 35 KB
13 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 05 Mar 2022 14:05:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74818
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 05 Mar 2023 14:05:05 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame AA77 0
0 196ms
133ms Fetch
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsubWwglYYpQ6P1br5-inLezSVoWFcT6odrgWsuLKeHQ3rzoi64gj5Kwme5L8NPbq_H-ImS9m8bspoDG9oNvf4Y1SaoWr17IaIfOD9R4rwvnPQ_utgxDwdirsTD2uG2JaER67J0xkS_JjM3BCs4txGI3k6sj7kXcR3xNzYPkRnGTlOGIlZrAMWWwqLovnsyhTaak3uPLhynpWPk1qdeUKXwoIs67vHpTqTaTw42pRXXtgzuO__cEs61nbF1NINM8sV73uBONlnibR6K4Gl-ajy3wH-zqiTerHbz6YDHqtuSQzdN1pdz9bx9qN0ZnyjIno0Kik58xiuLPgTegnntWvmDqw2JD7Yd3Qj7kvg-ghOQDRzZk69q9HeEZOBnIwgUJC4yZ2ieYaUqtnzM27l4jFc---dVyTUih2KgWauOdPQUT8QO33KFhRs1lbpHfN7KbVMRVAUjHx1oPPdHy159o0AC7IUVgjPrqmTZ5BzXDUS8Q4NCT7-yaR6XvvsGbrRM6WFtZ-zk1A4I5AazRA_VlggtjjD53XDRvx7SQ0LCAxDKNR4M355jjqQWTnZxUBtLsyH_QMX4OuvIqxhF4-vXp1TYoIU3NNwJJ096KbcGoduuLa6iYNUY5Y12jeZ9E5HCsxkJcVv9tgxFgKAz0HLRCI0JBgYQD8EW8kKiKKFn_W7d8EHipONtqZp4o4i5Zf6eNYjPARPRcxwWUP1QcF98-8yGdYke1kwVoLpExWJhd2H7bU6FB-hvcIHb9s2piF4rSP4d9S571TIAV2kVWCjtYVjC8GC76smWseYkiA4KaMMrP5k2U1uDhpHA3MbZHkuvHGb9rEIJiYO5dCvaPItNn0v2CPEjSYSSf6BthcUhB7j0YsHeSo-WufQTBSQkCISBvTEKx7JOC806H50v57qLrR-ghAx3skargGnvQEvZEzCkTk1t5y1bY1SLoJnWn1N8aLHd7A_hYfThUdYnvHmviuMVKDZo0AtXSZw&sai=AMfl-YSBSp62QeImo3GbI1ZVATX5Z0VfTN-qevqx123IoBFWQCEnmiKGyF1iLg&sig=Cg0ArKJSzBHLTILz6Xn3EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=

Requested by

Host: userupload.net
URL: https://userupload.net/114qkz10novb

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sun, 06 Mar 2022 10:52:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 15448510939693400268
s0.2mdn.net/simgad/ Frame AA77 17 KB
17 KB 117ms
55ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/15448510939693400268

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5298038844&adk=3658158944&adf=3044448856&pi=t.ma~as.5298038844&w=350&fwrn=4&fwrnh=100&lmt=1646563921&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563921674&bpp=1&bdt=538&idt=284&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280&correlator=4906903281951&frm=20&pv=1&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=XHVHh6V268&p=https%3A//userupload.net&dtd=287

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0af5c4eec37a645321c2ef51c7b9b24d948a822d9882a2f84ccb5a9fb1a22df1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 06:18:01 GMT
x-content-type-options: nosniff
age: 362042
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17397
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 22:12:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 02 Mar 2023 06:18:01 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame AA77 41 KB
15 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: userupload.net
URL: https://userupload.net/114qkz10novb

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 05 Mar 2022 11:40:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83503
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 05 Mar 2023 11:40:20 GMT

GET
H3 200 m_js_controller_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/ Frame AA77 32 KB
13 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/m_js_controller_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5298038844&adk=3658158944&adf=3044448856&pi=t.ma~as.5298038844&w=350&fwrn=4&fwrnh=100&lmt=1646563921&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563921674&bpp=1&bdt=538&idt=284&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280&correlator=4906903281951&frm=20&pv=1&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=XHVHh6V268&p=https%3A//userupload.net&dtd=287

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bed9b4262d2ff6c062498919f5b33aa10d8b66eb940e14e8e439cbeeda5fcf4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:50:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 88
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13100
x-xss-protection: 0
server: cafe
etag: 1410534053808292774
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Mar 2022 10:50:35 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/ Frame AA77 2 KB
1 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5298038844&adk=3658158944&adf=3044448856&pi=t.ma~as.5298038844&w=350&fwrn=4&fwrnh=100&lmt=1646563921&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563921674&bpp=1&bdt=538&idt=284&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280&correlator=4906903281951&frm=20&pv=1&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=XHVHh6V268&p=https%3A//userupload.net&dtd=287

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:30:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1280
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Mar 2022 10:30:43 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame AA77 124 KB
38 KB 86ms
85ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5298038844&adk=3658158944&adf=3044448856&pi=t.ma~as.5298038844&w=350&fwrn=4&fwrnh=100&lmt=1646563921&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563921674&bpp=1&bdt=538&idt=284&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280&correlator=4906903281951&frm=20&pv=1&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=XHVHh6V268&p=https%3A//userupload.net&dtd=287

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ded445534230fe3d1274bd48ed100b17ea890a65d5c0250172369a5b522f3ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:52:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38860
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646224922100600"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 06 Mar 2022 10:52:03 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/ Frame AA77 15 KB
6 KB 56ms
56ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5298038844&adk=3658158944&adf=3044448856&pi=t.ma~as.5298038844&w=350&fwrn=4&fwrnh=100&lmt=1646563921&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563921674&bpp=1&bdt=538&idt=284&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280&correlator=4906903281951&frm=20&pv=1&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=XHVHh6V268&p=https%3A//userupload.net&dtd=287

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d054377044014c1069958d9c610330164f05edbf091b2be9b6be60dc4f043494

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:51:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6417
x-xss-protection: 0
server: cafe
etag: 10598556267281433416
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Mar 2022 10:51:03 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/ Frame AA77 19 KB
8 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&h=280&slotname=5298038844&adk=3658158944&adf=3044448856&pi=t.ma~as.5298038844&w=350&fwrn=4&fwrnh=100&lmt=1646563921&rafmt=1&psa=0&format=350x280&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563921674&bpp=1&bdt=538&idt=284&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&prev_fmts=350x280&correlator=4906903281951&frm=20&pv=1&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=XHVHh6V268&p=https%3A//userupload.net&dtd=287

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d67c6a30bbb9f841e5fc883687b07ecbd33f0292c148b0b6edf499de0e742a6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:37:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 849
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7872
x-xss-protection: 0
server: cafe
etag: 15461303091586157378
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Mar 2022 10:37:54 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 1D86 22 KB
8 KB 54ms
54ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 05 Mar 2022 11:40:18 GMT
expires: Sun, 05 Mar 2023 11:40:18 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 83505
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame AA77 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eee8140056cf8cc4497eaca4f0622a682ba3e98f0a6445c7d509e88fb370482e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame 1D86 35 KB
13 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 05 Mar 2022 14:05:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74818
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 05 Mar 2023 14:05:05 GMT

GET
H2 200 get_counts Show response
count-server.sharethis.com/v2.0/ 135 B
500 B 313ms
185ms Script
text/javascript 13.32.121.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-68.fra60.r.cloudfront.net

Software

Resource Hash

68b23398bc9f27438a38e94388564206a60cd220c23ca55aac7c6f95d9a4e6ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:52:03 GMT
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: c6b0d77387829f39cb45b936240257e9
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: Miss from cloudfront
content-type: text/javascript
cache-control: no-cache, no-store, must-revalidate
content-length: 135
apigw-requestid: OjvNFgoaoAMEPkQ=
x-amz-cf-id: ls_7ZAUyHdBeHBL3UoXAI8a7-lNt3ozP9J4yfDaECqxlQkklCvAUqw==

