lollty.pro Open in urlscan Pro
199.85.210.80 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://3upload.com/ib8g06clnxpy
Effective URL:
https://lollty.pro/Skip1.php/?get=ib8g06clnxpy
Submission: On December 28 via manual (December 28th 2023, 7:38:33 pm UTC) from ID — Scanned from DE

Summary HTTP 271 Redirects Links 31 Behaviour Indicators

Summary

This website contacted 48 IPs in 7 countries across 46 domains to perform 271 HTTP transactions. The main IP is 199.85.210.80, located in United States and belongs to NAMECHEAP-NET, US. The main domain is lollty.pro.
TLS certificate: Issued by cPanel, Inc. Certification Authority on November 6th 2023. Valid for: 3 months.

This is the only time lollty.pro was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
47	199.85.210.80 199.85.210.80	22612 (NAMECHEAP...) (NAMECHEAP-NET)
2	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2606:4700:e2:... 2606:4700:e2::ac40:8c0d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	173.233.137.44 173.233.137.44	7979 (SERVERS-COM) (SERVERS-COM)
5	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:812::2008	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
20	2606:4700::68... 2606:4700::6810:8516	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
32	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	172.64.152.89 172.64.152.89	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2600:9000:210... 2600:9000:2104:7e00:10:dd8:5e40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:5614	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:10:... 2606:4700:10::ac43:266a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:9000:244... 2600:9000:2447:ec00:a:e047:753:a221	16509 (AMAZON-02) (AMAZON-02)
1	18.239.18.33 18.239.18.33	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
1 2	34.120.107.143 34.120.107.143	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	162.19.138.83 162.19.138.83	16276 (OVH) (OVH)
1	108.128.142.196 108.128.142.196	16509 (AMAZON-02) (AMAZON-02)
1	3.71.149.231 3.71.149.231	16509 (AMAZON-02) (AMAZON-02)
1 3	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5	2a00:1450:400... 2a00:1450:4001:801::2001	15169 (GOOGLE) (GOOGLE)
25	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE)
6	142.250.181.230 142.250.181.230	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:808::2006	15169 (GOOGLE) (GOOGLE)
9 30	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
7 13	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6 9	37.252.171.52 37.252.171.52	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:fa8:8806... 2a02:fa8:8806:21::1690	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 2	2606:4700::68... 2606:4700::6812:18ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	34.91.62.186 34.91.62.186	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	64.202.112.95 64.202.112.95	23352 (SERVERCEN...) (SERVERCENTRAL)
1	198.47.127.19 198.47.127.19	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	51.89.9.253 51.89.9.253	16276 (OVH) (OVH)
2 2	195.138.255.9 195.138.255.9	201011 (CORE-BACK...) (CORE-BACKBONE CORE-BACKBONE GMBH GLOBAL NETWORK)
5	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
1 1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
3 3	46.228.174.117 46.228.174.117	56396 (AMOBEE) (AMOBEE)
2 2	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1 1	104.122.24.29 104.122.24.29	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	35.214.168.80 35.214.168.80	15169 (GOOGLE) (GOOGLE)
1	213.202.235.9 213.202.235.9	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 2	52.57.164.72 52.57.164.72	16509 (AMAZON-02) (AMAZON-02)
1 1	2a05:d018:d29... 2a05:d018:d29:3601:18eb:9096:ecfc:cea8	16509 (AMAZON-02) (AMAZON-02)
1	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
1	18.153.246.175 18.153.246.175	16509 (AMAZON-02) (AMAZON-02)
1	18.184.81.93 18.184.81.93	16509 (AMAZON-02) (AMAZON-02)
271	48

47 199.85.210.80 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: nc-ph-4473.3upload.com

3upload.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lollty.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:e2::ac40:8c0d (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 173.233.137.44 (United States)

ASN7979 (SERVERS-COM, US)

dripgleamborrowing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2606:4700::6810:8516 (United States)

ASN13335 (CLOUDFLARENET, US)

live.demand.supply	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.152.89 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn-ima.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2104:7e00:10:dd8:5e40:93a1 (United States)

ASN16509 (AMAZON-02, US)

connectid.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:266a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2447:ec00:a:e047:753:a221 (United States)

ASN16509 (AMAZON-02, US)

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.239.18.33 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-18-33.ams58.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.107.143 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 143.107.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.83 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31532338.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.128.142.196 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-142-196.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.71.149.231 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:3::c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.181.230 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:808::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 142.250.181.226 (United States) 9 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 172.64.151.101 (United States) 7 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 37.252.171.52 (Frankfurt am Main, Germany) 6 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:21::1690 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:18ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.91.62.186 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.62.91.34.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.95 (United States) 2 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.19 (United States)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.89.9.253 (London, United Kingdom) 2 redirects

ASN16276 (OVH, FR)
PTR: ip253.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 195.138.255.9 (Germany) 2 redirects

ASN201011 (CORE-BACKBONE CORE-BACKBONE GMBH GLOBAL NETWORK, DE)

analytics.pangle-ads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 46.228.174.117 (United Kingdom) 3 redirects

ASN56396 (AMOBEE, GB)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.18 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.122.24.29 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-122-24-29.deploy.static.akamaitechnologies.com

cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.214.168.80 (Groningen, Netherlands) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 80.168.214.35.bc.googleusercontent.com

gtrace.mediago.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.202.235.9 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.57.164.72 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-164-72.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3601:18eb:9096:ecfc:cea8 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.153.246.175 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-153-246-175.eu-central-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.184.81.93 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-81-93.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
62	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 148	404 KB
52	doubleclick.net 9 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196 googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 ad.doubleclick.net — Cisco Umbrella Rank: 139 cm.g.doubleclick.net — Cisco Umbrella Rank: 219	385 KB
46	3upload.com 3upload.com	2 MB
20	demand.supply live.demand.supply — Cisco Umbrella Rank: 57430	43 KB
13	casalemedia.com 7 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 578	9 KB
13	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 300	482 KB
12	gstatic.com fonts.gstatic.com www.gstatic.com	145 KB
9	adnxs.com 6 redirects ib.adnxs.com — Cisco Umbrella Rank: 229 secure.adnxs.com — Cisco Umbrella Rank: 478	7 KB
8	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 971	223 KB
7	google.com adservice.google.com — Cisco Umbrella Rank: 93 www.google.com — Cisco Umbrella Rank: 2	2 KB
6	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29 ajax.googleapis.com — Cisco Umbrella Rank: 340	34 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 428	104 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 206	258 KB
4	criteo.com 2 redirects gum.criteo.com — Cisco Umbrella Rank: 424 mug.criteo.com — Cisco Umbrella Rank: 2811 dis.criteo.com — Cisco Umbrella Rank: 550	8 KB
4	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 1639 google-bidout-d.openx.net — Cisco Umbrella Rank: 1643 rtb.openx.net — Cisco Umbrella Rank: 695	1019 B
4	google-analytics.com ssl.google-analytics.com — Cisco Umbrella Rank: 587	34 KB
3	yahoo.com 1 redirects connectid.analytics.yahoo.com — Cisco Umbrella Rank: 4156 ups.analytics.yahoo.com — Cisco Umbrella Rank: 307 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 474	10 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 818	2 KB
2	3lift.com 2 redirects eb2.3lift.com — Cisco Umbrella Rank: 372	954 B
2	1rx.io 2 redirects sync.1rx.io — Cisco Umbrella Rank: 546	2 KB
2	pangle-ads.com 2 redirects analytics.pangle-ads.com — Cisco Umbrella Rank: 2266	2 KB
2	onetag-sys.com 2 redirects onetag-sys.com — Cisco Umbrella Rank: 714	770 B
2	zemanta.com 2 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 586	1 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 802 s.tribalfusion.com — Cisco Umbrella Rank: 2218	1 KB
2	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 979 bcp.crwdcntrl.net — Cisco Umbrella Rank: 850	12 KB
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 893 id5-sync.com — Cisco Umbrella Rank: 425	34 KB
2	dripgleamborrowing.com dripgleamborrowing.com
2	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 988	11 KB
1	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 336	146 B
1	sharethrough.com match.sharethrough.com — Cisco Umbrella Rank: 495	35 B
1	exactag.com m.exactag.com — Cisco Umbrella Rank: 11353	1 KB
1	mediago.io 1 redirects gtrace.mediago.io	465 B
1	media.net 1 redirects cs.media.net — Cisco Umbrella Rank: 1381	878 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1258	574 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 339	610 B
1	pubmatic.com image6.pubmatic.com — Cisco Umbrella Rank: 793	166 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 780	711 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2627	104 B
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 2789	3 KB
1	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 2133	1 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 313	1 KB
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 631	13 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 1740	8 KB
1	33across.com cdn-ima.33across.com — Cisco Umbrella Rank: 1352	5 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 4719	608 B
1	lollty.pro lollty.pro	29 KB
271	46

	Domain	Requested by
46	3upload.com	3upload.com lollty.pro
32	pagead2.googlesyndication.com	lollty.pro 3upload.com 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com tpc.googlesyndication.com securepubads.g.doubleclick.net s0.2mdn.net www.googletagservices.com
30	cm.g.doubleclick.net	9 redirects googleads.g.doubleclick.net 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com lollty.pro
25	tpc.googlesyndication.com	lollty.pro 3upload.com 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com tpc.googlesyndication.com securepubads.g.doubleclick.net s0.2mdn.net
20	live.demand.supply	lollty.pro live.demand.supply client
13	dsum-sec.casalemedia.com	7 redirects googleads.g.doubleclick.net
13	s0.2mdn.net	3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com 3upload.com s0.2mdn.net
11	securepubads.g.doubleclick.net	live.demand.supply securepubads.g.doubleclick.net lollty.pro
8	ib.adnxs.com	5 redirects googleads.g.doubleclick.net
8	use.fontawesome.com	3upload.com use.fontawesome.com lollty.pro
7	fonts.gstatic.com	fonts.googleapis.com
6	ad.doubleclick.net	3upload.com
6	www.google.com	lollty.pro 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com 3upload.com tpc.googlesyndication.com
5	www.gstatic.com	3upload.com 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
5	googleads.g.doubleclick.net	lollty.pro 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com 3upload.com
5	fonts.googleapis.com	3upload.com securepubads.g.doubleclick.net 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
4	www.googletagservices.com	3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com 3upload.com
4	ssl.google-analytics.com	3upload.com lollty.pro
2	pm.w55c.net	2 redirects
2	eb2.3lift.com	2 redirects
2	sync.1rx.io	2 redirects
2	analytics.pangle-ads.com	2 redirects
2	onetag-sys.com	2 redirects
2	b1sync.zemanta.com	2 redirects
2	gum.criteo.com	1 redirects static.criteo.net
2	oajs.openx.net	1 redirects lollty.pro
2	dripgleamborrowing.com	3upload.com lollty.pro
2	maxcdn.bootstrapcdn.com	3upload.com lollty.pro
1	x.bidswitch.net	3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
1	match.sharethrough.com	3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
1	rtb.openx.net	3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
1	pr-bh.ybp.yahoo.com	1 redirects
1	m.exactag.com	3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
1	secure.adnxs.com	1 redirects
1	gtrace.mediago.io	1 redirects
1	cs.media.net	1 redirects
1	sync.targeting.unrulymedia.com	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	dis.criteo.com	1 redirects
1	image6.pubmatic.com	3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
1	um.simpli.fi	1 redirects
1	s.tribalfusion.com	3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
1	a.tribalfusion.com	1 redirects
1	dclk-match.dotomi.com	3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
1	google-bidout-d.openx.net	oa.openxcdn.net
1	mug.criteo.com	lollty.pro
1	ups.analytics.yahoo.com	connectid.analytics.yahoo.com
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	id5-sync.com	cdn.id5-sync.com
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	cdn.jsdelivr.net	securepubads.g.doubleclick.net
1	connectid.analytics.yahoo.com	securepubads.g.doubleclick.net
1	static.criteo.net	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	cdn-ima.33across.com	securepubads.g.doubleclick.net
1	ajax.googleapis.com	lollty.pro
1	adservice.google.com	lollty.pro
1	partner.googleadservices.com	lollty.pro
1	lollty.pro	3upload.com
271	64

This site contains links to these domains. Also see Links.

Domain
3upload.com
www.facebook.com
sulvo.com

Subject Issuer	Validity	Valid
3upload.com cPanel, Inc. Certification Authority	`2023-12-14` - `2024-03-13`	3 months	crt.sh
bootstrapcdn.com GTS CA 1P5	`2023-11-30` - `2024-02-28`	3 months	crt.sh
use.fontawesome.com Cloudflare Inc ECC CA-3	`2023-10-12` - `2024-10-10`	a year	crt.sh
dripgleamborrowing.com R3	`2023-10-30` - `2024-01-28`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
lollty.pro cPanel, Inc. Certification Authority	`2023-11-06` - `2024-02-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
demand.supply Cloudflare Inc ECC CA-3	`2023-02-19` - `2024-02-19`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2023-09-06` - `2024-09-30`	a year	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-11-24` - `2024-02-22`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-15` - `2024-03-10`	3 months	crt.sh
connectid.analytics.yahoo.com GlobalSign ECC OV SSL CA 2018	`2023-08-15` - `2024-02-08`	6 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
invstatic101.creativecdn.com GTS CA 1D4	`2023-12-23` - `2024-03-22`	3 months	crt.sh
cdn.prod.uidapi.com R3	`2023-11-02` - `2024-01-31`	3 months	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2023-10-08` - `2024-11-05`	a year	crt.sh
*.id5-sync.com R3	`2023-11-01` - `2024-01-30`	3 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-12-26` - `2024-06-19`	6 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-01` - `2024-03-01`	3 months	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2023-08-15` - `2024-09-15`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2023-04-20` - `2024-05-20`	a year	crt.sh
*.exactag.com Sectigo RSA Organization Validation Secure Server CA	`2023-04-03` - `2024-05-03`	a year	crt.sh
*.sharethrough.com Amazon RSA 2048 M01	`2023-06-14` - `2024-07-12`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh

This page contains 28 frames:

Primary Page: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy
Frame ID: ABDF5DB784ADD30442387DD5FA1583ED
Requests: 125 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230628/r20190131/zrt_lookup.html
Frame ID: 136E7CBBFAB4EBA11A4BA8B2BA79366A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485722904051021&output=html&adk=1812271804&adf=3025194257&lmt=1688647068&plat=1%3A16777216%2C2%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2F3upload.com%2Fbuk3llhurtlc&ea=0&pra=5&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE0LjAuNTczNS4xOTkiLFtdLDAsbnVsbCwiNjQiLFtbIk5vdC5BL0JyYW5kIiwiOC4wLjAuMCJdLFsiQ2hyb21pdW0iLCIxMTQuMC41NzM1LjE5OSJdLFsiR29vZ2xlIENocm9tZSIsIjExNC4wLjU3MzUuMTk5Il1dLDBd&dt=1688647068464&bpp=386&bdt=24&idt=386&shv=r20230628&mjsv=m202307050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dffacc299809de38b-22480ea790e2003f%3AT%3D1688645542%3ART%3D1688646981%3AS%3DALNI_Mb2N6AvbdtXE0uvKxGcYVgulT1kIA&gpic=UID%3D00000ca0b14e8fe8%3AT%3D1688645542%3ART%3D1688646981%3AS%3DALNI_MYodgLO1OppICJQLBsdxBHgBY4M0A&nras=1&correlator=3963259299356&frm=20&pv=2&ga_vid=565754033.1688645529&ga_sid=1688645529&ga_hid=430499464&ga_fc=1&u_tz=180&u_his=3&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1903&bih=969&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C31075630%2C44759876%2C31075832%2C44788442&oid=2&pvsid=3195434146881601&tmod=1450534492&uas=0&nvt=2&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1920%2C0%2C1920%2C1040%2C1920%2C969&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=400
Frame ID: 648FE2BFDFFE190DAB4F326306B8F2FA
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D51AEF38FC446B5992599D2C48ECD06B
Requests: 1 HTTP requests in this frame

Frame: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 4324CA7EAD4C2A3D293B78CE5500350E
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=lollty.pro
Frame ID: A94853E81C755AF305B40417A6ADE51F
Requests: 2 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: C13AE0DF23A93F87841180F7504F613B
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012310301456000/amp4ads-v0.mjs
Frame ID: E636B444704215A5AE68B4EE4BE8F444
Requests: 16 HTTP requests in this frame

Frame: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 1AE18C0B5311CB4A378F0B7FE135B5B5
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN8DEJ7K15oEGM7QioECMAE&v=APEucNVFzOREuOOlG4wawr3H_9HqAG6hv_Z5V0vkiyDWj1ZDJUTwZ74sJJUBxvhJgDktcD53Qw0gM95P4NtvztR6g3OxrHCjhuNWyqT9H28OSnOiDIJZni4y-r1_rddMjs007T0OR_JTIRy28hs8RVluOE7hJZyMTIDWeJHxYfBwy9g9GRQ1KOfUoTL156MlSXfIAJXaXi4i
Frame ID: 19E36B77322599464436C3F6B6A55F9B
Requests: 5 HTTP requests in this frame