GET
H2 200 ppg.js Show response
platform-api.sharethis.com/ 19 KB
7 KB 56ms
56ms Script
application/javascript 13.32.99.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform-api.sharethis.com/ppg.js

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-22.fra60.r.cloudfront.net

Software

Resource Hash

551c9e5d06b0d4c8b044c0a6713fcd8a1380cc45c5aaa7aeff4ce9bbf9245d96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:30:01 GMT
content-encoding: gzip
last-modified: Sat, 05 Mar 2022 14:18:41 GMT
age: 1322
x-frame-options: SAMEORIGIN
etag: W/"4aaf-17f5a72675e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
via: 1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
accept-ranges: bytes
x-amz-cf-pop: FRA60-P3
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-id: StPovzxv3xhKymSAbdWZ7YPdviQTzvkoCVKXhLvOvTEcMF6N2NXl2Q==

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 437D 42 KB
22 KB 77ms
77ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfG5EUUAAAAAE7XFZvJfM0HHeaV1tQQqzZ7BTiX&co=aHR0cHM6Ly91c2VydXBsb2FkLm5ldDo0NDM.&hl=en&v=_exWVY_hlNJJl2Abm8pI9i1L&size=normal&cb=jj6yt3ajgdw4

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/_exWVY_hlNJJl2Abm8pI9i1L/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

12b237a3e738008f35482baa4285d79014d64aca6d57eb9d96364153aae5d663

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-TcffMiKA71iU4biq8DK7Cg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 06 Mar 2022 10:52:03 GMT
content-security-policy: script-src 'report-sample' 'nonce-TcffMiKA71iU4biq8DK7Cg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 22644
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
10 KB 143ms
81ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220302&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9aeb2cd573e508a40d47a12cb5fd93b04e5c2f9248911765a14aa2fbef830a46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 06 Mar 2022 10:52:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10506
x-xss-protection: 0

GET
H2 200 facebook.svg
platform-cdn.sharethis.com/img/ 301 B
725 B 178ms
51ms Image
image/svg+xml 2600:9000:2315:9800:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://platform-cdn.sharethis.com/img/facebook.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:9800:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Wed, 09 Feb 2022 05:56:32 GMT
via: 1.1 fa544a973edca8926f95609301f23b66.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
server: AmazonS3
age: 2177732
etag: "c6e9be45643e197ce1db1d7e24a99adc"
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-length: 301
x-amz-cf-id: jkJaZkj2xggs_bCZSpQwT8fkjUI1i60FnB-SxbPUhg6bRMd9ztejmw==

GET
H2 200 whatsapp.svg
platform-cdn.sharethis.com/img/ 832 B
1 KB 178ms
52ms Image
image/svg+xml 2600:9000:2315:9800:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://platform-cdn.sharethis.com/img/whatsapp.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:9800:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

847eb36b4dc4b05f94052dcd98077319e74d882334a106bb9ca451ba211c9c2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sun, 20 Feb 2022 15:09:29 GMT
via: 1.1 fa544a973edca8926f95609301f23b66.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
server: AmazonS3
age: 1194155
etag: "afe7fc60ed757db39a88d2950fce69c9"
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-length: 832
x-amz-cf-id: 2-w-3HzidVP-hSkcKOFeHD00SfqQeQtcg5YBo1N8FJ1MgoQhVz-iOQ==

GET
H2 200 messenger.svg
platform-cdn.sharethis.com/img/ 372 B
797 B 179ms
52ms Image
image/svg+xml 2600:9000:2315:9800:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://platform-cdn.sharethis.com/img/messenger.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:9800:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

2986551fd9e82929eabb8cba7c44f74a28d8496c744893432f067b320dff55da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sun, 27 Feb 2022 07:07:27 GMT
via: 1.1 fa544a973edca8926f95609301f23b66.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
server: AmazonS3
age: 618276
etag: "a5aa43fa302867d3e888ac2f69b7b288"
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-length: 372
x-amz-cf-id: tBgwPMOqsWzLBjEJaDUy7gvsrO2C7u8Y2VEosvFS7Lkrmmv5zJkb8g==

GET
H2 200 twitter.svg
platform-cdn.sharethis.com/img/ 731 B
1 KB 179ms
53ms Image
image/svg+xml 2600:9000:2315:9800:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://platform-cdn.sharethis.com/img/twitter.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:9800:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

7c93346d4f681a0be90d1dfc19346382a4700f1810f41caa54415688dee1777f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sat, 12 Feb 2022 05:21:50 GMT
via: 1.1 fa544a973edca8926f95609301f23b66.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
server: AmazonS3
age: 1920614
etag: "0af2fb38987598376c99e21af17ade45"
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-length: 731
x-amz-cf-id: uo5qepldrDlwJgtPoYJWXHFCNJJjg6duLS5qyOSpmdB19rXXEToDwA==

GET
H2 200 telegram.svg
platform-cdn.sharethis.com/img/ 2 KB
1 KB 180ms
53ms Image
image/svg+xml 2600:9000:2315:9800:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://platform-cdn.sharethis.com/img/telegram.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:9800:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8bdf772d9fc521b1bac964b3e1287466cc5e6497f058ef97112f9a17b2591dfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sat, 12 Feb 2022 04:03:33 GMT
content-encoding: gzip
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
server: AmazonS3
age: 1925310
etag: W/"1e5f8bd74d9f0b6fbbae7c0cce36469e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 fa544a973edca8926f95609301f23b66.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-P2
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-id: QwS8wP62ORosIHUicMoRMeSE-RhVDYWVvcnWGHSUg8oh88rCOWWKfg==

GET
H2 200 sharethis.svg
platform-cdn.sharethis.com/img/ 514 B
937 B 180ms
54ms Image
image/svg+xml 2600:9000:2315:9800:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://platform-cdn.sharethis.com/img/sharethis.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:9800:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

9a83c65bdd0ff9488af9d25720686457ea7295c9c44f9f1d285a0c9ec89bab99

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sat, 26 Feb 2022 06:00:23 GMT
via: 1.1 fa544a973edca8926f95609301f23b66.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
server: AmazonS3
age: 708701
etag: "deecdaa377907db5cc1722fc831670a1"
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-length: 514
x-amz-cf-id: q_zLsWyZkRnbAPxI41Cx1obnaAxpA-haN0K_219xfZQEGW7Srd9clg==

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 126ms
64ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=userupload.net

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 06 Mar 2022 10:52:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 125ms
63ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=userupload.net

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 06 Mar 2022 10:52:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7EA7 154 KB
44 KB 505ms
504ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5228806306542248&output=html&adk=1812271804&adf=3025194257&lmt=1646563923&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fuserupload.net%2F114qkz10novb&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646563923295&bpp=1&bdt=2159&idt=1&shv=r20220302&mjsv=m202202280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D8c39d6f7a29d7f99-22d5eeec53cd000e%3AT%3D1646563922%3ART%3D1646563922%3AS%3DALNI_MYOaJzt9svEyPiGkL0rUFIQ9NAT3g&prev_fmts=350x280%2C350x280%2C480x280%2C350x280%2C730x280&nras=1&correlator=4906903281951&frm=20&pv=1&ga_vid=788578537.1646563922&ga_sid=1646563922&ga_hid=1983380085&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531398%2C44750774%2C31064037&oid=2&psts=AGkb-H8HKLHKIrIi7zYjhGt7tO6DSskxpBjxuAulc2OimgQDfe2LzwVJkSPFeMGtZe2qiqJDA8YpOvk-__irsQ%2CAGkb-H9NEisBBmlAzx035V46pOWXMdFiV59-rEZ0_mDkSDjV7ZYQgCcapybgyi-nhZPYV1_kljIBq6ZSOhjHfA&pvsid=3236805524367588&pem=548&tmod=1678463428&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=6&uci=a!6&fsb=1&dtd=44