Frame: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: D29B573DA97388D91585A45B39DEB689
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: EF41C2B9EA11115339A3080EF86C9DC8
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN8DEJ7K15oEGPDf_4ACMAE&v=APEucNV-PF111fUaz8K7T28FuDSvS7SIw3FNSN0NNizg4eXuCkdnMNZOTjOL1taqy68swatD5QK16QcqJxSweyrKQUu-nqabUqwdypNNBh9Mm3YVykvAG_sL6aYu8u9566uZeoBoaUhw58sKznuMLLoMr23-MApNV4urj3_NBbN-G9so4yn-qnNzX1nhv0jktYYKu_1HV16L
Frame ID: 134510E2E5672E93EEC712D0EEFABCE8
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 15054AB427B940E57F64004F07B155DC
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 7BC264B4BFE4DE661CF4CDA901FFCE9E
Requests: 3 HTTP requests in this frame

Frame: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 60B5FF3C747553ABCDFB290B8E494D68
Requests: 1 HTTP requests in this frame

Frame: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 664C63D4B8F65654E2A5681A41FAAB6E
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYjIzo4gEwAQ&v=APEucNWcaKUP4H1cvi3hb2ouP-u3fgAf1FOSPB70DEHDT1T4xje_kBFGzkuG24ZWuigu5HgTYYYBcBxXSdWu3bGd5tWqjgfC7Py9AzRffhHVfMVUzkMQ8umT5Yg2EJh_Mtqa8QuqkzXkc4oSrDP_tSGA9e9RNJ0CpOaLTuWfMVj9cicFQQizKiWC3_e4THiYYFAxoOKQ6_Jr
Frame ID: D3BC51E8AE5E33208F404A3F86804FCD
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Frame ID: E2BAFA71ADDC2572092B4F41CF876EA2
Requests: 14 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 306A7E65A5414A993194F09FBC7BA16B
Requests: 9 HTTP requests in this frame

Frame: https://www.gstatic.com/mysidia/e21910fd923a6283b5d44b2382eabc86.js?tag=client_fast_engine_2019
Frame ID: E50607743558669778097816131F8EF7
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: DE738AB85C0A7871896BE941445BB179
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=ByrAIWnZ9X&t=1&renderingType=2&ev=01_250
Frame ID: 83774C01BD7050D8A5B3560F622CC704
Requests: 12 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 9400FE55A634863D7428906FDC612BB4
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js
Frame ID: B19FC5C73BD67367E0779787AE126A6E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 8950FEED56D708B515CCF2DD7E8E6375
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 2D236E2729DA1C4CC50B24F12324DCBA
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Frame ID: 056249E35E0EC8023B44BBC2277BA3F2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

3Upload – 3Upload – 3upload.comDownload TEXT rar

Page URL History Show full URLs

https://3upload.com/ib8g06clnxpy Page URL
https://lollty.pro/Skip1.php/?get=ib8g06clnxpy Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

OWL Carousel (Widgets) Expand

Overall confidence: 100%
Detected patterns

owl\.carousel.*\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

271
Requests

88 %
HTTPS

47 %
IPv6

46
Domains

64
Subdomains

48
IPs

7
Countries

4057 kB
Transfer

7229 kB
Size

43
Cookies

31 Outgoing links

These are links going to different origins than the main page.

URL: https://3upload.com/
Title: Home

Search URL Search Domain Scan URL

URL: https://3upload.com/premium.html
Title: Premium

Search URL Search Domain Scan URL

URL: https://3upload.com/make_money.html
Title: Make Money

Search URL Search Domain Scan URL

URL: https://3upload.com/?op=payment_proof
Title: Payment Proof

Search URL Search Domain Scan URL

URL: https://3upload.com/?op=my_account
Title: My Account

Search URL Search Domain Scan URL

URL: https://3upload.com/?op=my_files
Title: My Files

Search URL Search Domain Scan URL

URL: https://3upload.com/?op=my_reports
Title: Reports

Search URL Search Domain Scan URL

URL: https://3upload.com/?op=upload_form
Title: Upload

Search URL Search Domain Scan URL

URL: https://3upload.com/?op=news
Title: News

Search URL Search Domain Scan URL

URL: https://3upload.com/contact.html
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://3upload.com/tos.html
Title: Terms of service

Search URL Search Domain Scan URL

URL: https://3upload.com/faq.html
Title: FAQ

Search URL Search Domain Scan URL

URL: https://3upload.com/?op=payments
Title: Premium

Search URL Search Domain Scan URL

URL: https://3upload.com/?op=check_files
Title: Link Checker

Search URL Search Domain Scan URL

URL: https://3upload.com/?op=logout
Title: Logout

Search URL Search Domain Scan URL

URL: https://3upload.com/?op=admin_files
Title: Files

Search URL Search Domain Scan URL

URL: https://3upload.com/?op=admin_users
Title: Users

Search URL Search Domain Scan URL

URL: https://3upload.com/?op=admin_servers
Title: Servers

Search URL Search Domain Scan URL

URL: https://3upload.com/?op=admin_torrents
Title: Torrents

Search URL Search Domain Scan URL

URL: https://3upload.com/?op=admin_reports
Title: Abuses

Search URL Search Domain Scan URL

URL: https://3upload.com/?op=admin_news
Title: News

Search URL Search Domain Scan URL

URL: https://3upload.com/?op=admin_comments
Title: Comments

Search URL Search Domain Scan URL

URL: https://3upload.com/?op=admin_payments
Title: Payments

Search URL Search Domain Scan URL

URL: https://3upload.com/?op=admin_stats
Title: Statistics

Search URL Search Domain Scan URL

URL: https://3upload.com/?op=admin_external
Title: API Keys

Search URL Search Domain Scan URL

URL: https://3upload.com/?op=admin_settings
Title: Settings

Search URL Search Domain Scan URL

URL: https://3upload.com/?op=change_lang&lang=arabic
Title: Arabic

Search URL Search Domain Scan URL

URL: https://www.facebook.com/3Upload

Search URL Search Domain Scan URL

URL: https://3upload.com/?op=checkfiles
Title: Link Checker

Search URL Search Domain Scan URL

URL: https://3upload.com/links.html
Title: Links

Search URL Search Domain Scan URL

URL: https://sulvo.com/?utm_source=https://lollty.pro/&utm_adtype=sticky_display&utm_medium=sulvo

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://3upload.com/ib8g06clnxpy Page URL
https://lollty.pro/Skip1.php/?get=ib8g06clnxpy Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 104

https://oajs.openx.net/esp?url=https%3A%2F%2Flollty.pro%2F&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Flollty.pro%2F&rid=esp&cc=1

Request Chain 115

https://gum.criteo.com/sid/json?origin=publishertagids&domain=lollty.pro&sn=ChromeSyncframe&so=0&topUrl=lollty.pro&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=yl620XxjOHMycTdYUFFDV2FGUG5LYzg4SFRhQkk0MitFeWJMNU96OFg3emhuZDlRM1RHL0x6d3hGTnRuRDJMSzdvYkNrWWJkYkI5T1BsNGR3cWtFdmh0S003Nk1SWGx2dHdUVWtES0phaUY5a0o4QW1DMVRQRW1sb2cyZ3pma2VxUzZYUXZIUTVkTy9nZWZybHd0T2ZNRzUyV2lxQkZvdXRISFJldkkwYkNPbjZVcmZlWVNMemxBcnJabTJ0UGxWR2J1eHZ0Nlh5dkFWbkhheFl0MlpWM1dEUzlydjM4OVNyUVJqV0tCSVR5UTVEbXZ5WU5rZDBMYzcwUU5sZU9mK0xTekFQVHg2SDhNZVNRTEhWem9TSVJSQk96ejBRVWdLM2VCTzMvUFh2K01halVrdz18&cppv=2

Request Chain 154

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAEXHYOq76hL3msr5t-_Vs&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAEXHYOq76hL3msr5t-_Vs&google_cver=1&C=1

Request Chain 155

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZY3OtPFu0jWkyK87arNvXAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOpkRiZrhHv4k9a_sbt8ruI&google_cver=1

Request Chain 156

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEKoguhWR8vhy6Fuo_bHsc-I&google_cver=1

Request Chain 157

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQ4NzI3NjI5MjU2MjQyOTI4Mg%3D%3D

Request Chain 178

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOpkRiZrhHv4k9a_sbt8ruI&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOpkRiZrhHv4k9a_sbt8ruI&google_cver=1&C=1

Request Chain 179

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZY3OtNcZkaFnOkKFb0m3zgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOpkRiZrhHv4k9a_sbt8ruI&google_cver=1

Request Chain 180

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESELEXlhYfg3dU-5iI-LnE3cc&google_cver=1

Request Chain 181

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDgzNjUzMTg4MTQ0MDM0MzEwNA%3D%3D

Request Chain 185

https://a.tribalfusion.com/i.match?p=b6&u=CAESEIqwHog8NfKCNqIM0yXMl8E&google_cver=1&google_push=AXcoOmTbvUBZYjfTB6imoidB2C1k4AEfMn6WCXbCdDGyfnWNI44hOOETRUqtQwRtmFQ1yISwK1NYu7BAPU9Zuxow-pd0SCxdvQ&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmTbvUBZYjfTB6imoidB2C1k4AEfMn6WCXbCdDGyfnWNI44hOOETRUqtQwRtmFQ1yISwK1NYu7BAPU9Zuxow-pd0SCxdvQ%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEIqwHog8NfKCNqIM0yXMl8E&google_cver=1&google_push=AXcoOmTbvUBZYjfTB6imoidB2C1k4AEfMn6WCXbCdDGyfnWNI44hOOETRUqtQwRtmFQ1yISwK1NYu7BAPU9Zuxow-pd0SCxdvQ&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmTbvUBZYjfTB6imoidB2C1k4AEfMn6WCXbCdDGyfnWNI44hOOETRUqtQwRtmFQ1yISwK1NYu7BAPU9Zuxow-pd0SCxdvQ%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 186

https://um.simpli.fi/gp_match?google_gid=CAESEG23BSTsZbP6xzkwDr50cvE&google_cver=1&google_push=AXcoOmSASGqDmtUjEsS-viE1dCFA8fsV_Y-f-y82KoVbaMSdsG2MnqQ-O64VngqMyMgIpGQNGXExgtJtQAHApQOcD-w7-4mfmw8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=26154EFCA1B94EF397A78AC978118445&google_push=AXcoOmSASGqDmtUjEsS-viE1dCFA8fsV_Y-f-y82KoVbaMSdsG2MnqQ-O64VngqMyMgIpGQNGXExgtJtQAHApQOcD-w7-4mfmw8

Request Chain 187

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEJo52nw6NB23pAu3tdcnElo&google_cver=1&google_push=AXcoOmSztY84mDP36_9DvLrQ7h4WDkuhnb-Gob_s9kx1D70e_R24HmEq1cXyT7k2Jt6286DKREtxvA_gu0p8RViy2nMdSoF1tQ HTTP 302
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEJo52nw6NB23pAu3tdcnElo&google_push=AXcoOmSztY84mDP36_9DvLrQ7h4WDkuhnb-Gob_s9kx1D70e_R24HmEq1cXyT7k2Jt6286DKREtxvA_gu0p8RViy2nMdSoF1tQ&s=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmSztY84mDP36_9DvLrQ7h4WDkuhnb-Gob_s9kx1D70e_R24HmEq1cXyT7k2Jt6286DKREtxvA_gu0p8RViy2nMdSoF1tQ&google_hm=UjdPNEFxUV9UcjJBQkRYY0RLWmM=

Request Chain 189

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEJuzF8RAsXTcOZfBZoh1HFE&google_cver=1&google_push=AXcoOmSl5HK0-pXjHTmuIHjWUe37R5wBMEWZW_Beozk4M76HkyLyaapF2kAQaJaXTjt9B1_lT5oseOLy5hgovwlGcYYbaVc4EXY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSl5HK0-pXjHTmuIHjWUe37R5wBMEWZW_Beozk4M76HkyLyaapF2kAQaJaXTjt9B1_lT5oseOLy5hgovwlGcYYbaVc4EXY

Request Chain 190

https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEKfpi83d7CJkDi2sthu5VRY&google_cver=1&google_push=AXcoOmSUOjIf_Y2Se9iTO1l4wVn9zezgfw05HpfaRq7CSq_adcPE-UjMb_UkyqW3dFmEbPEgRc3KQHYlaEdrjsYOiGZx3IoCDr1r HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmSUOjIf_Y2Se9iTO1l4wVn9zezgfw05HpfaRq7CSq_adcPE-UjMb_UkyqW3dFmEbPEgRc3KQHYlaEdrjsYOiGZx3IoCDr1r

Request Chain 220

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmTCMm5f-GSGS5M23tu6MPUDwvF1uo5HUt1FfO8aD05gGTokr6m4AtnlsTMvayrMTGMRYF6Y0O09l22FGxEig57wXGM5_LEn&google_gid=CAESEEN9SAcUJZ_Tmts40_DE03Y&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-ZucVwsQIfR36GYi6YCWWrNVCbJidRjDUynPdPg&google_push=AXcoOmTCMm5f-GSGS5M23tu6MPUDwvF1uo5HUt1FfO8aD05gGTokr6m4AtnlsTMvayrMTGMRYF6Y0O09l22FGxEig57wXGM5_LEn

Request Chain 221

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPAFg9EvSf0fdApvdsqMS4I&google_cver=1&google_push=AXcoOmT2rwTNyJnQClvv8Yce_RcgGW6gERU8lt1RKplleFRB4vbpH40hysWtkk5RIIJqJCl6BsmtcpCM2odydpCH17Tv9wTyfrCR HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFFQTFk3NUgtSS02RVlB&google_push=AXcoOmT2rwTNyJnQClvv8Yce_RcgGW6gERU8lt1RKplleFRB4vbpH40hysWtkk5RIIJqJCl6BsmtcpCM2odydpCH17Tv9wTyfrCR

Request Chain 222

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEJzVswwgp3kV54EsYFHIJv0&google_cver=1&google_push=AXcoOmQZjQ0XGKxcEVmc__bCaP0PNyvv5QOnmNzykvCw-kPA8WNT7xvJKnk9XDqCILWU1bRR_fcj6PxcTTZF1LSOQ4oHcRl-k3KD HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AXcoOmQZjQ0XGKxcEVmc__bCaP0PNyvv5QOnmNzykvCw-kPA8WNT7xvJKnk9XDqCILWU1bRR_fcj6PxcTTZF1LSOQ4oHcRl-k3KD&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1703792308848 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-1b45fade-4e0f-44f5-88d6-d9b072be8780-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAXcoOmQZjQ0XGKxcEVmc__bCaP0PNyvv5QOnmNzykvCw-kPA8WNT7xvJKnk9XDqCILWU1bRR_fcj6PxcTTZF1LSOQ4oHcRl-k3KD%26google_hm%3DAxtF-t5OD0T1iNbZsHK-h4A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmQZjQ0XGKxcEVmc__bCaP0PNyvv5QOnmNzykvCw-kPA8WNT7xvJKnk9XDqCILWU1bRR_fcj6PxcTTZF1LSOQ4oHcRl-k3KD&google_hm=AxtF-t5OD0T1iNbZsHK-h4A

Request Chain 223

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEFhltcYWVhVKqCj68_ueUZc&google_cver=1&google_push=AXcoOmQ639aCpjMSDZZ9rhVmg6wiq8cVUjhmSXD9DTm4JnqoDzajftPdEmU9dJenUR9YBv7LL7xGzY-c6QsiP1-qKqNpP5keeWc HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AXcoOmQ639aCpjMSDZZ9rhVmg6wiq8cVUjhmSXD9DTm4JnqoDzajftPdEmU9dJenUR9YBv7LL7xGzY-c6QsiP1-qKqNpP5keeWc&google_gid=CAESEFhltcYWVhVKqCj68_ueUZc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTY2Njg2OTQ2ODE1Mjc3MDkyNTg5NA%3D%3D&google_push=AXcoOmQ639aCpjMSDZZ9rhVmg6wiq8cVUjhmSXD9DTm4JnqoDzajftPdEmU9dJenUR9YBv7LL7xGzY-c6QsiP1-qKqNpP5keeWc

Request Chain 224

https://cs.media.net/cksync?type=g&google_gid=CAESEJXfEJvS9H3bwEfxKiadbQc&google_cver=1&google_push=AXcoOmQZOiIZpa1ljUIwufsyueHo6DLXG8KS3R2ZcqPo8P-JZRhf31SO-pg04fsI3jFQs_vnLgqCEIN0t3QwatK6r5JPkG7fpZOC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzQ2NzkzOTA4ODI4MDk1NDAwMFYxMA%3d%3d&mn_hm=MzQ2NzkzOTA4ODI4MDk1NDAwMFYxMA%3d%3d&google_sc=1&google_push=AXcoOmQZOiIZpa1ljUIwufsyueHo6DLXG8KS3R2ZcqPo8P-JZRhf31SO-pg04fsI3jFQs_vnLgqCEIN0t3QwatK6r5JPkG7fpZOC&gdpr=&gdpr_consent=