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ce2f33e26dbc77fd7638a3a9a0012155e986dfea39b97e2702dd44b36f8f50ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 06 Mar 2022 10:52:03 GMT
server: cafe
content-length: 45390
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 80F3 0
20 B 89ms
89ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BxnSMUpIkYs-JBN6D9u8PtsqhqA0AAAAAOAHgBAI&bg=!gYKlgsbNAAb7UztL-1M7ACkAdvg8Wp-ZqlRATWA9phNEkT64J_snEOu8NZ7YhBR1jSt4vioV3k-xvAIAAADfUgAAAAJoAQeZAvN2U_VHSz3Y6-3VnUpf5m6oitnYIbRyR5Hh1H8AubSJ0zaPWRchN3v1hWwHVFS6IBbFDIANuLmpmSIZlacDeIPfHHhbblX3aEwO7FNgDJv3vYJvE0-O9Jgy2fJdFy4UYssh24-WVpV_760H6cVe1AjR-RrYTdSL0MzXZ4zf72G8uJD3OzVP7oa0qCEKzdM2ex1_jahMaHvk-wnw9ftvp3VedEukw3Jxunh-cUSHpJ83m0tMyqjwBY1A9PH36Gc3AuCSv1BkJufnZPXSbd9SaPxfjQLb1RxgIso80tSn1vwl5CgpcjQEs_esJf9s1pBsRsGO7HtO1hKyBXUswB3if4vrtvKsIKcWVlKk8HF8-qGMzuKNZ_ujmpXAPfy-EL2mRz892U8SN1rsmOl4KMQ8MGqKGQUei2h8Us-bjNJnTGoXLgXGZYeUZdxPdyduDpTo2YrJvMWiJpo077lRm4JKsTA-Aqxx_cQ3JlQR91DnOrrAMT74HGZYBnRJ0nzf8xYlNew_Z5MAstVd289So7UbySJ6MIEWrNhpf2pAUzTWThkS6A1qeI_PxO2LA-9DRZChmHPwbAX4rmqCoj9rOFSqnUcJt9Wmw91gTzOJUY_yV_Apevv4ePu7XhsiMaYm2ej2vHs67NMuq4nTJN43DBi7TdZtGUQNXNQhqgnfHEl1WL5IeJJ1TVnByBajmhOBMSCSQGon-E7ePfbZ2RdKTp4Hpt1CWmG108LiDM5Bo9XSsknQkhHBCuBkF2n3UTI98mCA2qf8HCBD5Skg1DopQhehGWWdPbP-24ZCaeLjO0HBuEPlVwaidmFo0OHLxh3WLmaHDYqhcIhOfm1z10tfDHuSPXxnfl9FQXjB2Cy6W0jlhabYnocArU7e6KhnbjLlWY9EaXGPhEaDr-QmcNUTjVR8E86lkW4glMGA5I2qaz-Gr9KFius1QH4Psq6xlIXSoQi4ig6FbwUMLbBhUg1Tl0unUNn3QajX3tCmuvX8nlD2oFbCkmLK9g

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Mar 2022 10:52:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 12CB 0
20 B 89ms
89ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BjlbWUpIkYozNA7OR7_UP6IaeWAAAAAA4AeAEAg&bg=!iIuli8_NAAb7UztL-1M7ACkAdvg8Ws2CnI2sot8B7I-hP4tzoAEiGA6ZZ3hC1liQnyj2CgVcGOjUEgIAAAEMUgAAAAZoAQcKAF1P2DWeTcPgEPIz9rZBZW81APbofYYc9y1HbERbsSLn7XtpMIQI5Y78bebc22_0HAAAYOdoPh_4vOdjsgkdrizTa5Uum_EQcDmyyMboH8XLEJYUBdq4wKx4Ecd2qleZAvWWyZPzcZRU_d9PcYQxNtiQp7IGpYEItPKaYv1voioU2huq3RU4TY1mdzgv2m3v571VMV_0WXb5eK5BEw2bt4zJ_J08zmDty3NTHmMpP5zd21WXTzyPQoJ49OPbzFhUXW02YKuoikD3G5wGbDdXDfEnpNuK4uxiibdwyV1EHrlnED9x3YGP4S8DICLPOPrZoKuR3TzIeA8qcrWlEX5dGkanrRk8vkiAVJOtL1EQMnqhn2oZWa4CTp7dxRsgDafLVqntjkVN4bzHykMCCLU8qC9kgPxAy_GZu-V5QhrnsRb2HE56fBQa-1KlChgA6jxdbUnEZZ5jxg1hFb-Fp7l60wtKgG0Gk_JDlYSMw77ENsf3_X2ARIAIW8pDYlr3aInsElI4q0F4lluVLCsK9HDOi40txlFgZHmFQN325K8YihsBpblDAjNmqXrMAutUPdIipjxJmcBgN56If9_dv1aURt3Mo3tTN34QZWqr3r5Qg20NLjt84Yr28A42jcJA5pbwE2mBNW9HhC9i64ucE4zhktAq8iT3-paAM6DaFNvUQ6F1F6XJ8olMQgNzdD7foD_vPmZstTKsAhehfGewTgfSQOw_XZt8S-OOypLxUZiamm2U2Y3cEG-65RZvoZbDS8ESNm-XM9oLewpRtvvET_NTeVZezHo8aC5d1xCYpdKvy-NqZoQhcfSiT3g58d91EA_HoPJz1Rt-fPDDrSV4gyxJlm5YvOU_3WwypWRGrWISwWVg84QmqkDfOoIoeoH-l_eRYeNpuOxirctbc-BzUKA4rnCgAbFwaBRbQ1DeVLKgI2zQGUS5NgLptoFDbl9vbF-sARC8OxsJXdqD_AWL0IYDPqxHaydU3EllExnXx-SbW5Fz3aAfKByK2Y_F-zXiC5jupgRO9W5KgFVArcNMTL0YloJdFQ6vV2cBaoZd-OJdtF5_GUBirBTJ6y9VZjvN9qNjelsLvQHE7aNpKysWxRXvMDxpXmzbOlBkEj-XfrKMTnOjgpaY1AD4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Mar 2022 10:52:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/_exWVY_hlNJJl2Abm8pI9i1L/ Frame 437D 51 KB
51 KB 117ms
55ms Stylesheet
text/css 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/_exWVY_hlNJJl2Abm8pI9i1L/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfG5EUUAAAAAE7XFZvJfM0HHeaV1tQQqzZ7BTiX&co=aHR0cHM6Ly91c2VydXBsb2FkLm5ldDo0NDM.&hl=en&v=_exWVY_hlNJJl2Abm8pI9i1L&size=normal&cb=jj6yt3ajgdw4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 16:57:18 GMT
x-content-type-options: nosniff
age: 150885
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52582
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 23:43:01 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 04 Mar 2023 16:57:18 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/_exWVY_hlNJJl2Abm8pI9i1L/ Frame 437D 356 KB
140 KB 116ms
54ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/_exWVY_hlNJJl2Abm8pI9i1L/recaptcha__en.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d526e08d2f18f7fea947247c440cf46473ed39655b4931e959939c383291f665

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 13:37:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 162879
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 143652
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 23:43:01 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 04 Mar 2023 13:37:24 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1D86 0
20 B 90ms
90ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BQ4hxUpIkYq7yBM2d9u8P5fSYkAQAAAAAOAHgBAI&bg=!sbKlsvbNAAb7UztL-1M7ACkAdvg8Wnj3QVbTAAcFZV6ykTk5E9AcqIPfo-sS7_5IYatUskyLeih5YgIAAABWUgAAAAJoAQcKAJ0bROl_0KEDW2Azxot-nfOYXKRCB25MNt02cDRmXk0PQuRVo4TmYtiG7DTMRpIKMhrcOLQNv85TXjUtc-3Q2UGQ2tbyeiUkOGrezSrnfq6shykZ9ptLdA1EKqCmw8GhIEFgCLDUt9bpKeMNh34TXVWWSh5bOXbxV-B5xhi-UU90EbFy6R4toeDv_QLHrlZnevo8vgYGKAQBshsw2QEgmQLgds7KHryVaRA-akElIz5Dhd-iDlde4odIYhBPWboH-VobZIvfonX1IlQvU7CXeRrUaZNKJEXEw6EuruG1TaHZeMkZCHElrNwIRb5434KiPxbijFvHKmmGy9SkXdPmxbeGK3vTdUufS4Ge379XTH3kcXKgTm6wum2DZ8aJGimwcvDyuHsyyiPj4owH-5RfX_Wh4VEPbvgDk3lZctm90ipF3Yzd9UJnMrvCyuKm4oVusEFbHtgconTktMAhiHxBlaewhEOg_8ad__upoZFIGBJG7VAOzk8BK6eu97sA1v2fKKc24FWeicJf7rEYpwXCqlV6pmV6Xu5q9-2rRr9uzuMSY7yoijF8ViOHk0jb6jfhw_rEL-rLz3GlNh7qLe7CKxTTHKcpTO7O9K9NTNE31jAGjD6J5RW13djCl1vILh503Cf_6KzaRAehbo45Ok7BPttNQJ0y61kYMf4S8beTc_j6obfwvn0s5rYT53D4L9lFHkj-_573Gvu36Jzd6JxLj3udjYaW-LRggU5CdLHrpTmL7FutlbJQXXkxwa7HREVn8_z4vTmIIDYnDhHBIRkwKMLPvg3oDvpS1wJJTTXATehb9pzeWV-MGdXBjpFzZf5ps2Ek0TtvmqQRL99l8zTIJOomnUApTa64XbY5AlGv2h2OLL9fJONGS_NVJebXiPf8WX1-iSpp11cc0Q9_OBxj0WMHIsCU4O3fbEtQcc3a2vkl6oEtvVkztFV2A2pwaV9u0AqE1rlVHmdQEBYw2CIQZ7sgXmk2bJz35_BsxumrUyfX06qIkMf7BkWAFZQ2_cf0OsF6akSDsYS1wNmt-hnznGcCs7kgyX8hBEvSXeD2HVxuz_BEqR36B9OddpgeMWGRqTDOLOqFHfsFwKlpENJMckHxBquwcMZ2L772A4syv_CqoRuAdRFT1AfKSuw9nj-TqEkXvpLpTMwQ_PYotahuxRUE0xikUtxe6KNPHdYHq-bCsg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Mar 2022 10:52:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 86ms
86ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:52:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 06 Mar 2022 10:52:03 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B17C 13 KB
5 KB 54ms
54ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 06 Mar 2022 10:48:17 GMT
expires: Mon, 06 Mar 2023 10:48:17 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 226
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 2747 783 B
535 B 64ms
63ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

dbd771d8d8026777d541ac526de045bde9b2ac673d0e88b31de29d27adb96d6f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-dUbp4P/WjCks0j7g6TxyyA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sun, 06 Mar 2022 10:52:03 GMT
date: Sun, 06 Mar 2022 10:52:03 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-dUbp4P/WjCks0j7g6TxyyA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame B17C 35 KB
13 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 05 Mar 2022 14:05:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74818
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 05 Mar 2023 14:05:05 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2747 0
0 119ms
118ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220302&jk=3236805524367588&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 437D 14 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 437D 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

Accept-Language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 437D 2 KB
2 KB 54ms
54ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/_exWVY_hlNJJl2Abm8pI9i1L/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/_exWVY_hlNJJl2Abm8pI9i1L/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 03:05:30 GMT
x-content-type-options: nosniff
age: 373593
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="recaptcha"
expires: Wed, 09 Mar 2022 03:05:30 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 437D 15 KB
15 KB 117ms
55ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
Accept-Language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 01 Mar 2022 11:18:05 GMT
x-content-type-options: nosniff
age: 430438
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 01 Mar 2023 11:18:05 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8B3F 42 B
64 B 90ms
89ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvian3izeSBOOrtbsnZ2lM4QIJBMl3mNp9sqXOndkEZ25leR3nnPzirwZcLfkMIpS-VbaSwtK-LO_5SmUhi_Ra2zbpO73nwA8qZxU2qALIJ0Xup7O39Og&sai=AMfl-YT0qjoRxJfNF5rp1PbZJ2Rv7CMN7PsmZCcueun0MZvHDWukEo5lcW4YUCxi5cBXJAo9DBuKWcrEBo4h&sig=Cg0ArKJSzD3DqjENqZpgEAE&id=lidar2&mcvt=1025&p=0,0,188,730&mtos=1025,1025,1025,1025,1025&tos=1025,0,0,0,0&v=20220302&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=3102016549&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1646563921972&rpt=742&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Mar 2022 10:52:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 437D 102 B
134 B 65ms
65ms Other
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=_exWVY_hlNJJl2Abm8pI9i1L

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bc607fa1d638484ad3a9af52879524a28db36ca792ae3818baceacb79e7cbd3b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfG5EUUAAAAAE7XFZvJfM0HHeaV1tQQqzZ7BTiX&co=aHR0cHM6Ly91c2VydXBsb2FkLm5ldDo0NDM.&hl=en&v=_exWVY_hlNJJl2Abm8pI9i1L&size=normal&cb=jj6yt3ajgdw4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:52:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Sun, 06 Mar 2022 10:52:03 GMT

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame 8DEF 7 KB
1 KB 66ms
65ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=_exWVY_hlNJJl2Abm8pI9i1L&k=6LfG5EUUAAAAAE7XFZvJfM0HHeaV1tQQqzZ7BTiX

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/_exWVY_hlNJJl2Abm8pI9i1L/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

eaf8043ecf88a9f86378c33646def65fe390d38b1067645a039cf67fb766f02a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-/JUGU22f8Q1Y1VmtePAJiA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 06 Mar 2022 10:52:03 GMT
content-security-policy: script-src 'report-sample' 'nonce-/JUGU22f8Q1Y1VmtePAJiA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1112
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame B17C 0
9 B 54ms
53ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?pLRMgQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:52:03 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202280101/ 151 KB
54 KB 77ms
77ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202280101/reactive_library_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c33ba47c6c290c9f4829c78c1cfa51331b772a50045d191d0d877f1ce625b1c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:52:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55054
x-xss-protection: 0
server: cafe
etag: 4539612057705259765
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 06 Mar 2022 10:52:03 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame DFD1 42 B
64 B 91ms
90ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssNXkn3JpUwJgZRdQWl0V4cWy6kIXMBn_emwRW-TXvwd5Qw8-mesdczxp3Ws9N4mtZYLojzhs97RXVZ3wWSnWm9zEEZiEn-pn1HFsODzKAFgEme_Rpjfyp0Y7j51sWK9OxHy8JlyqEzA7XXAK_k9ZJ28rGKqhkYsLlVB5TlgqaoTg&sai=AMfl-YRdZQqYD9k4KL4zIz1K21mUJ2dMdFHAzxbZWL9EniUDUc4fIuQRweFcA_jQCbxW-HiTXfu5QpCMOtYp&sig=Cg0ArKJSzNufstHNkwNrEAE&id=lidar2&mcvt=1011&p=0,0,280,336&mtos=1011,1011,1011,1011,1011&tos=1011,0,0,0,0&v=20220302&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2448036532&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1646563922612&rpt=263&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Mar 2022 10:52:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/_exWVY_hlNJJl2Abm8pI9i1L/ Frame 8DEF 51 KB
51 KB 55ms
55ms Stylesheet
text/css 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/_exWVY_hlNJJl2Abm8pI9i1L/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=_exWVY_hlNJJl2Abm8pI9i1L&k=6LfG5EUUAAAAAE7XFZvJfM0HHeaV1tQQqzZ7BTiX