Request Chain 225

https://gtrace.mediago.io/ju/cs/google?google_gid=CAESEFB8ob5J4beWXRc_z5Gidko&google_cver=1&google_push=AXcoOmTKlknk5_jC_bIjAc5vTDTqPi1jZasmSdaFD1u7Im5ncd4lU0fThsENfGn-ijynI41oKlnmbnD7AKKmFuiuNuJd3oN4heLfzw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmTKlknk5_jC_bIjAc5vTDTqPi1jZasmSdaFD1u7Im5ncd4lU0fThsENfGn-ijynI41oKlnmbnD7AKKmFuiuNuJd3oN4heLfzw&google_hm=f5ef61ca0828465f2kpsqf00lqply75y

Request Chain 226

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEC_tOnnu7Qmiq6CIb5rFHJQ&google_cver=1&google_push=AXcoOmQ00Vaji8hnLvmyvH4EdWup5jtvuwP3IzBOFdsMhb4EVmKQecePMagYBsWyKW8cITRyVTiWLb1ISkqatafLpqwtoFdFSl9V HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NDgzNjUzMTg4MTQ0MDM0MzEwNA%3D%3D&google_gid=CAESEC_tOnnu7Qmiq6CIb5rFHJQ&google_cver=1&google_push=AXcoOmQ00Vaji8hnLvmyvH4EdWup5jtvuwP3IzBOFdsMhb4EVmKQecePMagYBsWyKW8cITRyVTiWLb1ISkqatafLpqwtoFdFSl9V

Request Chain 229

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOpkRiZrhHv4k9a_sbt8ruI&google_cver=1

Request Chain 230

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZY3OtMJm.ox1ylHzkKSmQwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOpkRiZrhHv4k9a_sbt8ruI&google_cver=1&google_hm=2

Request Chain 231

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESELEXlhYfg3dU-5iI-LnE3cc&google_cver=1

Request Chain 232

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDgzNjUzMTg4MTQ0MDM0MzEwNA%3D%3D

Request Chain 241

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGiSyATQekR17Y7BjDDh94k&google_cver=1&google_push=AXcoOmSNPOOiIow-rvGAft3asz7WhLGsYMRZfmsjhyq5Iyhnm8v8aKsQSC202ERpyFaKX5S6n5y5U9TX0K1OFFEqhozGrRJcE-8OFA HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGiSyATQekR17Y7BjDDh94k&google_cver=1&google_push=AXcoOmSNPOOiIow-rvGAft3asz7WhLGsYMRZfmsjhyq5Iyhnm8v8aKsQSC202ERpyFaKX5S6n5y5U9TX0K1OFFEqhozGrRJcE-8OFA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=dGJweExkc2sxUmlXZDY1&google_gid=CAESEGiSyATQekR17Y7BjDDh94k&google_cver=1&google_push=AXcoOmSNPOOiIow-rvGAft3asz7WhLGsYMRZfmsjhyq5Iyhnm8v8aKsQSC202ERpyFaKX5S6n5y5U9TX0K1OFFEqhozGrRJcE-8OFA

Request Chain 242

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEDdW_fc7wds2anjP7Ykx5Z4&google_cver=1&google_push=AXcoOmQpc133DD91NrhJXgIrknizMvC9N1sFcVVSk2ktFsQmttOLcfspDP97KeqI10N4EH8EjKPylZLjSuQ6skYqxXSwUDXiGqrw8Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQpc133DD91NrhJXgIrknizMvC9N1sFcVVSk2ktFsQmttOLcfspDP97KeqI10N4EH8EjKPylZLjSuQ6skYqxXSwUDXiGqrw8Q&google_hm=eS1KQ2hJYksxRTJwSHJGM0pISjVTYmdOUS5kVkR6ZlBJNH5B

Request Chain 244

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEFs66ePyoICA2dLl4xpx2Ak&google_cver=1&google_push=AXcoOmSossF-owfo_w2H7XF0TBiK1l2OPiZDPTmepl8iJQbcFzb8oywtAcpMaJebuEHxPcnyJ-3sFmCm7PEwriMIZN9quPtitYfnSA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSossF-owfo_w2H7XF0TBiK1l2OPiZDPTmepl8iJQbcFzb8oywtAcpMaJebuEHxPcnyJ-3sFmCm7PEwriMIZN9quPtitYfnSA

Request Chain 247

https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEKWUElFIhoMEofXENw_dgtY&google_cver=1&google_push=AXcoOmQkEsICRw9K88k8FE7YZankSvvKneqyHIPUwUc_kQ-ddMFbZDQs9pnLypkc-sxv1xyDyGS4C5wsiMSIfLeKPib3vW8zfiyM5H8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmQkEsICRw9K88k8FE7YZankSvvKneqyHIPUwUc_kQ-ddMFbZDQs9pnLypkc-sxv1xyDyGS4C5wsiMSIfLeKPib3vW8zfiyM5H8

271 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK ib8g06clnxpy Show response
3upload.com/ 19 KB
20 KB 768ms
438ms Document
text/html 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://3upload.com/ib8g06clnxpy

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

nc-ph-4473.3upload.com

Software

nginx /

Resource Hash

38a14abf10435f2ae1d0a8c2269193fdd17d9efc89ae8a3eed0a8d1a9b8f5999

Security Headers

Name	Value
Strict-Transport-Security	max-age=0;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Thu, 28 Dec 2023 19:38:24 GMT
Expires: Wed, 27 Dec 2023 19:38:24 GMT
Server: nginx
Strict-Transport-Security: max-age=0;includeSubDomains;
Transfer-Encoding: chunked
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN

GET
H/1.1 200
OK style.css
3upload.com/new_theme/css/ 116 KB
116 KB 161ms
160ms Stylesheet
text/css 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/css/style.css
Requested by: Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: f1f06b0187473cbaec080254823a6440df39b17cca07f49ad4ad2f669e06a0bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/ib8g06clnxpy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:24 GMT
Last-Modified: Wed, 21 Aug 2019 01:59:06 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 118361

GET
H/1.1 200
OK jquery-1.9.1.min.js Show response
3upload.com/js/ 90 KB
91 KB 634ms
317ms Script
application/javascript 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/js/jquery-1.9.1.min.js
Requested by: Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/ib8g06clnxpy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:24 GMT
Last-Modified: Thu, 06 Sep 2018 10:41:39 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 92629

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 23 KB
6 KB 92ms
43ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 632, 617, 617
age: 4373232
cdn-cachedat: 2021-06-08 21:08:57
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: e6a55b08fe5091f45c9e99ce9e9f98c2
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 83cc436ffeda6973-FRA
cdn-requestpullsuccess: True

GET
H2 200 all.css
use.fontawesome.com/releases/v5.1.1/css/ 45 KB
10 KB 94ms
35ms Stylesheet
text/css 2606:4700:e2::ac40:8c0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.1.1/css/all.css
Requested by: Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8c0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d98121a51ed3f911f519cf42be28225dc26b4c9d61cfab0a580118e5c3447463

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:24 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 22 Sep 2023 01:44:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1344926
etag: W/"597b70b2ce6b1483f72526c906918fe9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NrDHMRRl7BSONFgeq4Q5eFBcwoYKIUe9rAZj5GoD6OM0jI7ATOe5jZc0ulyOw32cNFAClrjSHY3OmEXlnzD4bxj7cC4qE6kWFEf5tv3CIUK64T%2BLcFaZt%2FhFVYsotKDl6931hVHrPq3lveguWfMzBAx1"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 83cc437008bebbbb-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 v4-shims.css
use.fontawesome.com/releases/v5.1.1/css/ 26 KB
5 KB 93ms
34ms Stylesheet
text/css 2606:4700:e2::ac40:8c0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.1.1/css/v4-shims.css
Requested by: Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8c0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1458c65cd927c3e5bf35667665280eaaf849eef09ed217983334c5c8a78f6759

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:24 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 22 Sep 2023 01:44:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2393883
etag: W/"01727b5056f65c2ac938f5db4e552b10"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BevwUNnSXk%2Fbca8knifsH9b8Vs%2FZN0nKVGcjSrM49hu%2BQLk%2FDOiI1bwxkodPIrmyGdhLh0LikQ0aSxEVD7uwzrnd9l2G5VZxNPyoAOxGloIAr7%2FpHarJHeTvVJd8oIElOq9OahK4azv37oEKDLRZtTGa"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 83cc437008babbbb-FRA
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK style.css
3upload.com/css/ 78 KB
79 KB 632ms
317ms Stylesheet
text/css 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/css/style.css
Requested by: Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: bfb160e3aa942ad23ab4f1a99ce023d9d12bd107be26cd3bbdd77cb172cf6093

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/ib8g06clnxpy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:24 GMT
Last-Modified: Sat, 19 Mar 2022 10:18:56 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 80198

GET
H/1.1 200
OK jquery.paging.js Show response
3upload.com/js/ 19 KB
19 KB 634ms
317ms Script
application/javascript 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/js/jquery.paging.js
Requested by: Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/ib8g06clnxpy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:24 GMT
Last-Modified: Thu, 06 Sep 2018 10:41:39 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19365

GET
H/1.1 200
OK jquery.cookie.js Show response
3upload.com/js/ 3 KB
3 KB 477ms
159ms Script
application/javascript 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/js/jquery.cookie.js
Requested by: Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/ib8g06clnxpy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:24 GMT
Last-Modified: Thu, 06 Sep 2018 10:41:39 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3121

GET
H/1.1 200
OK paging.js Show response
3upload.com/js/ 2 KB
2 KB 482ms
161ms Script
application/javascript 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/js/paging.js?r=1
Requested by: Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: 66e55d8e51156fa72ee6b2b6c906d5062488688c2ce7832d2a00969df0453ddd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/ib8g06clnxpy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:24 GMT
Last-Modified: Tue, 02 May 2023 14:57:21 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1919

GET
H/1.1 200
OK logo_lgrey_new.png
3upload.com/ 5 KB
5 KB 158ms
158ms Image
image/png 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://3upload.com/logo_lgrey_new.png
Requested by: Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: b1e2ac6c387e138763b1ad7e998b6fc2b69e493532e280e75d738859c2a230da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/ib8g06clnxpy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:25 GMT
Last-Modified: Thu, 06 Jul 2023 12:05:40 GMT
Server: nginx
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4772
Content-Type: image/png

GET
H/1.1 403
Forbidden 8639343528bcb857ab22195fb7b28a21.js
dripgleamborrowing.com/86/39/34/ 0
0 1037ms
106ms Script
application/javascript 173.233.137.44
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://dripgleamborrowing.com/86/39/34/8639343528bcb857ab22195fb7b28a21.js
Requested by: Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.233.137.44 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: nginx/1.21.6 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:25 GMT
Server: nginx/1.21.6
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK jquery-3.3.1.min.js Show response
3upload.com/new_theme/js/ 85 KB
85 KB 159ms
159ms Script
application/javascript 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/js/jquery-3.3.1.min.js
Requested by: Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/ib8g06clnxpy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:25 GMT
Last-Modified: Sat, 10 Nov 2018 03:25:00 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 86927

GET
H/1.1 200
OK popper.min.js
3upload.com/new_theme/js/ 20 KB
20 KB 161ms
160ms Script
application/javascript 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/js/popper.min.js
Requested by: Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/ib8g06clnxpy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:25 GMT
Last-Modified: Sat, 10 Nov 2018 03:23:54 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 20337

GET
H/1.1 200
OK bootstrap.min.js
3upload.com/new_theme/js/ 50 KB
50 KB 159ms
159ms Script
application/javascript 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/js/bootstrap.min.js
Requested by: Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/ib8g06clnxpy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:25 GMT
Last-Modified: Sat, 10 Nov 2018 03:24:06 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 51039

GET
H/1.1 200
OK wow.min.js
3upload.com/new_theme/vendors/animate-css/ 6 KB
6 KB 159ms
159ms Script
application/javascript 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/vendors/animate-css/wow.min.js
Requested by: Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/ib8g06clnxpy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:25 GMT
Last-Modified: Sun, 17 Feb 2019 03:58:20 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6300

GET
H/1.1 200
OK owl.carousel.min.js
3upload.com/new_theme/vendors/owl-carousel/ 43 KB
44 KB 161ms
161ms Script
application/javascript 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/vendors/owl-carousel/owl.carousel.min.js
Requested by: Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/ib8g06clnxpy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:25 GMT
Last-Modified: Fri, 20 Apr 2018 21:52:10 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 44342

GET
H/1.1 200
OK theme.js
3upload.com/new_theme/js/ 5 KB
5 KB 160ms
160ms Script
application/javascript 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/js/theme.js
Requested by: Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/ib8g06clnxpy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:25 GMT
Last-Modified: Thu, 11 Jul 2019 00:34:00 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4716

GET
H/1.1 200
OK bootstrap.min.css
3upload.com/new_theme/css/ 181 KB
181 KB 165ms
162ms Stylesheet
text/css 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/css/bootstrap.min.css
Requested by: Host: 3upload.com
URL: https://3upload.com/new_theme/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: 66916f9a3b2aa5c8de06a6434037ba2e54d3dc12c3e6822700455561f8486bfe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/new_theme/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:25 GMT
Last-Modified: Thu, 30 May 2019 08:18:28 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 184960

GET all.css
3upload.com/use.fontawesome.com/releases/v5.9.0/css/ 0
0

GET
H/1.1 200
OK flaticon.css
3upload.com/new_theme/vendors/flat-icon/ 2 KB
3 KB 314ms
159ms Stylesheet
text/css 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/vendors/flat-icon/flaticon.css
Requested by: Host: 3upload.com
URL: https://3upload.com/new_theme/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: dae94c217dc1aa9352476e80cc72a8a938aaae1365f86d8d6a489aa22a0b1f9a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/new_theme/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:25 GMT
Last-Modified: Wed, 26 Jun 2019 23:04:06 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2515

GET
H/1.1 200
OK animate.css
3upload.com/new_theme/vendors/animate-css/ 86 KB
86 KB 474ms
317ms Stylesheet
text/css 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/vendors/animate-css/animate.css
Requested by: Host: 3upload.com
URL: https://3upload.com/new_theme/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: e25632c07d004b4b377578617758690d318aac9c1e73430f66d9adbedeffea43

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/new_theme/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:25 GMT
Last-Modified: Fri, 10 May 2019 08:26:30 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 87796

GET
H/1.1 200
OK owl.carousel.min.css
3upload.com/new_theme/vendors/owl-carousel/ 3 KB
4 KB 469ms
158ms Stylesheet
text/css 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/vendors/owl-carousel/owl.carousel.min.css
Requested by: Host: 3upload.com
URL: https://3upload.com/new_theme/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: aa7e59e6ec8871088cfeb47bac59a6475c815357deef042c61a5c3c965390546

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/new_theme/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:25 GMT
Last-Modified: Fri, 20 Apr 2018 21:52:10 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3352

GET
H/1.1 200
OK magnific-popup.css
3upload.com/new_theme/vendors/magnify-popup/ 10 KB
10 KB 472ms
158ms Stylesheet
text/css 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/vendors/magnify-popup/magnific-popup.css
Requested by: Host: 3upload.com
URL: https://3upload.com/new_theme/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: afce34d5aa267491fb12ec2686260a7552080c41bf2a02e04c55a555dc7347bd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/new_theme/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:25 GMT
Last-Modified: Thu, 18 Oct 2018 17:18:28 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9803

GET
H/1.1 200
OK nice-select.css
3upload.com/new_theme/vendors/bootstrap-selector/ 4 KB
4 KB 484ms
160ms Stylesheet
text/css 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/vendors/bootstrap-selector/nice-select.css
Requested by: Host: 3upload.com
URL: https://3upload.com/new_theme/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: 9d0ac96cb67cbd12672f78d7b6ebbf3ade3190bda4f178a22a3626c44cdfd30c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/new_theme/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:25 GMT
Last-Modified: Sat, 10 Feb 2018 00:24:44 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3909

GET
H/1.1 200
OK jquery-ui.min.css
3upload.com/new_theme/vendors/jquery-ui/ 30 KB
30 KB 565ms
160ms Stylesheet
text/css 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/vendors/jquery-ui/jquery-ui.min.css
Requested by: Host: 3upload.com
URL: https://3upload.com/new_theme/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: 4f279cbd2464bea089320c265be67c78dc639742a3865924e216ffde43bc3f2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/new_theme/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:25 GMT
Last-Modified: Sat, 10 Feb 2018 00:24:46 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 30747

GET
H2 200 css
fonts.googleapis.com/ 5 KB
955 B 82ms
29ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins:400,500,600,700,800&display=swap

Requested by

Host: 3upload.com
URL: https://3upload.com/new_theme/css/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d3e60bf923c38a6dc639c101f2fa183f8c8ae32d152e4385bbd70842918242ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 28 Dec 2023 19:38:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 28 Dec 2023 19:28:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 28 Dec 2023 19:38:25 GMT

GET
H2 200 ga.js
ssl.google-analytics.com/ 45 KB
17 KB 74ms
20ms Script
text/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 28 Dec 2023 17:54:57 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 6208
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17168
expires: Thu, 28 Dec 2023 19:54:57 GMT

GET
H/1.1 200
OK Primary Request / Show response
lollty.pro/Skip1.php/ 28 KB
29 KB 804ms
317ms Document
text/html 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy
Requested by: Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: d68bc1137be444d9f5aa9dbf125e7097a33655b1217f8159f83e2fc31f111b83