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 16:57:18 GMT
x-content-type-options: nosniff
age: 150885
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52582
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 23:43:01 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 04 Mar 2023 16:57:18 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/_exWVY_hlNJJl2Abm8pI9i1L/ Frame 8DEF 356 KB
140 KB 65ms
65ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/_exWVY_hlNJJl2Abm8pI9i1L/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=_exWVY_hlNJJl2Abm8pI9i1L&k=6LfG5EUUAAAAAE7XFZvJfM0HHeaV1tQQqzZ7BTiX

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d526e08d2f18f7fea947247c440cf46473ed39655b4931e959939c383291f665

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 13:37:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 162879
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 143652
x-xss-protection: 0
last-modified: Mon, 28 Feb 2022 23:43:01 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 04 Mar 2023 13:37:24 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D834 42 B
64 B 89ms
88ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu1bvH8FF1i1-DfxzWqlDy8cXso1fAiXM1PGZF8Ci1wCtSNipI2U3GaGe_dsNEB9XZ7OqFnE7D3TjbPPyVXF8Ue5e-43fSaRqGlTKUkmyRN32kNz0nQafopsOg4biXj21UwtDY1hDtDw3f8-6XJ9-X2qwSB04SPkAN1ln_ksuhceA&sai=AMfl-YT_TUkjZb_s6iZckVRHQDpekfNBZnZPfFO7D8kp2HqCzcVLx-tW10NOyujMY1ojsvtNq5T_yuFsmgBs&sig=Cg0ArKJSzAKfAmBgexM4EAE&id=lidar2&mcvt=1000&p=0,0,280,336.015625&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220302&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1997398430&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1646563922626&rpt=260&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Mar 2022 10:52:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3179 42 B
64 B 89ms
88ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu6fI3FsxMhAzVzzo2SnonXaS-qJ2Zn9gjO5GOE6d1QMsR32cgGM2orl28Tfo-N13xuf_DMhoq9UrUupECbhfLesDbL1LEntU--vQ1WAnmI-u8wCfjCYw&sai=AMfl-YQ2pQwOwEVRBc3lPvY-5_6YYEyMF0--tza0jWqHXN-aHGfhOQ5B3CjO-O-K9Tbm9OyvQ4gxhJm5cA9Q&sig=Cg0ArKJSzNw8rscz7AjsEAE&id=lidar2&mcvt=1001&p=0,7,280,343&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20220302&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=2198837252&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1646563921969&rpt=932&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Mar 2022 10:52:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 63ms
62ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=userupload.net

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 06 Mar 2022 10:52:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 63ms
63ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=userupload.net

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 06 Mar 2022 10:52:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220302/r20110914/ Frame B713 10 KB
4 KB 54ms
53ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220302/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4502
x-xss-protection: 0
date: Sun, 06 Mar 2022 04:39:24 GMT
expires: Sun, 20 Mar 2022 04:39:24 GMT
cache-control: public, max-age=1209600
age: 22360
etag: 4044455266028820542
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 css2
fonts.googleapis.com/ Frame B713 4 KB
1 KB 180ms
64ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220302/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 06 Mar 2022 09:36:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sun, 06 Mar 2022 10:52:04 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 06 Mar 2022 10:52:04 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame B713 205 B
229 B 54ms
54ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220302/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 05 Mar 2022 21:50:26 GMT
x-content-type-options: nosniff
age: 46898
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 05 Mar 2023 21:50:26 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame B713 604 B
628 B 55ms
54ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220302/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:16:25 GMT
x-content-type-options: nosniff
age: 2139
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 06 Mar 2023 10:16:25 GMT

GET
H3 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/elements/html/ Frame B713 19 KB
8 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220302/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a25197dc637fcb41e8d3133cfed0573116c8a1618922454e6c13833754a161e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:49:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 170
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8378
x-xss-protection: 0
server: cafe
etag: 16647736096342315519
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Mar 2022 10:49:14 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 750D 8 KB
892 B 127ms
63ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220302/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 06 Mar 2022 08:57:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sun, 06 Mar 2022 10:52:04 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 06 Mar 2022 10:52:04 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/ Frame 750D 2 KB
914 B 54ms
54ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220302/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:48:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 191
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
server: cafe
etag: 13035868154101442325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Mar 2022 10:48:53 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/ Frame 750D 19 KB
8 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220302/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d67c6a30bbb9f841e5fc883687b07ecbd33f0292c148b0b6edf499de0e742a6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:37:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 850
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7872
x-xss-protection: 0
server: cafe
etag: 15461303091586157378
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Mar 2022 10:37:54 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/ Frame 750D 2 KB
1 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220302/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:30:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1281
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Mar 2022 10:30:43 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 750D 124 KB
38 KB 70ms
69ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220302/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ded445534230fe3d1274bd48ed100b17ea890a65d5c0250172369a5b522f3ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:52:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38860
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646224922100600"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 06 Mar 2022 10:52:04 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/ Frame 750D 15 KB
6 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220302/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220302/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d054377044014c1069958d9c610330164f05edbf091b2be9b6be60dc4f043494

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:51:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6417
x-xss-protection: 0
server: cafe
etag: 10598556267281433416
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Mar 2022 10:51:03 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 750D 0
0 62ms
62ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTNXDc6ZXLB8sWsA_EBrnTxHy_xETkoXbeyHHn0VEKiHYjWIYg8yTWZCw7LmOblZOuPO2wypPPVp7QLOvOpmdiKlJA4jA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220302/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 1983f1322954a331c3caffc9609329fe.js Show response
www.gstatic.com/mysidia/ Frame 750D 28 KB
12 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1983f1322954a331c3caffc9609329fe.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220302/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e467a852274fd7613b82065c6c7bf66198fe3a8629d1a40ad9a58ea69dc0dc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 04 Mar 2022 12:47:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 165858
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11765
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 01:32:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 02 Jun 2022 12:47:46 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame AA77 42 B
64 B 88ms
88ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssCyqIrYAeT_6n3yBTI9gGkXmUoGoQAPKgT3kJ6PxN9ZrSIVgz7KzRCVoMm32JbjhIH7VJqciO0pgowzmME7n5VuSel8VTvUt2Pi6oY7M2oPJptGQblhRZoXOyE0fcCLufaYFkWDcVdq7j2JaNqUiSQuTCquwD58ukEXkWccfxKzQ&sai=AMfl-YR6UdbsEHnLvy0n7u9LVOIICVVDggdNB7M-lv6k2Nuwr15rynynh2P9Gg_ZxfKrcQGSVd986QRKtGYt&sig=Cg0ArKJSzFo7jWvkxzVrEAE&id=lidar2&mcvt=1013&p=0,0,280,336.015625&mtos=1013,1013,1013,1013,1013&tos=1013,0,0,0,0&v=20220302&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3658158944&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1646563923056&rpt=172&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Mar 2022 10:52:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 8827 1 KB
749 B 54ms
53ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220302/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Sun, 06 Mar 2022 05:53:44 GMT
expires: Mon, 07 Mar 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 17900
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 404
Not Found IeUTWei.jpg
as.inbox.com/ 0
0 847ms
147ms Image
text/html 64.135.83.163
BROADBANDONE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://as.inbox.com/IeUTWei.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 64.135.83.163 Fort Lauderdale, United States, ASN13645 (BROADBANDONE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 200 favicon.ico
advertising.yahoo.com/ 2 KB
3 KB 191ms
57ms Image
image/x-icon 2a00:1288:110:c305::1:4000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://advertising.yahoo.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:110:c305::1:4000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

c6f7ee2cadae2e121342a8c4245141175bfe887776206deb17149d46cf3aa827

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://yahoo.lookbookhq.com https://yahoo.lookbookhq.com http://b2bmarketing.yahoo.net https://b2bmarketing.yahoo.net analytics-cs.yahoo.com;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:51:23 GMT
x-content-type-options: nosniff
age: 41
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
strict-transport-security: max-age=31536000
content-length: 2238
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 23 Sep 2019 20:01:40 GMT
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: SAMEORIGIN
content-type: image/x-icon
cache-control: max-age=900, public
content-security-policy: frame-ancestors 'self' http://yahoo.lookbookhq.com https://yahoo.lookbookhq.com http://b2bmarketing.yahoo.net https://b2bmarketing.yahoo.net analytics-cs.yahoo.com;
accept-ranges: bytes
expires: Thu, 05 May 2022 10:51:23 GMT

GET 1367_ad-clientID2464.jpg
advertising.aol.com/ 0
0

GET
H/1.1

200
OK

/
www.pair.com/
Redirect Chain

https://promote.pair.com/LCqPxRXgVFA6D5.jpg
https://www.pair.com/

0
0

826ms
277ms

Image
text/html

66.39.3.7
PAIR-NETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.pair.com/
Protocol: HTTP/1.1
Server: 66.39.3.7 , United States, ASN7859 (PAIR-NETWORKS, US),
Reverse DNS: www.pair.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Redirect headers

Location: http://www.pair.com/
Date: Sun, 06 Mar 2022 10:52:04 GMT
Server: Apache/2.4.52
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 204
Content-Type: text/html; charset=iso-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8827
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPJ0fSPYgDZkNLkmVmIntIEAeTE9EWF6b9oMjel...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWlTU1ZBQUFCTmN5Q1FoUQ&google_push=AYg5qPJ0fSPYgDZkNLkmVmIntIEAeTE9EWF6b9oMjelYmV683e4XWSDwMZBQbAxWlcVz83A-0kJA-Ges86I8gaaZ7O3Tx-rQfj4h

170 B
188 B

133ms
70ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWlTU1ZBQUFCTmN5Q1FoUQ&google_push=AYg5qPJ0fSPYgDZkNLkmVmIntIEAeTE9EWF6b9oMjelYmV683e4XWSDwMZBQbAxWlcVz83A-0kJA-Ges86I8gaaZ7O3Tx-rQfj4h

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Mar 2022 10:52:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWlTU1ZBQUFCTmN5Q1FoUQ&google_push=AYg5qPJ0fSPYgDZkNLkmVmIntIEAeTE9EWF6b9oMjelYmV683e4XWSDwMZBQbAxWlcVz83A-0kJA-Ges86I8gaaZ7O3Tx-rQfj4h
Date: Sun, 06 Mar 2022 10:52:04 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8827
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEPLPboUlVGOsm9zCj9D0D6c&google_cver=1&google_push=AYg5qPKA4-wv8q92OA6AvXRXq1_NjhmQmBYS_yJld9IXcbUzrw8rzX_gVK4KOh31xy-4vU0QLvxE6G9sCrLmLXYyfm27JSwk_ak
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKA4-wv8q92OA6AvXRXq1_NjhmQmBYS_yJld9IXcbUzrw8rzX_gVK4KOh31xy-4vU0QLvxE6G9sCrLmLXYyfm27JSwk_ak&google_hm=Q0FFU0VQTFBib1VsVkdPc2...

170 B
188 B

72ms
71ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKA4-wv8q92OA6AvXRXq1_NjhmQmBYS_yJld9IXcbUzrw8rzX_gVK4KOh31xy-4vU0QLvxE6G9sCrLmLXYyfm27JSwk_ak&google_hm=Q0FFU0VQTFBib1VsVkdPc205ekNqOUQwRDZj

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Mar 2022 10:52:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 06 Mar 2022 10:52:03 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKA4-wv8q92OA6AvXRXq1_NjhmQmBYS_yJld9IXcbUzrw8rzX_gVK4KOh31xy-4vU0QLvxE6G9sCrLmLXYyfm27JSwk_ak&google_hm=Q0FFU0VQTFBib1VsVkdPc205ekNqOUQwRDZj
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8827
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKb__Yv...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKb__Yv...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjAzMDYxMDUyMDQwMDAxNTg2NDI2MTQ2Ng%3D%3D&google_push=AYg5qPKb__Yvw9KV23Stpeh-RWSZUx9UDtkcO8dAsK4vngDhh7AdldPgAYobzuuiXQKyNt...

170 B
188 B

71ms
70ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjAzMDYxMDUyMDQwMDAxNTg2NDI2MTQ2Ng%3D%3D&google_push=AYg5qPKb__Yvw9KV23Stpeh-RWSZUx9UDtkcO8dAsK4vngDhh7AdldPgAYobzuuiXQKyNtjsxAxE5CV8UphKRz6HTkDgRqAeabQ

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Mar 2022 10:52:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjAzMDYxMDUyMDQwMDAxNTg2NDI2MTQ2Ng%3D%3D&google_push=AYg5qPKb__Yvw9KV23Stpeh-RWSZUx9UDtkcO8dAsK4vngDhh7AdldPgAYobzuuiXQKyNtjsxAxE5CV8UphKRz6HTkDgRqAeabQ
pragma: no-cache
date: Sun, 06 Mar 2022 10:52:05 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Sun, 06 Mar 2022 10:52:05 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 8827 43 B
324 B 173ms
63ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEPuSnYit1TwxHW29W9PrMes&google_push=AYg5qPI3ZlciWt5LhC8tyHnHzuSxU6CwA6XQc3zFpXpnTBEnGVUbwwDLnCFvAYDTcVOK5OtDtpDf88mkWHNtnOXEsbbhb1P-yH0P&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220302/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Mar 2022 10:52:04 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8827
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDMJHI1XqhL2g95izTSWpeA&google_cver=1&google_push=AYg5qPJeKZh824IR6aGvIIxoEI-vNKf1yGFvFeKCal9UFX4VIaOK3IuJs0wNSqFA_bkayWMzv2f...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBGNU5CRE4tNS0zQjEy&google_push=AYg5qPJeKZh824IR6aGvIIxoEI-vNKf1yGFvFeKCal9UFX4VIaOK3IuJs0wNSqFA_bkayWMzv2fFzfTBCyM2InR5cun4brKRdY5_

170 B
188 B

105ms
72ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBGNU5CRE4tNS0zQjEy&google_push=AYg5qPJeKZh824IR6aGvIIxoEI-vNKf1yGFvFeKCal9UFX4VIaOK3IuJs0wNSqFA_bkayWMzv2fFzfTBCyM2InR5cun4brKRdY5_

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Mar 2022 10:52:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBGNU5CRE4tNS0zQjEy&google_push=AYg5qPJeKZh824IR6aGvIIxoEI-vNKf1yGFvFeKCal9UFX4VIaOK3IuJs0wNSqFA_bkayWMzv2fFzfTBCyM2InR5cun4brKRdY5_
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Expires: 0

GET
H2 200 trk
ag.innovid.com/ Frame 8827 43 B
296 B 207ms
45ms Image
image/gif 2a05:d01c:1d8:8100:39fb:2754:c941:3afb
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEH7StognLxnMLeN402tT3JE&google_cver=1&google_push=AYg5qPLdG0QI1qZPnw4H_OVKbQwfFohvLzdLr0w1yLS7EKNogJ9dtYdjF6hAAPrjmoXVGgIRGxJuOSYCJsBbXJLTBtwJENt0LAU
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220302/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8100:39fb:2754:c941:3afb London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Mar 2022 10:52:04 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 1
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8827
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEP5NwVQdFC4D-l2o6EFYPSw&google_cver=1&google_push=AYg5qPIroKz9G-cDtbtmii_K...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPIroKz9G-cDtbtmii_KtcJtamqeTToy55CHTzAzcRPj8NhQfbB0DTMy2nufD1DMSGR5esDRnxBhdpdwzTEXVA2Bg1YVHgLgMA&google_hm=

170 B
188 B

101ms
71ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPIroKz9G-cDtbtmii_KtcJtamqeTToy55CHTzAzcRPj8NhQfbB0DTMy2nufD1DMSGR5esDRnxBhdpdwzTEXVA2Bg1YVHgLgMA&google_hm=