Request headers

Referer: https://3upload.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Thu, 28 Dec 2023 19:38:26 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding,User-Agent

GET
H/1.1 200
OK flags.png
3upload.com/images/ 15 KB
15 KB 159ms
158ms Image
image/png 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://3upload.com/images/flags.png
Requested by: Host: 3upload.com
URL: https://3upload.com/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:25 GMT
Last-Modified: Thu, 06 Sep 2018 10:41:39 GMT
Server: nginx
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15180
Content-Type: image/png

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 68ms
20ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,500,600,700,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://3upload.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 22 Dec 2023 19:20:06 GMT
x-content-type-options: nosniff
age: 519499
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 21 Dec 2024 19:20:06 GMT

GET
H2 200 fa-solid-900.woff2
use.fontawesome.com/releases/v5.1.1/webfonts/ 58 KB
59 KB 118ms
50ms Font
font/woff2 2606:4700:e2::ac40:8c0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.1.1/webfonts/fa-solid-900.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.1.1/css/all.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8c0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://use.fontawesome.com/releases/v5.1.1/css/all.css
Origin: https://3upload.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2561022
alt-svc: h3=":443"; ma=86400
content-length: 59604
last-modified: Fri, 22 Sep 2023 01:44:27 GMT
server: cloudflare
etag: "e8a92a29978352517c450b9a800b06cb"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HDKL9%2B5cSR6QxWE7PuoKRr8h17Fk2hKiMg3OHE%2FABBSPlbW35GDzWeiMYhNu4ScyG5G3JkV04WddL5DhXbinXSdVroLEsRC909w8L1coaE7Lg6yrzVdLyZvTzyGXivXu01CBNcVOcWMnS%2FKT37%2Bxr2zZ"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 83cc43773dda0494-CDG

GET
H/1.1 200
OK OpenSans-Regular.woff
3upload.com/css/font/ 66 KB
66 KB 218ms
160ms Font
font/woff 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/css/font/OpenSans-Regular.woff
Requested by: Host: 3upload.com
URL: https://3upload.com/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash

Request headers

Referer: https://3upload.com/css/style.css
Origin: https://3upload.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:25 GMT
Last-Modified: Tue, 08 Mar 2022 04:37:34 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: font/woff
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 67528

GET
H2 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
197 B 27ms
27ms Image
image/gif 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1099767970&utmhn=3upload.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Download%20Telegram%20%40membabibuta9%20(56)%20rar&utmhid=1303088614&utmr=-&utmp=%2Fib8g06clnxpy&utmht=1703792305794&utmac=UA-222273328-1&utmcc=__utma%3D131791437.862455627.1703792306.1703792306.1703792306.1%3B%2B__utmz%3D131791437.1703792306.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1562400857&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:25 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 up.js Show response
live.demand.supply/ 5 KB
3 KB 249ms
195ms Script
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/up.js

Requested by

Host: lollty.pro
URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

03b65b32e61446736a4169598612403d5ba9b2c6858a2e9f74d6e0ff8254a6de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-nf-request-id: 01HJD8EQQ0A457G4947E3BTSXY
date: Thu, 28 Dec 2023 19:38:26 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: HIT
age: 725
cf-polished: origSize=4807
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
server: cloudflare
etag: W/"38665c79490d50efad10a7c0bcca18c6-ssl-df"
cache-status: "Netlify Edge"; hit
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=1200,must-revalidate,stale-while-revalidate=3600
cf-ray: 83cc437c1e729223-FRA
link: <https://live.demand.supply/impl.v17.25.3.js>; rel=preload; as=script,<https://live.demand.supply/p4/v17-24-0/bG9sbHR5LnByby8=>; rel=preload; as=script
timing-allow-origin: *

GET
H/1.1 403
Forbidden 8639343528bcb857ab22195fb7b28a21.js
dripgleamborrowing.com/86/39/34/ 0
0 108ms
106ms Script
application/javascript 173.233.137.44
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://dripgleamborrowing.com/86/39/34/8639343528bcb857ab22195fb7b28a21.js
Requested by: Host: lollty.pro
URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.233.137.44 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: nginx/1.21.6 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:26 GMT
Server: nginx/1.21.6
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Connection: keep-alive
Content-Length: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 389 B
608 B 81ms
31ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=3upload.com&callback=_gfp_s_&client=ca-pub-4485722904051021&cookie=ID%3Dffacc299809de38b-22480ea790e2003f%3AT%3D1688645542%3ART%3D1688646981%3AS%3DALNI_Mb2N6AvbdtXE0uvKxGcYVgulT1kIA&gpic=UID%3D00000ca0b14e8fe8%3AT%3D1688645542%3ART%3D1688646981%3AS%3DALNI_MYodgLO1OppICJQLBsdxBHgBY4M0A

Requested by

Host: lollty.pro
URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a22ca156f7dc5a7b030e29373e4586c6d7f7030d7208c1ec49f53df0d5b8266a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 256
x-xss-protection: 0

GET
H3 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: lollty.pro
URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 28 Dec 2023 17:54:57 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 6210
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17168
expires: Thu, 28 Dec 2023 19:54:57 GMT

GET
H2 404 show_ads_impl_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307050101/ 0
0 110ms
56ms Script
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307050101/show_ads_impl_fy2021.js?bust=31075832
Requested by: Host: lollty.pro
URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 148 KB
51 KB 109ms
67ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4485722904051021

Requested by

Host: lollty.pro
URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4ec478e4f7e158845bf295fefbb4130aeee38a3d3e572c8bb54ebe24a52fde18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://lollty.pro/
Origin: https://lollty.pro
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:27 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51795
x-xss-protection: 0
server: cafe
etag: 16147924952789676553
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 19:38:27 GMT

GET
H/1.1 200
OK style.css
3upload.com/new_theme/css/ 116 KB
116 KB 164ms
162ms Stylesheet
text/css 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/css/style.css
Requested by: Host: lollty.pro
URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: f1f06b0187473cbaec080254823a6440df39b17cca07f49ad4ad2f669e06a0bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:26 GMT
Last-Modified: Wed, 21 Aug 2019 01:59:06 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 118361

GET
H/1.1 200
OK jquery-1.9.1.min.js Show response
3upload.com/js/ 90 KB
91 KB 161ms
159ms Script
application/javascript 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/js/jquery-1.9.1.min.js
Requested by: Host: lollty.pro
URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:26 GMT
Last-Modified: Thu, 06 Sep 2018 10:41:39 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 92629

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 23 KB
5 KB 41ms
40ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css

Requested by

Host: lollty.pro
URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 632, 617, 617
age: 4373234
cdn-cachedat: 2021-06-08 21:08:57
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: e6a55b08fe5091f45c9e99ce9e9f98c2
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 83cc437bcc306973-FRA
cdn-requestpullsuccess: True

GET
H2 200 all.css
use.fontawesome.com/releases/v5.1.1/css/ 45 KB
10 KB 35ms
33ms Stylesheet
text/css 2606:4700:e2::ac40:8c0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.1.1/css/all.css
Requested by: Host: lollty.pro
URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8c0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d98121a51ed3f911f519cf42be28225dc26b4c9d61cfab0a580118e5c3447463

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:26 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 22 Sep 2023 01:44:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1344928
etag: W/"597b70b2ce6b1483f72526c906918fe9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UJFWNHEYGj8CyUgqlLebQJeqESpBiEAgjQQIcD9emgy9DHPyxXt201Ek4rr7Z6NZA%2Fg9nvhzT%2F%2FyvWXJ6U8iDADFmt31mGOcJaVaDnOCZ8Evt4qoESbb26dgTHMMh35jdU57bJAkOOSiz%2F1j0NSbV4R6"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 83cc437bcabfbbbb-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 v4-shims.css
use.fontawesome.com/releases/v5.1.1/css/ 26 KB
4 KB 33ms
32ms Stylesheet
text/css 2606:4700:e2::ac40:8c0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.1.1/css/v4-shims.css
Requested by: Host: lollty.pro
URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8c0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1458c65cd927c3e5bf35667665280eaaf849eef09ed217983334c5c8a78f6759

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:26 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 22 Sep 2023 01:44:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2393885
etag: W/"01727b5056f65c2ac938f5db4e552b10"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=242k3quqCu%2FE%2FfWJMSRGq1%2BDJznCFop6RdpHG4Kt%2F7HrKrR06nTcC4LpS7k0Y9yNlYPSDwB6kCvaXZYoYh4srczFMpyNlQlXf180Qs3hA7n3dzaFsMeQxW4hks%2BQti79jDP20zqHMeOU13%2FsLDKc%2BLJw"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 83cc437bcac3bbbb-FRA
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK style.css
3upload.com/css/ 78 KB
79 KB 163ms
162ms Stylesheet
text/css 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/css/style.css
Requested by: Host: lollty.pro
URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: bfb160e3aa942ad23ab4f1a99ce023d9d12bd107be26cd3bbdd77cb172cf6093

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:26 GMT
Last-Modified: Sat, 19 Mar 2022 10:18:56 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 80198

GET
H/1.1 200
OK jquery.paging.js Show response
3upload.com/js/ 19 KB
19 KB 317ms
316ms Script
application/javascript 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/js/jquery.paging.js
Requested by: Host: lollty.pro
URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:26 GMT
Last-Modified: Thu, 06 Sep 2018 10:41:39 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19365

GET
H/1.1 200
OK jquery.cookie.js Show response
3upload.com/js/ 3 KB
3 KB 161ms
160ms Script
application/javascript 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/js/jquery.cookie.js
Requested by: Host: lollty.pro
URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:26 GMT
Last-Modified: Thu, 06 Sep 2018 10:41:39 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3121

GET
H/1.1 200
OK paging.js Show response
3upload.com/js/ 2 KB
2 KB 161ms
161ms Script
application/javascript 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/js/paging.js?r=1
Requested by: Host: lollty.pro
URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: 66e55d8e51156fa72ee6b2b6c906d5062488688c2ce7832d2a00969df0453ddd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:26 GMT
Last-Modified: Tue, 02 May 2023 14:57:21 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1919

GET
H2 404 integrator.js
adservice.google.com/adsid/ 0
0 93ms
30ms Script
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adservice.google.com/adsid/integrator.js?domain=3upload.com
Requested by: Host: lollty.pro
URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H/1.1 200
OK logo_lgrey_new.png
3upload.com/ 5 KB
5 KB 159ms
159ms Image
image/png 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://3upload.com/logo_lgrey_new.png
Requested by: Host: lollty.pro
URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: b1e2ac6c387e138763b1ad7e998b6fc2b69e493532e280e75d738859c2a230da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:26 GMT
Last-Modified: Thu, 06 Jul 2023 12:05:40 GMT
Server: nginx
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4772
Content-Type: image/png

GET
H/1.1 200
OK dashboard-menu.css
3upload.com/css/ 1 KB
1 KB 160ms
160ms Stylesheet
text/css 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/css/dashboard-menu.css
Requested by: Host: lollty.pro
URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: 2b57b39c75557cc23ef7e555543718c1bd84cd365116af3edaafac2da1ed1494

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:26 GMT
Last-Modified: Tue, 08 Mar 2022 04:37:34 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1050

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ 82 KB
30 KB 71ms
21ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

Requested by

Host: lollty.pro
URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 14:16:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19321
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29671
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Dec 2024 14:16:25 GMT

GET
H/1.1 200
OK jquery-3.3.1.min.js Show response
3upload.com/new_theme/js/ 85 KB
85 KB 166ms
159ms Script
application/javascript 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/js/jquery-3.3.1.min.js
Requested by: Host: lollty.pro
URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:27 GMT
Last-Modified: Sat, 10 Nov 2018 03:25:00 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 86927

GET
H/1.1 200
OK popper.min.js Show response
3upload.com/new_theme/js/ 20 KB
20 KB 162ms
158ms Script
application/javascript 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/js/popper.min.js
Requested by: Host: lollty.pro
URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: f7cbc01a310318defd4e31e4616543e2cf3baef5a47562c73ece4c0b716f157e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:27 GMT
Last-Modified: Sat, 10 Nov 2018 03:23:54 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 20337

GET
H/1.1 200
OK bootstrap.min.js Show response
3upload.com/new_theme/js/ 50 KB
50 KB 160ms
159ms Script
application/javascript 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/js/bootstrap.min.js
Requested by: Host: lollty.pro
URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:27 GMT
Last-Modified: Sat, 10 Nov 2018 03:24:06 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 51039

GET
H/1.1 200
OK wow.min.js Show response
3upload.com/new_theme/vendors/animate-css/ 6 KB
6 KB 162ms
161ms Script
application/javascript 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/vendors/animate-css/wow.min.js
Requested by: Host: lollty.pro
URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: dd90fdb6538987fe7975bd43803b1c7d8d62912a371c788caec32d016e09dca8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:27 GMT
Last-Modified: Sun, 17 Feb 2019 03:58:20 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6300

GET
H/1.1 200
OK owl.carousel.min.js Show response
3upload.com/new_theme/vendors/owl-carousel/ 43 KB
44 KB 160ms
159ms Script
application/javascript 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/vendors/owl-carousel/owl.carousel.min.js
Requested by: Host: lollty.pro
URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: a53c43f834b32309b084ea9314df8307e9c78cee2202c6e07f216ae4ae5b704d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:27 GMT
Last-Modified: Fri, 20 Apr 2018 21:52:10 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 44342

GET
H/1.1 200
OK theme.js Show response
3upload.com/new_theme/js/ 5 KB
5 KB 161ms
160ms Script
application/javascript 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/js/theme.js
Requested by: Host: lollty.pro
URL: https://lollty.pro/Skip1.php/?get=ib8g06clnxpy
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: ef2a613df2732e79fa085207620c7217bf3d24543562fa9c41838a5335525d83

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:27 GMT
Last-Modified: Thu, 11 Jul 2019 00:34:00 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4716

GET
H2 200 impl.v17.25.3.js Show response
live.demand.supply/ 88 KB
29 KB 127ms
127ms Script
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/impl.v17.25.3.js

Requested by

Host: lollty.pro
URL: https://lollty.pro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e80ccbe6fe88155e3bdff0b3860a79185986ccc01e184b511dbd71d78984650

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-nf-request-id: 01HHMB5M6VR796DJ5TDG5A1MWG
date: Thu, 28 Dec 2023 19:38:26 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: HIT
age: 1228707
cf-polished: origSize=90268
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
server: cloudflare
cache-status: "Netlify Edge"; fwd=miss
etag: W/"be287328393ceb6ed6a54fab7371dec0-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
timing-allow-origin: *
cf-ray: 83cc437d5fc49223-FRA

GET
H2 200 bG9sbHR5LnByby8= Show response
live.demand.supply/p4/v17-24-0/ 3 KB
1 KB 197ms
197ms Script
text/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/p4/v17-24-0/bG9sbHR5LnByby8=
Requested by: Host: lollty.pro
URL: https://lollty.pro/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 78283e24af27dcb4486f1205b44eb742e748e11ec09bc9abcfe059527f716ff3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:26 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=7200, stale-while-revalidate=3600, stale-if-error=84600
cf-ray: 83cc437d5fc79223-FRA
alt-svc: h3=":443"; ma=86400

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
478 B 160ms
134ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?e=ll&d=250&cs=c&dsReferer=bG9sbHR5LnByby8=

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/up.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-nf-request-id: 01HGAVP3F4929PJKMKJF614G1K
date: Thu, 28 Dec 2023 19:38:26 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 1611837
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "a49e9f0a501edbf396bf43092ec1efa3-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 83cc437d78243637-FRA

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 90 KB
29 KB 120ms
69ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/up.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6b36e829bb9ddb8c9f053eb9ab4da2bb968538da89d18aa92a8e10f299f007db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:27 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29507
x-xss-protection: 0
server: cafe
etag: 221 / 19719 / m202312060101 / config-hash: 17400476758908410755
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 28 Dec 2023 19:38:27 GMT

GET
H3 200 ds.2.html Show response
live.demand.supply/ 413 B
623 B 59ms
33ms XHR
text/html 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/ds.2.html

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/up.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bdd1579c84daab8cdd1e5a4f71b546c9eaa6a76418f83e0215c573523614c309

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-nf-request-id: 01HFPBA596HH9PPYZSMGW0NQQH
date: Thu, 28 Dec 2023 19:38:26 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 2369305
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000,immutable,stale-if-error=604800
timing-allow-origin: *
cf-ray: 83cc437d78263637-FRA
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK bootstrap.min.css
3upload.com/new_theme/css/ 181 KB
181 KB 164ms
161ms Stylesheet
text/css 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/css/bootstrap.min.css
Requested by: Host: 3upload.com
URL: https://3upload.com/new_theme/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: 66916f9a3b2aa5c8de06a6434037ba2e54d3dc12c3e6822700455561f8486bfe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/new_theme/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:26 GMT
Last-Modified: Thu, 30 May 2019 08:18:28 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 184960

GET
H/1.1 200
OK all.css
3upload.com/use.fontawesome.com/releases/v5.9.0/css/ 0
0 246ms
243ms Stylesheet
text/html 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/use.fontawesome.com/releases/v5.9.0/css/all.css
Requested by: Host: 3upload.com
URL: https://3upload.com/new_theme/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/new_theme/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H/1.1 200
OK flaticon.css
3upload.com/new_theme/vendors/flat-icon/ 2 KB
3 KB 162ms
158ms Stylesheet
text/css 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/vendors/flat-icon/flaticon.css
Requested by: Host: 3upload.com
URL: https://3upload.com/new_theme/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: dae94c217dc1aa9352476e80cc72a8a938aaae1365f86d8d6a489aa22a0b1f9a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/new_theme/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:26 GMT
Last-Modified: Wed, 26 Jun 2019 23:04:06 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2515

GET
H/1.1 200
OK animate.css
3upload.com/new_theme/vendors/animate-css/ 86 KB
86 KB 163ms
159ms Stylesheet
text/css 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/vendors/animate-css/animate.css
Requested by: Host: 3upload.com
URL: https://3upload.com/new_theme/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: e25632c07d004b4b377578617758690d318aac9c1e73430f66d9adbedeffea43

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/new_theme/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:26 GMT
Last-Modified: Fri, 10 May 2019 08:26:30 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 87796

GET
H/1.1 200
OK owl.carousel.min.css
3upload.com/new_theme/vendors/owl-carousel/ 3 KB
4 KB 311ms
158ms Stylesheet
text/css 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/vendors/owl-carousel/owl.carousel.min.css
Requested by: Host: 3upload.com
URL: https://3upload.com/new_theme/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: aa7e59e6ec8871088cfeb47bac59a6475c815357deef042c61a5c3c965390546

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/new_theme/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:27 GMT
Last-Modified: Fri, 20 Apr 2018 21:52:10 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3352

GET
H/1.1 200
OK magnific-popup.css
3upload.com/new_theme/vendors/magnify-popup/ 10 KB
10 KB 317ms
160ms Stylesheet
text/css 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/vendors/magnify-popup/magnific-popup.css
Requested by: Host: 3upload.com
URL: https://3upload.com/new_theme/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: afce34d5aa267491fb12ec2686260a7552080c41bf2a02e04c55a555dc7347bd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/new_theme/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:27 GMT
Last-Modified: Thu, 18 Oct 2018 17:18:28 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9803

GET
H/1.1 200
OK nice-select.css
3upload.com/new_theme/vendors/bootstrap-selector/ 4 KB
4 KB 324ms
158ms Stylesheet
text/css 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/vendors/bootstrap-selector/nice-select.css
Requested by: Host: 3upload.com
URL: https://3upload.com/new_theme/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: 9d0ac96cb67cbd12672f78d7b6ebbf3ade3190bda4f178a22a3626c44cdfd30c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/new_theme/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:27 GMT
Last-Modified: Sat, 10 Feb 2018 00:24:44 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3909

GET
H/1.1 200
OK jquery-ui.min.css
3upload.com/new_theme/vendors/jquery-ui/ 30 KB
30 KB 470ms
158ms Stylesheet
text/css 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://3upload.com/new_theme/vendors/jquery-ui/jquery-ui.min.css
Requested by: Host: 3upload.com
URL: https://3upload.com/new_theme/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: 4f279cbd2464bea089320c265be67c78dc639742a3865924e216ffde43bc3f2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/new_theme/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:27 GMT
Last-Modified: Sat, 10 Feb 2018 00:24:46 GMT
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 30747

GET
H2 200 css
fonts.googleapis.com/ 5 KB
751 B 33ms
31ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins:400,500,600,700,800&display=swap

Requested by

Host: 3upload.com
URL: https://3upload.com/new_theme/css/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d3e60bf923c38a6dc639c101f2fa183f8c8ae32d152e4385bbd70842918242ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 28 Dec 2023 19:38:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 28 Dec 2023 19:37:54 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 28 Dec 2023 19:38:26 GMT

GET
H2 404 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230628/r20190131/ Frame 136E 0
412 B 109ms
58ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230628/r20190131/zrt_lookup.html

Requested by

Host: lollty.pro
URL: https://lollty.pro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://lollty.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 19:38:27 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK flags.png
3upload.com/images/ 15 KB
15 KB 160ms
160ms Image
image/png 199.85.210.80
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://3upload.com/images/flags.png
Requested by: Host: 3upload.com
URL: https://3upload.com/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 199.85.210.80 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: nc-ph-4473.3upload.com
Software: nginx /
Resource Hash: 0787e30d6145bc8b8b92ed329f664bcc3012162ccba9ef943d7ada480afb74e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3upload.com/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 19:38:27 GMT
Last-Modified: Thu, 06 Sep 2018 10:41:39 GMT
Server: nginx
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15180
Content-Type: image/png

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 21ms
20ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,500,600,700,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://lollty.pro
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 22 Dec 2023 19:20:06 GMT
x-content-type-options: nosniff
age: 519501
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 21 Dec 2024 19:20:06 GMT

GET
H2 200 fa-solid-900.woff2
use.fontawesome.com/releases/v5.1.1/webfonts/ 58 KB
59 KB 45ms
44ms Font
font/woff2 2606:4700:e2::ac40:8c0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.1.1/webfonts/fa-solid-900.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.1.1/css/all.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8c0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b82ad8fbcf9bf844726f648ef268b74f8c2f668f56eafd98b05703e086ff1d5b

Request headers

Referer: https://use.fontawesome.com/releases/v5.1.1/css/all.css
Origin: https://lollty.pro
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:27 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2560383
alt-svc: h3=":443"; ma=86400
content-length: 59604
last-modified: Fri, 22 Sep 2023 01:44:27 GMT
server: cloudflare
etag: "e8a92a29978352517c450b9a800b06cb"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dV2es3NqJsdP14Xbt53YRY9hmJ7HXsHpwE7K4QlDZt%2FOw5ttt6atZ%2BjphwosKoOq%2Bvj4EIlx3gTaaX67HJ4CgtucXAWpyF6aMGXJgrfq%2F1RrpMl3IbTkv%2FGRq1tz5M9FDHwirwOoHRsrth4t1uEnfzZa"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 83cc4380ec600494-CDG

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 24ms
23ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,500,600,700,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://lollty.pro
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 03:33:07 GMT
x-content-type-options: nosniff
age: 230720
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7816
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Dec 2024 03:33:07 GMT

GET
H2 200 fa-regular-400.woff2
use.fontawesome.com/releases/v5.1.1/webfonts/ 15 KB
15 KB 41ms
41ms Font
font/woff2 2606:4700:e2::ac40:8c0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.1.1/webfonts/fa-regular-400.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.1.1/css/all.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8c0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0fefffa15777b279ce61a06932e05bade8fcb729dd9bee04e93fcdd21e8f4552

Request headers

Referer: https://use.fontawesome.com/releases/v5.1.1/css/all.css
Origin: https://lollty.pro
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:27 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2483467
alt-svc: h3=":443"; ma=86400
content-length: 14920
last-modified: Fri, 22 Sep 2023 01:44:27 GMT
server: cloudflare
etag: "930c12643983f664f026b6e65300f09d"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DskMaqzI7ktc9MRVtLaxcqk6p8G1IysXXzPkAuCrN0PbSuTEriLdYaFh%2BTj6lBV%2BF1%2FS6Rs7qknR9W7s2SYAYlGCtSJs8%2FoC35w2uJvMcDloKcUCCiEN7agmxY21Prnp2UyY%2FZkUo%2FEHQ5DD2zjVjwbV"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 83cc4380ec620494-CDG

GET OpenSans-Regular.woff
3upload.com/css/font/ 0
0

GET
H2 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 648F 603 B
221 B 377ms
349ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485722904051021&output=html&adk=1812271804&adf=3025194257&lmt=1688647068&plat=1%3A16777216%2C2%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2F3upload.com%2Fbuk3llhurtlc&ea=0&pra=5&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE0LjAuNTczNS4xOTkiLFtdLDAsbnVsbCwiNjQiLFtbIk5vdC5BL0JyYW5kIiwiOC4wLjAuMCJdLFsiQ2hyb21pdW0iLCIxMTQuMC41NzM1LjE5OSJdLFsiR29vZ2xlIENocm9tZSIsIjExNC4wLjU3MzUuMTk5Il1dLDBd&dt=1688647068464&bpp=386&bdt=24&idt=386&shv=r20230628&mjsv=m202307050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dffacc299809de38b-22480ea790e2003f%3AT%3D1688645542%3ART%3D1688646981%3AS%3DALNI_Mb2N6AvbdtXE0uvKxGcYVgulT1kIA&gpic=UID%3D00000ca0b14e8fe8%3AT%3D1688645542%3ART%3D1688646981%3AS%3DALNI_MYodgLO1OppICJQLBsdxBHgBY4M0A&nras=1&correlator=3963259299356&frm=20&pv=2&ga_vid=565754033.1688645529&ga_sid=1688645529&ga_hid=430499464&ga_fc=1&u_tz=180&u_his=3&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1903&bih=969&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C31075630%2C44759876%2C31075832%2C44788442&oid=2&pvsid=3195434146881601&tmod=1450534492&uas=0&nvt=2&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1920%2C0%2C1920%2C1040%2C1920%2C969&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=400

Requested by

Host: lollty.pro
URL: https://lollty.pro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://lollty.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 19:38:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 fa-brands-400.woff2
use.fontawesome.com/releases/v5.1.1/webfonts/ 62 KB
62 KB 45ms
45ms Font
font/woff2 2606:4700:e2::ac40:8c0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.1.1/webfonts/fa-brands-400.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.1.1/css/all.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8c0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a5a197947223babcd9e0e759e9284202d70ce33b9f8d7e6ffd3f5bce5fec649

Request headers

Referer: https://use.fontawesome.com/releases/v5.1.1/css/all.css
Origin: https://lollty.pro
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:27 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2649624
alt-svc: h3=":443"; ma=86400
content-length: 63272
last-modified: Fri, 22 Sep 2023 01:44:27 GMT
server: cloudflare
etag: "66f625f1d99357cb1559bea25c827270"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EsKes%2BbQW%2FcMMuJInNAXpT4UurZluuguadUHeF2P3za5bHwobUe%2F56FIaX3dn5uiRel1SeczMC4C0G1dPEAWkb4wK6Qr65ALk0QpT3E7wz14QWFGWYsDpXwanH1wXA1te%2B5znUDvvoCbvmFvCLgCW0ga"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 83cc43810c8a0494-CDG

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 23ms
23ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,500,600,700,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://lollty.pro
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 09:01:24 GMT
x-content-type-options: nosniff
age: 211023
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7748
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Dec 2024 09:01:24 GMT

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 20ms
20ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:400,500,600,700,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://lollty.pro
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 25 Dec 2023 18:54:06 GMT
x-content-type-options: nosniff
age: 261861
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8000
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 24 Dec 2024 18:54:06 GMT

GET
H3 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
54 B 29ms
29ms Image
image/gif 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1689127489&utmhn=lollty.pro&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=3Upload%20%E2%80%93%203Upload%20%E2%80%93%203upload.com&utmhid=1596979508&utmr=https%3A%2F%2F3upload.com%2F&utmp=%2F&utmht=1703792307354&utmac=UA-222273328-1&utmcc=__utma%3D109180184.468208656.1703792307.1703792307.1703792307.1%3B%2B__utmz%3D109180184.1703792307.1.1.utmcsr%3D3upload.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2F%3B&utmjid=446295213&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~

Requested by

Host: lollty.pro
URL: https://lollty.pro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 lollty.pro_fluid_sq_square0009 Show response
live.demand.supply/cp/ 30 B
373 B 381ms
381ms XHR
text/plain 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/lollty.pro_fluid_sq_square0009?mlcu=null&mlos=wi&mlbr=ch&mlla=en&dsReferer=bG9sbHR5LnByby8=
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.25.3.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 20e1aefdc3e9fad719ab19cd548be65e7a71d172d7ff92bf2b7232699e0ff802

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:27 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 83cc43814dba3637-FRA
alt-svc: h3=":443"; ma=86400
content-length: 30

GET
H3 200 lollty.pro_fluid_sq_3upload001 Show response
live.demand.supply/cp/ 29 B
370 B 360ms
360ms XHR
text/plain 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/lollty.pro_fluid_sq_3upload001?mlcu=null&mlos=wi&mlbr=ch&mlla=en&dsReferer=bG9sbHR5LnByby8=
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.25.3.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fb1f1f32a4dc6dcb8683006d842fe5d5a2f2c37abdae5afd55cfe2d8cd426923

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:27 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 83cc43814dc03637-FRA
alt-svc: h3=":443"; ma=86400
content-length: 29

GET
H3 200 lollty.pro_fluid_sq_3upload002 Show response
live.demand.supply/cp/ 30 B
372 B 273ms
273ms XHR
text/plain 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://live.demand.supply/cp/lollty.pro_fluid_sq_3upload002?mlcu=null&mlos=wi&mlbr=ch&mlla=en&dsReferer=bG9sbHR5LnByby8=
Requested by: Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.25.3.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f47e1f525f6e5dc4532745b19a4b5f49c5b363abfafb7e0219b5c56d49ed7584

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:27 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cache-control: private,max-age=3600
cf-ray: 83cc43814dc33637-FRA
alt-svc: h3=":443"; ma=86400
content-length: 30

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/ 431 KB
135 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

108cdb682e1d256ba58174d96775ec12fe2e9515ffa2ca7edfff49343a4d97ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 10:14:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33831
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138180
x-xss-protection: 0
server: cafe
etag: 6854214708762155125
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Fri, 27 Dec 2024 10:14:36 GMT

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D51A 829 B
1 KB 77ms
29ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: lollty.pro
URL: https://lollty.pro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3def8c1407a25c6fa88e21e82bed1b0d61d6710a98b21115a4c163d4743977e0

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-3cYJ9_l3PZGVaHCwSBkDHA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://lollty.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-3cYJ9_l3PZGVaHCwSBkDHA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 19:38:27 GMT
expires: Thu, 28 Dec 2023 19:38:27 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

HEAD
H3 200 e.js Show response
live.demand.supply/x/ 0
481 B 31ms
31ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/x/e.js?ce=fs&dsReferer=bG9sbHR5LnByby8=

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.25.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-nf-request-id: 01HGD08N1DMR5NQDW602C8NRQ9
date: Thu, 28 Dec 2023 19:38:27 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 2480381
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "54863d6286da298ff963ed522a1a229b-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 83cc4381dea73637-FRA

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
478 B 35ms
35ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?r=lollty.pro_auto_interstitial_desktop&sn=1&ific=true&e=iar2&dsReferer=bG9sbHR5LnByby8=

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.25.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-nf-request-id: 01HGAVP3F4929PJKMKJF614G1K
date: Thu, 28 Dec 2023 19:38:27 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 1611838
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "a49e9f0a501edbf396bf43092ec1efa3-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 83cc43823f303637-FRA

GET
H2 200 ob.js Show response
cdn-ima.33across.com/ 11 KB
5 KB 97ms
31ms Script
application/javascript 172.64.152.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-ima.33across.com/ob.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.152.89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c707d5798e40035ef5aa307db04e295703514d654b1e65fa62b04492c687c255

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:27 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 20 Dec 2023 19:21:40 GMT
server: cloudflare
age: 84784
etag: W/"65833ec4-2d18"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 83cc4382b8a644fe-TXL
expires: Sun, 31 Dec 2023 19:38:27 GMT

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 68ms
20ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 19:42:46 GMT
content-encoding: gzip
age: 1900541
x-guploader-uploadid: ABPtcPq15xIbIbXY6nprd-JVTBV0iLqfJkZsVBJ80bNsn3tMHDeQ1lbSePmHUH3XGm2QieXvuw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Thu, 05 Dec 2024 19:42:46 GMT

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 42 KB
13 KB 146ms
72ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

30fe2b25061c04e45888d4eccbe63e113ad09715a8ee40d87485f188a526aa2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 21 Dec 2023 07:50:16 GMT
server: nginx
etag: W/"6583ee38-a9b8"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 29 Dec 2023 19:38:27 GMT

GET
H2 200 connectId-gpt.js Show response
connectid.analytics.yahoo.com/ 9 KB
9 KB 100ms
27ms Script
application/javascript 2600:9000:2104:7e00:10:dd8:5e40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://connectid.analytics.yahoo.com/connectId-gpt.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2104:7e00:10:dd8:5e40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

c7f6468c8ac1542980b2d5f637fa933d7d00d2c6ff6690e34505d2aed0c0e23a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:02:04 GMT
via: 1.1 ed3a324a0ea0d1dfe339969855915050.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'
x-amz-cf-pop: AMS1-C1
age: 2184
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 8730
x-amz-expiration: expiry-date="Tue, 17 Oct 2028 00:00:00 GMT", rule-id="webapp-standard-lifecycle"
last-modified: Tue, 17 Oct 2023 13:17:45 GMT
server: AmazonS3
etag: "c46e30de24d0f12167e302e9e32ff4a5"
content-type: application/javascript
cache-control: max-age=3600
accept-ranges: bytes
x-amz-cf-id: AnsFcW_gv8S7MDhszYT_drca870l76t7tfKoJTsKxkzYM4Enol2R7g==