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Mar 2022 10:52:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 06 Mar 2022 10:52:04 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPIroKz9G-cDtbtmii_KtcJtamqeTToy55CHTzAzcRPj8NhQfbB0DTMy2nufD1DMSGR5esDRnxBhdpdwzTEXVA2Bg1YVHgLgMA&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Sat, 05 Mar 2022 10:52:04 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 8827 0
232 B 183ms
61ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J50m5hEkEMHNG4nnuM1zWh7nBGveOmT7K86LioMCJrWQwekjsaPqceQr4sDQbfUhX81yvApA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220302/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 06 Mar 2022 10:52:04 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame 4642 35 KB
13 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Host: userupload.net
URL: https://userupload.net/114qkz10novb

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 05 Mar 2022 14:05:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74819
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 05 Mar 2023 14:05:05 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 90ms
89ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220302&jk=3236805524367588&bg=!zs2lzYnNAAb7UztL-1M7ACkAdvg8WhWXN-W6g324gZE7hAvBexSwlbHRmlYBOQ5BNxBarxJkV8b4qgIAAACGUgAAAAFoAQcKAKyU41aOxJiTG4HJz73fDGDKGsMeEYdOZrBVBK6jhkhj5PG74WNrfSHS-LWanuJNGWnPsuI_cBJZRRUBIHeMq_os4SZgYVtSq8qzr4d-X7lSBiWeUk2jHqRGXIuabYhO3WWPlBidiJ_6vC8EW5Wpo88peRln1Cye3MF5iPQWOjjuj_jjdh2GCUkOW46p0HIASbcDAsyskR9syRaprL5onzOmbPDbtZFOH-De0hZimQKd9SGiI4XFTRpRN9QUaLZHjb9cxOTVFwv5qaCeRxWNqbaPs_13BDGS8jJrlBlWJa72FUXDCZR2U6hv1NGPW7txuefxHm5LgAhonKL37Cx-Ef3HcDtqWeEQRehTsvzvJnoxyorO1Aio4ViIWraJxKUTRj25cRuFQmliVoN2OrYyLb1uQ7GQo5t3DQHudcXqATdJBP8u5Asds8_5crMArWCujOqQlR0NHtGIT_1kVEXhqzcQQKxfH7r4fec2-fxYpMxlOeONWFFlBnpsNNOgGLzDwK2DIHkbj2O8pq3W_uqHvoUSMBgZu7MRRz0NoT9grHWNOqCj-XKOxZzV8X0c4LP8KV-1G5g8o9abZ4_8Pr3UqNQxLetFQGOzTGAz-c7hkb2aTNKjcAzJNYWRj19Q-PDb5m2inA9qeM2sR60lo4W7TjgSSG7mJgZMClcWoGINVJDw_g5Vcxy51UpOgbtAZbWdUDfvZuQ7gEVTBY_dGEdqcaNADt0ZPZuoW-R1pF2GYRS0Lv5n6nvk6x2BGJolVczuEbmcFx2VEMg18mRMnAZr9doC4gkK7mTlX1nhP2p3KYOTkk-Fs5Df4tuOeYlHFtUz-qEwuo2BXRov6ITw4uPTa1xMZrZa6vptWbc81LvVaD_U_dJhMLo0F36nRkH_u_U-5bXGaztU7kbFSu5O3zyYSLsFPRHygrL7PoyU4g9LjPe4zGJ7uUU6Hyni6OQXjCS9yHc0UF9Q9s3RuB2QguQ-hAea-_HGgLAMZDRTg-2H2UuF6J4YUcDo9MBpqlG5zDeoVF1yTd1IQHQBf5MKhLo6QzyQWE2b8D4nSKt24a0oaB792zXENXYpZO1bSpRPXFEuuWrEZUq2sS4xI7T7pwH0tpqs6-1DEAhttzzcjIIa

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9
Referer: https://userupload.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Mar 2022 10:52:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: advertising.aol.com
URL: https://advertising.aol.com/1367_ad-clientID2464.jpg

Verdicts & Comments Add Verdict or Comment

96 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

22 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.userupload.net/	1969-12-31 23:59:59	Name: lang Value: english
.userupload.net/	1970-01-20 01:42:53	Name: aff Value: 27808
.userupload.net/	1970-01-20 18:53:55	Name: __utma Value: 30043835.788578537.1646563922.1646563922.1646563922.1
.userupload.net/	1969-12-31 23:59:59	Name: __utmc Value: 30043835
.userupload.net/	1970-01-20 05:45:31	Name: __utmz Value: 30043835.1646563922.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.userupload.net/	1970-01-20 01:22:44	Name: __utmt Value: 1
.userupload.net/	1970-01-20 01:22:45	Name: __utmb Value: 30043835.1.10.1646563922
.userupload.net/	1970-01-20 10:44:19	Name: __gads Value: ID=8c39d6f7a29d7f99-22d5eeec53cd000e:T=1646563922:RT=1646563922:S=ALNI_MYOaJzt9svEyPiGkL0rUFIQ9NAT3g
.doubleclick.net/	1970-01-20 10:44:19	Name: IDE Value: AHWqTUnpdhvV8xD5CcL2JBP5PL0St6QANz_Tg-nLjQAMu0UDfkdHQVaRBW8oR8ZyTLU
.doubleclick.net/	1970-01-20 01:22:47	Name: DSID Value: NO_DATA
.innovid.com/	1970-01-20 03:32:19	Name: uuid Value: 0d6c4a6b-e68b-4015-b32f-0bc71741879c-20220306 05:52:04
.agkn.com/	1970-01-20 10:08:19	Name: ab Value: 0001%3AQIt%2FFzrdsSqjP7NbEfFYmBzqatfmPtFU
.agkn.com/	1970-01-20 10:08:19	Name: u Value: C\|0CEApt07UKbdO1AAAAAAAAQ13AQCAAQpAAAAAAA
.e.dlx.addthis.com/	1970-01-20 10:52:58	Name: na_tc Value: Y
.addthis.com/	1970-01-20 10:52:58	Name: na_id Value: 2022030610520400015864261466
.addthis.com/	1970-01-20 10:52:58	Name: na_tc Value: Y
.addthis.com/	1970-01-20 10:52:58	Name: uid Value: 62249254ed8d3cd4
.addthis.com/	1970-01-20 10:52:58	Name: ouid Value: 62249254000134c1562d3c6446d688feed7cd7d5b2a1566b0bcd
.dlx.addthis.com/	1970-01-20 02:05:55	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-20 02:05:55	Name: na_sr Value: 20220306
.dlx.addthis.com/	1970-01-20 01:22:43	Name: na_srp Value: 3614
.dlx.addthis.com/	1970-01-20 02:05:55	Name: na_sc_e Value: 0