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
1 KB 79ms
35ms Script
application/javascript 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 13076
x-jsd-version: master
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230065-FRA
x-jsd-version-type: branch
server: cloudflare
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vEgzCL8h7mEPNCg0s44w1VMaAGYfIKRHBsk6O%2BsY1xdmRQFfWknUTEqSDwR6azzilAF6HtnrFrEhh%2BspJA9BJxkpX3tT6JtqTZDVJU%2BK52roiVeZvsnZ0%2BoDg9S3YAb5Tz9XDEblft2cCLlOBIs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 83cc43829b765d81-FRA

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 152 KB
34 KB 77ms
34ms Script
text/javascript 2606:4700:10::ac43:266a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65d03eb82a79a732d7c0180593c4f5dc98a8fac5c20c3a5446c4f14bf93d280a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:27 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 07 Dec 2023 12:57:20 GMT
server: cloudflare
x-amz-request-id: BXQW886E0JMDRM75
age: 569
etag: W/"5fcefeebf5ddc7b2ddf2435967e63de9"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 83cc43829de2043a-FRA
x-amz-id-2: C6l/7XLn98EQZ/Zj9l9kF387/ygFaO4zvyYZnP4YDLscsR/q/7QSzfA5vPS58KYId4Yr1z00NDl7/UwyqIqCiQ==

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 1 KB
1 KB 84ms
36ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:27 GMT
via: 1.1 google, 1.1 google
last-modified: Thu, 03 Aug 2023 03:28:51 GMT
server: Google Frontend
etag: fc4e6bfe266081c4873c6f08c8298e5c
content-type: text/javascript; charset=utf-8
x-cloud-trace-context: 4ae09121140c1525cca2cb20d35602d3
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1207

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 3 KB
3 KB 108ms
28ms Script
text/javascript 2600:9000:2447:ec00:a:e047:753:a221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2447:ec00:a:e047:753:a221 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 28 Dec 2023 06:09:04 GMT
x-amz-version-id: KP_OVZMS6roEW_XJdOd.KnSEmM8GWiP3
Via: 1.1 f75afc04e5fb2b66fe286e4f840886c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS58-P5
Age: 48564
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 2776
Last-Modified: Thu, 19 Oct 2023 06:40:11 GMT
Server: AmazonS3
ETag: "a3a9a9ee8e72db69d54e805f0586c651"
Content-Type: text/javascript
Accept-Ranges: bytes
X-Amz-Cf-Id: irL7NOBbhAyvtISkpCmMtvKPlFt4Xzd4dlCFQDeTuX27JJbrv2qn6w==

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 39 KB
12 KB 95ms
30ms Script
text/javascript 18.239.18.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.18.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-18-33.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 05:37:13 GMT
content-encoding: gzip
via: 1.1 552fc57e69ec905c4246244771e7453a.cloudfront.net (CloudFront)
last-modified: Wed, 06 Sep 2023 15:56:57 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P6
age: 50475
x-amz-server-side-encryption: AES256
etag: W/"e073e71ed7a44e6f9cdd72904fda5940"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: qpw0OVC0gflmkftUBNAhQQ1dKbBwaYTgXKsAdvlQ3mWBIBRWnzv7qw==

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 1 KB
720 B 395ms
395ms Fetch
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1069012116819260&correlator=3662442049423209&eid=31079525&output=ldjh&gdfp_req=1&vrg=202312060101&ptt=17&impl=fif&iu_parts=44890869%3A22866007907%2Cca-pub-3831894559014614-tag%2C10155e50-cca4-4f8c-b4e1-7755bca3b1fe&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=1&sfv=1-0-40&ists=1&fas=8&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1703792307558&lmt=1703792307&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=1&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Flollty.pro%2F&ref=https%3A%2F%2F3upload.com%2F&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=468208656.1703792307&ga_sid=1703792307&ga_hid=1596979508&ga_fc=true&a3p=EhgKCXlhaG9vLmNvbRjk2r2PyzFIAFICCGQSHAoNY3J3ZGNudHJsLm5ldBjl2r2PyzFIAFICCGQSGwoMMzNhY3Jvc3MuY29tGOTavY_LMUgAUgIIZBIZCgpwdWJjaWQub3JnGOTavY_LMUgAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRjk2r2PyzFIAFICCGQSFwoIcnRiaG91c2UY5dq9j8sxSABSAghkEhQKBW9wZW54GOTavY_LMUgAUgIIZBIZCgp1aWRhcGkuY29tGOXavY_LMUgAUgIIZBIbCgxpZDUtc3luYy5jb20Y5dq9j8sxSABSAghk&dlt=1703792306512&idt=1028&prev_scp=ti%3D393f7ba6-e3cb-4fd8-b079-c2f43ae10ac6%26interstitials-bid%3D3%26bid-p%3Dgoogle%26bsc%3D83&adks=3282742103&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bcd19a24efaf550f22efecc709b55b457eef3ac4818ae9c981f700375f2486bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:27 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 689
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://lollty.pro
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 810 B
416 B 438ms
438ms Fetch
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1069012116819260&correlator=2488793660743962&eid=31079525&output=ldjh&gdfp_req=1&vrg=202312060101&ptt=17&impl=fif&iu_parts=44890869%3A22866007907%2Cca-pub-3831894559014614-tag%2Ca9b043ea-eb0c-4ea0-9ee0-7ffc5ccfe7d4&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=2&sfv=1-0-40&ists=1&fas=1&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1703792307564&lmt=1703792307&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=2&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Flollty.pro%2F&ref=https%3A%2F%2F3upload.com%2F&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=468208656.1703792307&ga_sid=1703792307&ga_hid=1596979508&ga_fc=true&a3p=EhgKCXlhaG9vLmNvbRjk2r2PyzFIAFICCGQSHAoNY3J3ZGNudHJsLm5ldBjl2r2PyzFIAFICCGQSGwoMMzNhY3Jvc3MuY29tGOTavY_LMUgAUgIIZBIZCgpwdWJjaWQub3JnGOTavY_LMUgAUgIIZBIdCg5lc3AuY3JpdGVvLmNvbRjk2r2PyzFIAFICCGQSFwoIcnRiaG91c2UY5dq9j8sxSABSAghkEhQKBW9wZW54GOTavY_LMUgAUgIIZBIZCgp1aWRhcGkuY29tGOXavY_LMUgAUgIIZBIbCgxpZDUtc3luYy5jb20Y5dq9j8sxSABSAghk&dlt=1703792306512&idt=1028&prev_scp=ti%3D393f7ba6-e3cb-4fd8-b079-c2f43ae10ac6%26interstitials-bid%3D0.6%26bid-p%3Dgoogle%26stt%3Dbhs%26bsc%3D83&adks=1999241053&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e02e9f678aa7335580a378a9699afe72d4bb88dab92866f6d3d613c5251576ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:27 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 385
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://lollty.pro
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 4324 6 KB
3 KB 101ms
29ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://lollty.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 19:38:27 GMT
expires: Fri, 27 Dec 2024 19:38:27 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/ 39 KB
14 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl_page_level_ads.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

04d549a4f168546afdc3608bc6ef4ad67a16a2bf2baf8c6770f88f524c924d11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 10:17:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33655
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13835
x-xss-protection: 0
server: cafe
etag: 9174524701941205614
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Fri, 27 Dec 2024 10:17:32 GMT

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Flollty.pro%2F&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Flollty.pro%2F&rid=esp&cc=1

85 B
195 B

134ms
134ms

Fetch
application/json

34.120.107.143
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Flollty.pro%2F&rid=esp&cc=1
Requested by: Host: lollty.pro
URL: https://lollty.pro/
Protocol: H2
Server: 34.120.107.143 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 143.107.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: c76398220dc3ef206cd1ed74cf485e6689431b8568776f9e22ee65b574cc6a67

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:27 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-WbWMNHtqZkwXOW0JGjLof/wCKFw"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://lollty.pro
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Thu, 28 Dec 2023 19:38:27 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://lollty.pro
location: /esp?url=https%3A%2F%2Flollty.pro%2F&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 204 increment Show response
id5-sync.com/api/esp/ 0
226 B 73ms
20ms XHR
text/plain 162.19.138.83
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.83 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31532338.ip-162-19-138.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://lollty.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://lollty.pro
date: Thu, 28 Dec 2023 19:38:26 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 60 B
331 B 151ms
48ms XHR
application/json 108.128.142.196
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.142.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-142-196.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 4f0014d85e7457ee81eb6f09676240ee687fb0057804f01c82485dd2022e7ebd

Request headers

Referer: https://lollty.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:27 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://lollty.pro
cache-control: no-cache
x-server: 10.45.22.241
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
H2 200 fed Show response
ups.analytics.yahoo.com/ups/58813/ 2 B
199 B 110ms
26ms XHR
application/json 3.71.149.231
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ups.analytics.yahoo.com/ups/58813/fed?gpp_sid=-1&v=1&url=https%3A%2F%2Flollty.pro%2F

Requested by

Host: connectid.analytics.yahoo.com
URL: https://connectid.analytics.yahoo.com/connectId-gpt.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.94 /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:27 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.94
age: 0
vary: Origin
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
access-control-allow-origin: https://lollty.pro
content-type: application/json
access-control-allow-credentials: true

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
482 B 128ms
128ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?r=lollty.pro_fluid_sq_3upload002&pdc=0.38702623844146733&ucv=null&e=tcp&dsReferer=bG9sbHR5LnByby8=

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.25.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-nf-request-id: 01HGAVP3F4929PJKMKJF614G1K
date: Thu, 28 Dec 2023 19:38:27 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 1611838
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "a49e9f0a501edbf396bf43092ec1efa3-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 83cc438308693637-FRA

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 86 KB
39 KB 482ms
482ms Fetch
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1069012116819260&correlator=1504859506112854&eid=31079525&output=ldjh&gdfp_req=1&vrg=202312060101&ptt=17&impl=fif&iu_parts=44890869%3A22866007907%2Cca-pub-3831894559014614-tag%2Ce93e43e4-d602-41af-8c95-d39d18545ad4&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1024x280%7C750x300%7C750x200%7C930x180%7C970x250&ifi=3&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1703792307689&lmt=1703792307&adxs=215&adys=728&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Flollty.pro%2F&ref=https%3A%2F%2F3upload.com%2F&vis=1&psz=1170x296&msz=1170x296&fws=0&ohw=0&ga_vid=468208656.1703792307&ga_sid=1703792307&ga_hid=1596979508&ga_fc=true&a3p=EhgKCXlhaG9vLmNvbRjX272PyzFIAFICCG8SHAoNY3J3ZGNudHJsLm5ldBjl2r2PyzFIAFICCGQSGwoMMzNhY3Jvc3MuY29tGOTavY_LMUgAUgIIZBIZCgpwdWJjaWQub3JnGL7bvY_LMUgAUgIIahIdCg5lc3AuY3JpdGVvLmNvbRjk2r2PyzFIAFICCGQSFwoIcnRiaG91c2UYxtu9j8sxSABSAghqEhQKBW9wZW54GOTavY_LMUgAUgIIZBIZCgp1aWRhcGkuY29tGOXavY_LMUgAUgIIZBIbCgxpZDUtc3luYy5jb20Y5dq9j8sxSABSAghk&dlt=1703792306512&idt=1028&prev_scp=ti%3D393f7ba6-e3cb-4fd8-b079-c2f43ae10ac6%26chrand%3Dy%26pof%3D0%26bid%3D0.18%26bid-p%3Dgoogle%26bsc%3D83&adks=3736545718&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e8597b32d50b398bf5bc5fe42efad1221ad5dd436152e26cab60737780d8c746

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:28 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40339
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://lollty.pro
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame A948 14 KB
6 KB 113ms
40ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=lollty.pro

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

cf66b1a88c1b59fe8d1068ff7ec392816c6a8a43a1d0647bd940591f09974446

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://lollty.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 19:38:27 GMT
server: Kestrel
server-processing-duration-in-ticks: 330082
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
x-robots-tag: noindex

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
479 B 128ms
128ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?r=lollty.pro_fluid_sq_3upload001&pdc=0.5186616897583008&ucv=null&e=tcp&dsReferer=bG9sbHR5LnByby8=

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.25.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-nf-request-id: 01HGAVP3F4929PJKMKJF614G1K
date: Thu, 28 Dec 2023 19:38:27 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 1611838
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "a49e9f0a501edbf396bf43092ec1efa3-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 83cc438399463637-FRA

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 64 KB
14 KB 394ms
394ms Fetch
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1069012116819260&correlator=2447435705766216&eid=31079525&output=ldjh&gdfp_req=1&vrg=202312060101&ptt=17&impl=fif&iu_parts=44890869%3A22866007907%2Cca-pub-3831894559014614-tag%2C6e14a32f-4f98-454e-adf2-4988b3632765&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1024x280%7C750x300%7C750x200%7C930x180%7C970x250&ifi=4&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1703792307773&lmt=1703792307&adxs=215&adys=280&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Flollty.pro%2F&ref=https%3A%2F%2F3upload.com%2F&vis=1&psz=1170x296&msz=1170x296&fws=0&ohw=0&ga_vid=468208656.1703792307&ga_sid=1703792307&ga_hid=1596979508&ga_fc=true&a3p=EhgKCXlhaG9vLmNvbRjX272PyzFIAFICCG8SHAoNY3J3ZGNudHJsLm5ldBjl2r2PyzFIAFICCGQSGwoMMzNhY3Jvc3MuY29tGOTavY_LMUgAUgIIZBIZCgpwdWJjaWQub3JnGL7bvY_LMUgAUgIIahIdCg5lc3AuY3JpdGVvLmNvbRjk2r2PyzFIAFICCGQSFwoIcnRiaG91c2UYxtu9j8sxSABSAghqEhQKBW9wZW54GOTavY_LMUgAUgIIZBIZCgp1aWRhcGkuY29tGOXavY_LMUgAUgIIZBIbCgxpZDUtc3luYy5jb20Ykdy9j8sxSABSAghq&dlt=1703792306512&idt=1028&prev_scp=ti%3D393f7ba6-e3cb-4fd8-b079-c2f43ae10ac6%26chrand%3Dy%26pof%3D0%26bid%3D0.29%26bid-p%3Dgoogle%26bsc%3D83&adks=987337788&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7fc9f35d57b992f8230bfce328254df993d406ac852614e08837ec32005b130

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:28 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14767
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://lollty.pro
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
479 B 127ms
127ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?r=lollty.pro_fluid_sq_square0009&pdc=0.32429434061050416&ucv=null&e=tcp&dsReferer=bG9sbHR5LnByby8=

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.25.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-nf-request-id: 01HGAVP3F4929PJKMKJF614G1K
date: Thu, 28 Dec 2023 19:38:27 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 1611838
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "a49e9f0a501edbf396bf43092ec1efa3-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 83cc4383b9733637-FRA

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 89 KB
41 KB 483ms
483ms Fetch
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1069012116819260&correlator=1863750990880421&eid=31079525&output=ldjh&gdfp_req=1&vrg=202312060101&ptt=17&impl=fif&iu_parts=44890869%3A22866007907%2Cca-pub-3831894559014614-tag%2C5dd8eb99-c329-4eeb-9bd2-f7ed71ee3a0f&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x280%7C300x250&ifi=5&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1703792307789&lmt=1703792307&adxs=650&adys=442&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Flollty.pro%2F&ref=https%3A%2F%2F3upload.com%2F&vis=1&psz=300x-1&msz=300x-1&fws=512&ohw=0&ga_vid=468208656.1703792307&ga_sid=1703792307&ga_hid=1596979508&ga_fc=true&a3p=EhgKCXlhaG9vLmNvbRjX272PyzFIAFICCG8SHAoNY3J3ZGNudHJsLm5ldBjl2r2PyzFIAFICCGQSGwoMMzNhY3Jvc3MuY29tGOTavY_LMUgAUgIIZBIZCgpwdWJjaWQub3JnGL7bvY_LMUgAUgIIahIdCg5lc3AuY3JpdGVvLmNvbRjk2r2PyzFIAFICCGQSFwoIcnRiaG91c2UYxtu9j8sxSABSAghqEhQKBW9wZW54GOTavY_LMUgAUgIIZBIZCgp1aWRhcGkuY29tGOXavY_LMUgAUgIIZBIbCgxpZDUtc3luYy5jb20Ykdy9j8sxSABSAghq&dlt=1703792306512&idt=1028&prev_scp=ti%3D393f7ba6-e3cb-4fd8-b079-c2f43ae10ac6%26chrand%3Dy%26pof%3D0%26bid%3D0.26%26bid-p%3Dgoogle%26bsc%3D83&adks=4064778401&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee7f5cb82973314127baf13071c4aa6bdba47284632130b8b4405af9cc91c779

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:28 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41708
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://lollty.pro
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame A948
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=lollty.pro&sn=ChromeSyncframe&so=0&topUrl=lollty.pro&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=yl620XxjOHMycTdYUFFDV2FGUG5LYzg4SFRhQkk0MitFeWJMNU96OFg3emhuZDlRM1RHL0x6d3hGTnRuRDJMSzdvYkNrWWJkYkI5T1BsNGR3cWtFdmh0S003Nk1SWGx2dHdUVWtES0phaUY5a0o4QW1DMVRQRW1sb2cyZ3...

428 B
655 B

38ms
38ms

Fetch
application/json

2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=yl620XxjOHMycTdYUFFDV2FGUG5LYzg4SFRhQkk0MitFeWJMNU96OFg3emhuZDlRM1RHL0x6d3hGTnRuRDJMSzdvYkNrWWJkYkI5T1BsNGR3cWtFdmh0S003Nk1SWGx2dHdUVWtES0phaUY5a0o4QW1DMVRQRW1sb2cyZ3pma2VxUzZYUXZIUTVkTy9nZWZybHd0T2ZNRzUyV2lxQkZvdXRISFJldkkwYkNPbjZVcmZlWVNMemxBcnJabTJ0UGxWR2J1eHZ0Nlh5dkFWbkhheFl0MlpWM1dEUzlydjM4OVNyUVJqV0tCSVR5UTVEbXZ5WU5rZDBMYzcwUU5sZU9mK0xTekFQVHg2SDhNZVNRTEhWem9TSVJSQk96ejBRVWdLM2VCTzMvUFh2K01halVrdz18&cppv=2

Requested by

Host: lollty.pro
URL: https://lollty.pro/

Protocol

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

559aa06c43e959f9e8f889e815e0c3f5e384d18a7eceadd14baba226a8fe19c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:27 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1239184
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:27 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=yl620XxjOHMycTdYUFFDV2FGUG5LYzg4SFRhQkk0MitFeWJMNU96OFg3emhuZDlRM1RHL0x6d3hGTnRuRDJMSzdvYkNrWWJkYkI5T1BsNGR3cWtFdmh0S003Nk1SWGx2dHdUVWtES0phaUY5a0o4QW1DMVRQRW1sb2cyZ3pma2VxUzZYUXZIUTVkTy9nZWZybHd0T2ZNRzUyV2lxQkZvdXRISFJldkkwYkNPbjZVcmZlWVNMemxBcnJabTJ0UGxWR2J1eHZ0Nlh5dkFWbkhheFl0MlpWM1dEUzlydjM4OVNyUVJqV0tCSVR5UTVEbXZ5WU5rZDBMYzcwUU5sZU9mK0xTekFQVHg2SDhNZVNRTEhWem9TSVJSQk96ejBRVWdLM2VCTzMvUFh2K01halVrdz18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 285994
content-length: 0
expires: 0

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame C13A 199 B
298 B 83ms
32ms Document
text/html 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: de259eb7ba7a0e45575deb33946f1fbc695c97c33145ae4e49af0069d010868e

Request headers

Referer: https://lollty.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 151
content-type: text/html
date: Thu, 28 Dec 2023 19:38:28 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
480 B 148ms
148ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?r=lollty.pro_auto_interstitial_desktop&e=nai&dsReferer=bG9sbHR5LnByby8=

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.25.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-nf-request-id: 01HGAVP3F4929PJKMKJF614G1K
date: Thu, 28 Dec 2023 19:38:28 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 1611839
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "a49e9f0a501edbf396bf43092ec1efa3-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 83cc4384db1a3637-FRA

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
480 B 150ms
150ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?r=lollty.pro_auto_interstitial_desktop&sn=2&ific=false&e=iar2&dsReferer=bG9sbHR5LnByby8=

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.25.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-nf-request-id: 01HGAVP3F4929PJKMKJF614G1K
date: Thu, 28 Dec 2023 19:38:28 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 1611839
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "a49e9f0a501edbf396bf43092ec1efa3-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 83cc4384db223637-FRA

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 220 KB
58 KB 464ms
464ms Fetch
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1069012116819260&correlator=4492029622792970&eid=31079525&output=ldjh&gdfp_req=1&vrg=202312060101&ptt=17&impl=fif&iu_parts=44890869%3A22866007907%2Cca-pub-3831894559014614-tag%2C3a5d2c7d-ba54-4d51-87db-26df89112163&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=6&sfv=1-0-40&ists=1&fas=8&eri=1&sc=1&cookie=ID%3D41ff9456346695cf%3AT%3D1703792307%3ART%3D1703792307%3AS%3DALNI_MajR_tBFVyyTnM3s4t838Csv2NdIw&gpic=UID%3D00000d2ef6b6200d%3AT%3D1703792307%3ART%3D1703792307%3AS%3DALNI_Ma8ihWqKZFe2-mBlow7HNE4_qVV4A&abxe=1&dt=1703792307971&lmt=1703792307&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=6&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Flollty.pro%2F&ref=https%3A%2F%2F3upload.com%2F&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=468208656.1703792307&ga_sid=1703792307&ga_hid=1596979508&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQY5dq9j8sxSABSAghkEhsKDDMzYWNyb3NzLmNvbRjk2r2PyzFIAFICCGQSGQoKcHViY2lkLm9yZxi-272PyzFIAFICCGoSGAoJeWFob28uY29tGNfbvY_LMUgAUgIIbxIdCg5lc3AuY3JpdGVvLmNvbRjk2r2PyzFIAFICCGQSFwoIcnRiaG91c2UYxtu9j8sxSABSAghqEj4KBW9wZW54EixleUpwSWpvaVIyNXNiR1ZsWlM5VWFpdHNNWEpGWVRZcmJEbFlRVDA5SW4wPRj73b2PyzFIABIZCgp1aWRhcGkuY29tGOXavY_LMUgAUgIIZBIbCgxpZDUtc3luYy5jb20Ykdy9j8sxSABSAghq&dlt=1703792306512&idt=1028&prev_scp=ti%3D393f7ba6-e3cb-4fd8-b079-c2f43ae10ac6%26interstitials-bid%3D1%26bid-p%3Dgoogle%26bsc%3D83&adks=1323237997&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f79516d523443702ed74c090c0792d5514ebda67636b17ab3cfcc08c8f919da5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:28 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 59075
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://lollty.pro
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET OpenSans-Regular.ttf
3upload.com/css/font/ 0
0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 148 KB
48 KB 371ms
371ms Fetch
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1069012116819260&correlator=949510519353921&eid=31079525&output=ldjh&gdfp_req=1&vrg=202312060101&ptt=17&impl=fif&iu_parts=44890869%3A22866007907%2Cca-pub-3831894559014614-tag%2C6da464ac-ec54-4f2a-ac56-9e74dba7f67c&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=7&sfv=1-0-40&ists=1&fas=1&eri=1&sc=1&cookie=ID%3D281f8f9aa7fa9d80%3AT%3D1703792307%3ART%3D1703792307%3AS%3DALNI_MZhH80eV9G3YiOVYs5uxh2FqXxEhA&gpic=UID%3D00000d2ef6059137%3AT%3D1703792307%3ART%3D1703792307%3AS%3DALNI_MbMW4RqfIzGpSX1MlgD0lKZmTYEGg&abxe=1&dt=1703792308011&lmt=1703792308&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=7&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Flollty.pro%2F&ref=https%3A%2F%2F3upload.com%2F&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=468208656.1703792307&ga_sid=1703792307&ga_hid=1596979508&ga_fc=true&a3p=EhwKDWNyd2RjbnRybC5uZXQY5dq9j8sxSABSAghkEhsKDDMzYWNyb3NzLmNvbRjk2r2PyzFIAFICCGQSGQoKcHViY2lkLm9yZxi-272PyzFIAFICCGoSGAoJeWFob28uY29tGNfbvY_LMUgAUgIIbxIdCg5lc3AuY3JpdGVvLmNvbRjk2r2PyzFIAFICCGQSFwoIcnRiaG91c2UYxtu9j8sxSABSAghqEj4KBW9wZW54EixleUpwSWpvaVIyNXNiR1ZsWlM5VWFpdHNNWEpGWVRZcmJEbFlRVDA5SW4wPRj73b2PyzFIABIZCgp1aWRhcGkuY29tGOXavY_LMUgAUgIIZBIbCgxpZDUtc3luYy5jb20Ykdy9j8sxSABSAghq&dlt=1703792306512&idt=1028&prev_scp=ti%3D393f7ba6-e3cb-4fd8-b079-c2f43ae10ac6%26interstitials-bid%3D0.2%26bid-p%3Dgoogle%26stt%3Dbhs%26bsc%3D83&adks=2043699473&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ef3193ab6a2b16038a371db6beb1c912da29dac3df734f688daad981c6d1272

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:28 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49205
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://lollty.pro
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012310301456000/ Frame E636 196 KB
56 KB 106ms
22ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012310301456000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c6077711ce3174050ccebe6559eb5f0e251942c2cad21900d1c3ef316065565b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 27 Dec 2023 11:48:30 GMT
age: 114598
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56081
x-xss-protection: 0
server: sffe
etag: "6a17d296884b026a"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 26 Dec 2024 11:48:30 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012310301456000/v0/ Frame E636 15 KB
5 KB 143ms
59ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012310301456000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b53b6ad23b258ce11eed97786741510819a369348afcf1260856fe3041fc33de

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 27 Dec 2023 11:48:30 GMT
age: 114598
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5225
x-xss-protection: 0
server: sffe
etag: "0b7142e00666043e"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 26 Dec 2024 11:48:30 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012310301456000/v0/ Frame E636 95 KB
28 KB 145ms
61ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012310301456000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3907cc5ed9d4a0cdb316d069614220b55fccd5624ac173592a7a4c2c3aae0636

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 27 Dec 2023 11:48:30 GMT
age: 114598
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29077
x-xss-protection: 0
server: sffe
etag: "7b1f1965b6cd6fda"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 26 Dec 2024 11:48:30 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012310301456000/v0/ Frame E636 5 KB
2 KB 153ms
69ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012310301456000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

516f5e4c2dc5c69f3e1707e76695f866f8e62468aca15c1a9ddb165eb684f6f0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 27 Dec 2023 11:48:31 GMT
age: 114597
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1911
x-xss-protection: 0
server: sffe
etag: "5b0a82507b260c6e"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 26 Dec 2024 11:48:31 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012310301456000/v0/ Frame E636 40 KB
13 KB 154ms
70ms Script
text/javascript 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012310301456000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18ebc36644e10f87e20812c15e329c1b25848c62cd6cdfe74427cdf8995bc3a9

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 27 Dec 2023 11:48:31 GMT
age: 114597
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12952
x-xss-protection: 0
server: sffe
etag: "9817e561a46c70fa"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 26 Dec 2024 11:48:31 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame E636 4 KB
655 B 30ms
30ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 28 Dec 2023 19:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 28 Dec 2023 18:36:05 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 28 Dec 2023 19:38:28 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame E636 2 KB
3 KB 68ms
20ms Image
image/png 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: lollty.pro
URL: https://lollty.pro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 11:53:15 GMT
x-content-type-options: nosniff
server: cafe
age: 27913
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Fri, 29 Dec 2023 11:53:15 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame E636 295 B
398 B 91ms
44ms Image
image/png 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: lollty.pro
URL: https://lollty.pro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 17:24:32 GMT
x-content-type-options: nosniff
server: cafe
age: 8036
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 29 Dec 2023 17:24:32 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame E636 0
0 28ms
27ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ-wVzykjEtYcsu89QcSSog6CpXbeDMZfoOdbN-3XiAIKFLwr9Ew20O5lbYjaTP-CPv9dB8DzeecOyYvr9qK_QsjKqNuQ
Requested by: Host: lollty.pro
URL: https://lollty.pro/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
481 B 31ms
31ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?gl=0.29&b=2&r=lollty.pro_fluid_sq_3upload001&sy=bcca2b83-7abe-4fff-ba29-317d94b92357&ts=83&cd=2&pud=250&pus=c&pue=1058&pid=129&pis=c&pie=1188&ppd=198&pps=a&ppe=1257&pcl=1782&ttc=2058&tti=2476&ttif=0&lca=1257&lcak=ppe&lct=1257&lctk=ppe&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=lollty.pro&mlre=3upload.com&mlin=0&mlsi=1024x280&mlbw=4g&mlcs=NaN&mltp=393f7ba6-e3cb-4fd8-b079-c2f43ae10ac6&e=lm&dsReferer=bG9sbHR5LnByby8=

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.25.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-nf-request-id: 01HGAVP3F4929PJKMKJF614G1K
date: Thu, 28 Dec 2023 19:38:28 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 1611839
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "a49e9f0a501edbf396bf43092ec1efa3-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 83cc43862d9f3637-FRA

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/8413189786243968030/ Frame E636 30 KB
30 KB 62ms
21ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8413189786243968030/14763004658117789537?w=600&h=314&tw=1&q=75

Requested by

Host: lollty.pro
URL: https://lollty.pro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

409d3fcfd6e913135f2e4e8be5c8ec1c03f6cf3ef2dd7ac7e4cba3af83ab4e44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Sun, 22 Dec 2024 07:57:45 GMT
date: Sat, 23 Dec 2023 07:57:45 GMT
x-content-type-options: nosniff
age: 474043
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30696
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 10:28:35 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/7606543455393789577/ Frame E636 1 KB
1 KB 85ms
45ms Image
image/jpeg 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7606543455393789577/14763004658117789537?w=100&h=100&tw=1&q=75

Requested by

Host: lollty.pro
URL: https://lollty.pro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94fd9ca316421dde0bf62a6a9db6983d1e9883949934592ca409d222ec36b56a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Wed, 25 Dec 2024 17:05:32 GMT
date: Tue, 26 Dec 2023 17:05:32 GMT
x-content-type-options: nosniff
age: 181976
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1326
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 13:51:36 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
DATA 200
OK truncated
/ Frame E636 220 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f04876822bb6c01fad7982c03270e7029a82ff1b3052477cffd25c51d94a62e8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 container.html Show response
3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1AE1 6 KB
3 KB 22ms
22ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://lollty.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 19:38:27 GMT
expires: Fri, 27 Dec 2024 19:38:27 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
479 B 149ms
149ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?gl=0.18&b=2&r=lollty.pro_fluid_sq_3upload002&sy=bcca2b83-7abe-4fff-ba29-317d94b92357&ts=83&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=lollty.pro&mlre=3upload.com&mlin=0&mlsi=1024x280&mlbw=4g&mlcs=NaN&mltp=393f7ba6-e3cb-4fd8-b079-c2f43ae10ac6&e=lm&dsReferer=bG9sbHR5LnByby8=

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.25.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-nf-request-id: 01HGAVP3F4929PJKMKJF614G1K
date: Thu, 28 Dec 2023 19:38:28 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 1611839
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "a49e9f0a501edbf396bf43092ec1efa3-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 83cc43864de53637-FRA

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame E636 16 KB
16 KB 25ms
24ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://lollty.pro
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 25 Dec 2023 17:38:05 GMT
x-content-type-options: nosniff
age: 266423
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 24 Dec 2024 17:38:05 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame E636 15 KB
15 KB 21ms
20ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://lollty.pro
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 08:54:09 GMT
x-content-type-options: nosniff
age: 211459
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Dec 2024 08:54:09 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 19E3 624 B
400 B 63ms
62ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN8DEJ7K15oEGM7QioECMAE&v=APEucNVFzOREuOOlG4wawr3H_9HqAG6hv_Z5V0vkiyDWj1ZDJUTwZ74sJJUBxvhJgDktcD53Qw0gM95P4NtvztR6g3OxrHCjhuNWyqT9H28OSnOiDIJZni4y-r1_rddMjs007T0OR_JTIRy28hs8RVluOE7hJZyMTIDWeJHxYfBwy9g9GRQ1KOfUoTL156MlSXfIAJXaXi4i

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 19:38:28 GMT
expires: Thu, 28 Dec 2023 19:38:28 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 1AE1 23 KB
9 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 20:43:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82528
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9269
x-xss-protection: 0
server: cafe
etag: 11706523405290302210
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Jan 2024 20:43:00 GMT

GET
H2 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame 1AE1 7 KB
3 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 02:43:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60902
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 11 Jan 2024 02:43:26 GMT