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://advertising.aol.com/1367_ad-clientID2464.jpg Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://as.inbox.com/IeUTWei.jpg Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
advertising.aol.com
advertising.yahoo.com
ag.innovid.com
ajax.cloudflare.com
as.inbox.com
buttons-config.sharethis.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
count-server.sharethis.com
d.agkn.com
e.dlx.addthis.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
googlecm.hit.gemius.pl
l.sharethis.com
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.everesttech.net
pixel.rubiconproject.com
platform-api.sharethis.com
platform-cdn.sharethis.com
promote.pair.com
s0.2mdn.net
ssl.google-analytics.com
stats.g.doubleclick.net
tgwidget.com
tpc.googlesyndication.com
userupload.net
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.pair.com
advertising.aol.com
104.92.72.137
13.32.121.68
13.32.99.22
141.94.242.148
142.250.184.226
142.250.185.98
209.197.79.97
216.58.212.162
2600:9000:223c:9200:c:abe:f440:93a1
2600:9000:2315:9800:1d:85c3:6640:93a1
2606:4700::6810:135e
2606:4700::6811:480e
2a00:1288:110:c305::1:4000
2a00:1450:4001:800::2002
2a00:1450:4001:808::200e
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:813::2002
2a00:1450:4001:813::2004
2a00:1450:4001:827::2003
2a00:1450:4001:827::2008
2a00:1450:4001:828::2002
2a00:1450:4001:828::2006
2a00:1450:4001:82a::2001
2a00:1450:4001:830::200a
2a00:1450:4001:831::2002
2a00:1450:4001:831::2008
2a00:1450:400c:c07::9a
2a05:d01c:1d8:8100:39fb:2754:c941:3afb
3.127.180.130
3.69.69.173
34.98.67.61
51.89.234.230
52.215.248.120
64.135.83.163
66.39.3.7
69.173.144.165
95.217.229.114
03eeb531010954c9552c6131c6d88ec017da931dcbf07b3fac89ff8abaa1af7a
08d4e6308d4549372380e8a8d6b3de7613d304b43c2e6f50053af0338e5e0f67
090fb6923ed35377f75b33b9334da772a54dcb8c3004d5a65bb8a5dc3de0cfc3
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b
0af5c4eec37a645321c2ef51c7b9b24d948a822d9882a2f84ccb5a9fb1a22df1
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c
0da7fc1ae23678b2872653962d147fcd1cbd0a5a9c8f84d44ae99bc581fd9062
0ee3ba8d62688a5dcd8b12d596ab5256e567d0d314e79a12904ff428a666e27e
0f36b1fb32a4629666406b3cddae258555f52cd7a33ee7877a0cb9215d521e08
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12b237a3e738008f35482baa4285d79014d64aca6d57eb9d96364153aae5d663
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1b44219f9dad1f711d72a211d3d9532146a5e626ce22e59a171e0bf49ea31e68
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726
253ac81b12fff75573fc2a585fde67f4ee4c232f467d159b70ed58713e8d3bdb
2986551fd9e82929eabb8cba7c44f74a28d8496c744893432f067b320dff55da
2df25ed583d39ca73718949dd3c20036cdfba57ce4725b2a4564a47071b8be9c
3477023d8b7129eb517abf377492a608f2469ae91405fa62974e6771751e04ae
36b7cdabca53eda8f9ccdb9e449f9c22dc4841ab4b2a888bb5700fb5dfbc778c
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3e3aaa32b2dba3a8e1d3499fbab21b83a6c729e6e0c569b9c1eeb2b641e657c6
433d970f04c9cfdfe1eef18106807714cffa2ec96651af41c1be35d00a87bc1c
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27
4d26e9610c392afa8c2768cca8f7cf0523f9dc86cd1f63ebc4df5813be2e77b4
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
551c9e5d06b0d4c8b044c0a6713fcd8a1380cc45c5aaa7aeff4ce9bbf9245d96
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57ee478f48f0c5119a65bcab51b18ab6e7db8cb4db90a0fc8a6bfbb4c1af2d23
58a5608dd5df2fe0edf71e0f3f1bf2c583040a9579817b26e392d0c1d1af979a
5a06f2860006f86e9b1259631474b4407011ce71a4e7c1ac0e317b3107e2170d
5ab0528ba35a8514cbbfaf5ae5eb05386792b6b5f2737fcb9c7d715424a28478
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
64ef1788e2c86fe9b9f65689843ec0d459ee8c1477b4fe26b88a3b3cc1e98c56
66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
68b23398bc9f27438a38e94388564206a60cd220c23ca55aac7c6f95d9a4e6ce
68f30b9bd309413b1274d8023504d62a9bed9a1333802a314071ecf6acd7580e
6b1116dbdcc8665059c0163cb6cd034a949402f5bc6294390e8ffee39952f6ae
6da212f8852e71fec7a548df3fd23ec4bf5faaca5af818af4074e5240ca7b8d4
6ded445534230fe3d1274bd48ed100b17ea890a65d5c0250172369a5b522f3ba
7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31
768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
7b1ed14c8d4e5852e773d44304a3a33507ff993a4b6b70ea1d9fb8c6f68e7318
7c93346d4f681a0be90d1dfc19346382a4700f1810f41caa54415688dee1777f
7e467a852274fd7613b82065c6c7bf66198fe3a8629d1a40ad9a58ea69dc0dc4
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
847eb36b4dc4b05f94052dcd98077319e74d882334a106bb9ca451ba211c9c2c
8794e061485593c39efc9837dacd8a7e788b0c5f447fa072f66c65189f40f138
8bdf772d9fc521b1bac964b3e1287466cc5e6497f058ef97112f9a17b2591dfb
8bedd3a9d3d20f71aa28c17e75c18ddc9a323b823275ae9bec6a1b673ea646f5
90398d274e093821b066f9bc367d1ddb8e2fa9d18d7660c10cc3704c4d9f519f
9a83c65bdd0ff9488af9d25720686457ea7295c9c44f9f1d285a0c9ec89bab99
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9aeb2cd573e508a40d47a12cb5fd93b04e5c2f9248911765a14aa2fbef830a46
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a25197dc637fcb41e8d3133cfed0573116c8a1618922454e6c13833754a161e5
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a9f32abd1df5f2624a39b9911169fa30dc69da1467751ea060eb492b07c62129
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
adf8665bebfd9b0d676a8d3a284a19af1690e088a28100b6e69a43832f6998e1
aeaa040ecbe92a972e0e4ea04f3aa289d347ad75aa18019790d28348ca97636f
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
b106807d0b065185b4fb475481db10ee8457583101dc9a8b13385627e07d01c0
b262df0c0b790a38e06a84643195e4342853a1da798ad642a7e622f6d04ae944
bc607fa1d638484ad3a9af52879524a28db36ca792ae3818baceacb79e7cbd3b
bed3f7c31b12a8b3e892e8d6c9d3e0ac534d737f4eeccffc4c55e38460683162
bed9b4262d2ff6c062498919f5b33aa10d8b66eb940e14e8e439cbeeda5fcf4f
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c1bd88cc54165fd50700598361e7484401e4cc1525866fa5a73e8a463df5c226
c33ba47c6c290c9f4829c78c1cfa51331b772a50045d191d0d877f1ce625b1c0
c3e74a029f8e927bd80f13f4eb132b32bd60005b6319ba02c940b0477686ec7b
c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96
c56fd6b910ca93a3fb1875e35074b8ce8501c319ebaa0e8b7252f7e4a7023fe6
c6f7ee2cadae2e121342a8c4245141175bfe887776206deb17149d46cf3aa827
c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
ce2f33e26dbc77fd7638a3a9a0012155e986dfea39b97e2702dd44b36f8f50ee
d054377044014c1069958d9c610330164f05edbf091b2be9b6be60dc4f043494
d10ae726cd5a35b7793c202c6f5a167af3d4a0721402ca53294b6aaa6873fddf
d526e08d2f18f7fea947247c440cf46473ed39655b4931e959939c383291f665
d67c6a30bbb9f841e5fc883687b07ecbd33f0292c148b0b6edf499de0e742a6b
dae183958c03f92814f22f515adc75246071af9eac063a5035949326069ab9b3
dbd771d8d8026777d541ac526de045bde9b2ac673d0e88b31de29d27adb96d6f
e1d4f21db649ec5795e70cb72e59fdec97af300c64b5d8abbc67f00688eb0ecd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eaf8043ecf88a9f86378c33646def65fe390d38b1067645a039cf67fb766f02a
eee8140056cf8cc4497eaca4f0622a682ba3e98f0a6445c7d509e88fb370482e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f13d4a23664d1a212e275c7ccd6073d3751cd3554820a78fbf697a1fd6e251a3
f4b04166b6e23095feb89427b395cff80036ef313d35ca34e3b4d2ca6c5ef32d
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

userupload.net Open in urlscan Pro 51.89.234.230 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

164 Requests

95 %HTTPS

55 %IPv6

26 Domains

39 Subdomains

33 IPs

7 Countries

2491 kBTransfer

5758 kBSize

22 Cookies

6 Outgoing links

Redirected requests

164 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

userupload.net Open in urlscan Pro
51.89.234.230 Public Scan

Screenshot
Live screenshot

Full Image

164
Requests

95 %
HTTPS

55 %
IPv6

26
Domains

39
Subdomains

33
IPs

7
Countries

2491 kB
Transfer

5758 kB
Size

22
Cookies

164 HTTP transactions
7 data transactions