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 1AE1 0
0 115ms
65ms Fetch
image/gif 142.250.181.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjstV9otKzjiPDbvwlovb_7gdW_qNwuEgnS2b36AFVCV3-Zrxt0DPMOLZSjF0PUn855CXkHrnAfU7ifGVwW08QlaAFXFW1riVWL0XkAAkHJ_qrxewlun4jwEQ4160gZ-74jk_RYiZjtZcZEkaU2NK9dAxxaJ9Lm-pfwZzf-j94MrndkX13RrgUY8I5fQqqekUpbVVuWfg78wJrQVlLft0-cXV9j5fc37DNZKdKkuqnjA8l8oS76uWcMQU5m-103STJPzPuC1jqWPpgYGNKdheZO7RHgzVKUakbRL9WlBgZ5HR0OSP45B-_oWofNG5cubMAnIPbzOFOkC1E0uP8M2yaykjalTtawCK2r-ojyV8wb0eV7WL9-YNNy5NNRc9GfEY_OXTFsHXAIgo2Z3tFxgvykhMCkVW_RMCzQXjvqrvclod9lKTml6g85xnFstCtzDJDDHExWEU6sFA6sZpMD6_OXc3BLdzA_hXnWHxg554BB61KwQlQpVSCeHpcQTmvYHGCuWzxfxc4UyykYUWaUrxTfnVSGZR17gLDTkJVTEiMDso9qM-UzIJdyJ9d46kM9b6Vkk3Euo5AH-kk3mG-xLDgxBzNcmocZtlZ4iBvxVZZj0hJap5hl0Vk2ihxuWiCH5kSImXQzRXTK-Q86G23K5UVjR1h4DCcufczJLfjr8x1Apb9FdGRBWm5vAT2sf9B2honRV65w0erAQgczIt1fNXRzQQU7UTRdicSp3nfVN6PjZsr7l9qwuUXqdx9CJVRu7nICxY55SMBtmfDMoZsdWJm1-L4aCpPk7bS_C-8XxEmJppHp3jF9UZXdnS6JqnZm0WrkVRPqWB6Of_9cILqDsTntTGJXTTVPO2bjQZgxOl6Q1CvAADjMif_H4JL7SCiYEnfZDu9iwkx7wdP8aeqWopXGU32A_oRLkXL2zsjlHMIjPtIwAQ6Bo67ZOGAVwAezmQH-hv7kOWjJnhsDBF5JG6GqAXkW7eOKHLhI6nWDdl7CDyORu6mJ5U1JcZuZuahcwog0SOVckt7-AEx7YHt4H-YKwoHni5NmfjNkjirlQOnDdD4ZzXTQewaBZk8vEMS6uyLi1Malx3tM_wVFkchwAIinOmfSCAKx8qeEyb94Xha5tvQOzs9P1_LG3RajWOqOx_cSEPLrYhuagYy2jfCWpqgpwSMn80hmhnUXN0TZxItSsFKzXyYcMSdd_dQTo1nZs9dgqyFCCmCb8aRKKIJk2v2dqhE8IGyKs5oyvSlwtJrPBF0ryiRYjQZtfUv0BTFvE94S3DSIp0_6EKzm0zgRqBZHoTpq4nJYXTCuJ7703YRFWJCdo&sai=AMfl-YSzW43HeLqXbTXjiIPyd0kfODkAykvKb3AcSPDHNP5MPNPxeSFuLuhUH7SRxvUDdDySYv5LUTMSWjuZjk2i9b4HMl9onI9YBGUPMNeA_voUIAPSPXAX0FQr8nj2ZuXruxLImRJZATF8y7ETHarxJT_fRLIYBFH6QfAHPKZ7V-48K5_lWiJe5wCsrXIwQ55py-ACVcdL4BZzaewkeyjiUJtO1R9ZG9EUWDpm_ltJhzzcwIc3OJ-f_B_u014oy6kQQkuUzDfkifk-GPyEzlix-UYaeW332YJCWz-IxJwa0-lCkH4BOn_yVpeXhPXW9Hx5wlD9WNh8yZvkOeI8u93q8SqAp0Z3cUPYcYjdsU6_tsC9UlrTD-LO0lt0vZ_EqFpXXWPeQ51q26_EtFwrhjDSqJDOqdaHM7dJp-0RHxVqsDjWGjLGyaQfdztTrco_gYkzyaaRJ65HMqTe3T-KFJPde5zf_EqSdh-8MH3oWuj1UU626V8zQErHGVqyw6UJcfLFjxZfnMW3y37Zhg&sig=Cg0ArKJSzLpCDQSoeS4QEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9zdGVhbXBvd2VyZWQuY29t&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20231207.22402&arae=0&ftch=1&adurl=

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 28 Dec 2023 19:38:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 1AE1 41 KB
14 KB 44ms
42ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 22 Dec 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 524000
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 21 Dec 2024 18:05:08 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 1AE1 3 KB
1 KB 48ms
46ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 15:59:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13119
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 11 Jan 2024 15:59:49 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 1AE1 20 KB
9 KB 40ms
38ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63849
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 11 Jan 2024 01:54:19 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1AE1 42 B
118 B 59ms
58ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DBQ3eqDv-USlp0zcHblEBmZLszxgRrP-xzxhhjhhGOha_s2MIdqYiLQinsxRYJ7KC4ph1tMvJntPZ35p0wmS7eWEm4ljy1cpUy-Od13_z8-qv0jQo

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1AE1 203 KB
65 KB 80ms
29ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Dec 2023 19:38:28 GMT

GET
H2 200 3900310117797998877
s0.2mdn.net/simgad/ Frame 1AE1 184 KB
184 KB 74ms
22ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/3900310117797998877

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6d58ea2fe2fab105d04533fc94638e8e2dea450d7d9fb4150153c767a43a9b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Wed, 25 Dec 2024 13:00:46 GMT
date: Tue, 26 Dec 2023 13:00:46 GMT
x-content-type-options: nosniff
age: 196662
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 188268
x-xss-protection: 0
last-modified: Tue, 12 Dec 2023 08:38:43 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 container.html Show response
3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D29B 6 KB
3 KB 21ms
20ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://lollty.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 19:38:27 GMT
expires: Fri, 27 Dec 2024 19:38:27 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
478 B 33ms
33ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?gl=0.26&b=2&r=lollty.pro_fluid_sq_square0009&sy=bcca2b83-7abe-4fff-ba29-317d94b92357&ts=83&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=lollty.pro&mlre=3upload.com&mlin=0&mlsi=300x280&mlbw=4g&mlcs=NaN&mltp=393f7ba6-e3cb-4fd8-b079-c2f43ae10ac6&e=lm&dsReferer=bG9sbHR5LnByby8=

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.25.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-nf-request-id: 01HGAVP3F4929PJKMKJF614G1K
date: Thu, 28 Dec 2023 19:38:28 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 1611839
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "a49e9f0a501edbf396bf43092ec1efa3-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 83cc4386ded73637-FRA

GET
DATA 200
OK truncated
/ Frame 1AE1 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bcda52144be1ce73ce7efa2791d7de8b4b17c3cab66e25cc74c528d3aaf7be8a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame EF41 38 KB
13 KB 21ms
20ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 208390
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 26 Dec 2023 09:45:18 GMT
expires: Wed, 25 Dec 2024 09:45:18 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1AE1 0
20 B 57ms
56ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodarir&v=44&d=1&s=1&f=0.01&bgai=B-QCFs86NZbDgLPWG7_UP79eHqA0AAAAAOAHgBAI

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 19E3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAEXHYOq76hL3msr5t-_Vs&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAEXHYOq76hL3msr5t-_Vs&google_cver=1&C=1

43 B
737 B

84ms
84ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAEXHYOq76hL3msr5t-_Vs&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN8DEJ7K15oEGM7QioECMAE&v=APEucNVFzOREuOOlG4wawr3H_9HqAG6hv_Z5V0vkiyDWj1ZDJUTwZ74sJJUBxvhJgDktcD53Qw0gM95P4NtvztR6g3OxrHCjhuNWyqT9H28OSnOiDIJZni4y-r1_rddMjs007T0OR_JTIRy28hs8RVluOE7hJZyMTIDWeJHxYfBwy9g9GRQ1KOfUoTL156MlSXfIAJXaXi4i
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UfllZYOmnd7VBPMY7uwoWwHW%2F4mDbnji0iC0W%2FFLAdLkiM59eGTgV%2BAE2hVIfjhVuKMRSZTFkr26zCa6izeSlfRJA2%2FaGBGVUOpfJKzAKwoWJbuTXd9er0XQAPyK7ytgkC2b32%2BDkNEZiA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 83cc43887f3458f6-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=29JFHoLrKMgxfZjL5o20OAl6WaQms%2BwLo2dNQGtM59lhSuWN9EGbMjATc%2FP3USNl9z%2B0BNUQ%2Fqm8pSjW2WmQL64wEsHTXfmUZDXOgAtFIV0YRqWmZA%2FLLI%2BQ7Ijv4QRfyM6XM5dub%2BBKyg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEKAEXHYOq76hL3msr5t-_Vs&google_cver=1&C=1
cache-control: no-cache
cf-ray: 83cc43880d474480-TXL
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 19E3
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZY3OtPFu0jWkyK87arNvXAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOpkRiZrhHv4k9a_sbt8ruI&google_cver=1

43 B
733 B

91ms
91ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOpkRiZrhHv4k9a_sbt8ruI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN8DEJ7K15oEGM7QioECMAE&v=APEucNVFzOREuOOlG4wawr3H_9HqAG6hv_Z5V0vkiyDWj1ZDJUTwZ74sJJUBxvhJgDktcD53Qw0gM95P4NtvztR6g3OxrHCjhuNWyqT9H28OSnOiDIJZni4y-r1_rddMjs007T0OR_JTIRy28hs8RVluOE7hJZyMTIDWeJHxYfBwy9g9GRQ1KOfUoTL156MlSXfIAJXaXi4i
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x1khGGB2EjPxG2oimdWrogwVvnX592Klxc1087aUcb9ghSV9a9wNzBLAskG%2BZhtTfjOj9NoTJ3v2uyvPMGhx6B2mtVhP8IF7A1yBL66x%2BkvVqwqu4ZirtyHJSaFByRKk8JZae%2FFDygmhNg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 83cc4388f8d258f6-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOpkRiZrhHv4k9a_sbt8ruI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 19E3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEKoguhWR8vhy6Fuo_bHsc-I&google_cver=1

43 B
839 B

32ms
32ms

Image
image/gif

37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEKoguhWR8vhy6Fuo_bHsc-I&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN8DEJ7K15oEGM7QioECMAE&v=APEucNVFzOREuOOlG4wawr3H_9HqAG6hv_Z5V0vkiyDWj1ZDJUTwZ74sJJUBxvhJgDktcD53Qw0gM95P4NtvztR6g3OxrHCjhuNWyqT9H28OSnOiDIJZni4y-r1_rddMjs007T0OR_JTIRy28hs8RVluOE7hJZyMTIDWeJHxYfBwy9g9GRQ1KOfUoTL156MlSXfIAJXaXi4i

Protocol

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
an-x-request-uuid: 1e39bb71-016d-4b16-a23e-38058f22b386
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.218.25; 217.114.218.25; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEKoguhWR8vhy6Fuo_bHsc-I&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 19E3
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQ4NzI3NjI5MjU2MjQyOTI4Mg%3D%3D

170 B
232 B

30ms
30ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQ4NzI3NjI5MjU2MjQyOTI4Mg%3D%3D

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
an-x-request-uuid: 27413acc-1775-430d-92cc-913c26a45e16
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQ4NzI3NjI5MjU2MjQyOTI4Mg%3D%3D
x-proxy-origin: 217.114.218.25; 217.114.218.25; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 1345 624 B
242 B 61ms
61ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN8DEJ7K15oEGPDf_4ACMAE&v=APEucNV-PF111fUaz8K7T28FuDSvS7SIw3FNSN0NNizg4eXuCkdnMNZOTjOL1taqy68swatD5QK16QcqJxSweyrKQUu-nqabUqwdypNNBh9Mm3YVykvAG_sL6aYu8u9566uZeoBoaUhw58sKznuMLLoMr23-MApNV4urj3_NBbN-G9so4yn-qnNzX1nhv0jktYYKu_1HV16L

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 19:38:28 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame D29B 23 KB
9 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 20:43:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82528
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9269
x-xss-protection: 0
server: cafe
etag: 11706523405290302210
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Jan 2024 20:43:00 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame D29B 7 KB
3 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 02:43:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60902
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 11 Jan 2024 02:43:26 GMT

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame D29B 0
0 69ms
64ms Fetch
image/gif 142.250.181.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsu1zDGx6io74vXDj79ryE_u6age2u8P0o1glgNe6ozXuMhOYBI2gJGJ-xAcWXnucyVC-yaYYdeYVSfVDHT4PesJjHc5ppKOskDBonnPIHaFTFob2oZDWW0_P32iUoTw9mIKPxPwdIb5pTXYxuPZxkx_QqswgoqGMq1O7avZDDV7SaNuhnYXa_hI-vFlo4BBcSXCp_PV5X57wFcMnqbRwQbqRY01VmaCqFlw6T2d0DfDTA267zBMRDYBMeS9QP3wgjeJgxUWj2BRFpOZFs2vNJMYRzhsC63OiEt_DqUuCqCdOoU17RnhK3vCavo9EvmqUQlI1JUcrYR1FfzLiEMVywdoF_oZq0wiXNchdjwcxd0b6JREFCF-s6ePRaohS-gsX9U_Ec_xDNrhavMo2OqhEn_0BKZwSntq_pwzr5m2DDbRIVEnG5JGjnhGSQ7R5k3jjPPXjqIyBzlnx0i4ctbZfcBz5tNBEhzFm1RDH3NyQOIyv6x1__s5lXn6mL9DkYWK_TGO0V400vAsPpSjLlcMSPqcRdTuVn4v58D0VsN6u5-rEbvUKDVV-6ol4cl0bc7JW4fGZbvTl5nEFJOz-KM7M4vzP57ODW-imY-xXcZJQSICA9IfQqXMt1oNp-EaPff-4ohNZLzPqs9W1t0BE_DHDKzvEjAAEgXybY6_4geVpWsO3Tb47_7Ghr9I7ANm6kpIYN-Mr_95o-d_4G7pEzJmFuexCKkdQ6oRSIvCjs97-sy5bwdy0uSVpBn5STkW04zIxf7ne6-KcCgHA7YeGPJ1IebeOM8P1OU4d-IB91zQqoGNA-VOHhzDNk9vBY5sBtn-LkJYuBt7nH2qb0Ht9MQKte7_Y-W9h3qKc6qK_1ox8MkWdKWvOFfs8MX25zPQ0Zt9THwiDU-bBpnY6p9z8onVopHz1FRn4Jl7ephIl2mMNZXFFkFkMfKLwT06YDrSYq6QkhKjHerPbsOCc4c1eQkdGkkcn7R3durTSUyLZcpkXdeXcuR4cSOmTd21bTGl8coyWdpKdJ5_KFWzaiuVTab7BOnXDunE6lyb-9mGMEq79KLiGnmf7BIudCBczKGC26YUkOblqgcCczeLFR_zxxmzcCRnrDJfeSlGi8JuRtrmzVxOiTWJAb929lC3PQBXECOOpBT0MeK0Dos8K-kUK4aQEyoygfSguaPeWKgUpn1r_WQlXAJHhTh0HP6_5t6w8C78z8M7OvEJ1cb8iguxLxe6QZUjXd6htRIMv2GU9kyURxd9lF6NXCAV4t-TsupcnEojeApP8O4KEcAa7antf8uvGk3R6327v7LymQ9Jp_tylSXZaS0qinz7S_ThSz1w5K4Tt0WB&sai=AMfl-YS4OkmnK6x2pdmF1QfWKrZVPpGIgLtjVF6pDHaQJX2mKwRN_q50dpmc8wnV9b9qY-AXTqDxG6x9s1_NyRPHPvUULzdXOP66OZovUskK-ux_Tl3hg8S_xo6HgEY97khSvfaOEMvre6NLi3aLWk_4Mra_rUAK3SyMmRK-akEP8AFZNHGyI_nuHtYZJftLphlmSV67120aB_7pKK0eMZ4PwF0ltaHFNXgmUXLszrZvHy7iPoxlNW_LI1TYVAF_uYHm0_TkKY28BaTxhM3F-M6yM-YDJXVrPne1FLT7wNG-PhftanbA0-VXZVwKPw46p6LR4NZ0KPvWkZXse8LoEnwMAKSFaAg2snCWjUzi0y5NeP4UcH97Ya3CNBnjQxcmd-VBRY0Oxe9ALaq-3AiAU319kKrD66iEBh986HGwtmgW&sig=Cg0ArKJSzCZz3SMotWjyEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9zdGVhbXBvd2VyZWQuY29t&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20231207.63176&arae=0&ftch=1&adurl=

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 28 Dec 2023 19:38:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame D29B 41 KB
14 KB 27ms
23ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 22 Dec 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 524000
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 21 Dec 2024 18:05:08 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame D29B 3 KB
1 KB 29ms
26ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 15:59:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13119
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 11 Jan 2024 15:59:49 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 1505 1 KB
643 B 26ms
24ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 37498
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 09:13:30 GMT
etag: 48472445140208031
expires: Fri, 29 Dec 2023 09:13:30 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame D29B 20 KB
8 KB 23ms
20ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63849
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 11 Jan 2024 01:54:19 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D29B 42 B
63 B 59ms
58ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Bk_5xzRPxGtO2LIOsrRtvtXbVtgpYbpWpdR8Ry8doKIPqf9oGDRZcYnaocTAklvdGz1JevZBKlyG7Q-06raCBWzwu-CmySJ4erqJCB4Vsz3ZbInbs

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame D29B 0
0 29ms
28ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTmKxnikXEtWlcMYNngXkUZ6X1qq4ji2DjxNgHRv_mqoGA-p5qpmSVL5aij_H-x6VhJna589d8dh4a-5CGXk3K17ooBQw
Requested by: Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame D29B 203 KB
64 KB 36ms
33ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Dec 2023 19:38:28 GMT

GET
H2 200 11718656034878988886
s0.2mdn.net/simgad/ Frame D29B 38 KB
38 KB 56ms
53ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/11718656034878988886

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8dad63eeafcbdeea4645523e57bf40a32946768b4ef084625a3f4d03f333ce3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires: Wed, 25 Dec 2024 10:36:55 GMT
date: Tue, 26 Dec 2023 10:36:55 GMT
x-content-type-options: nosniff
age: 205293
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38624
x-xss-protection: 0
last-modified: Fri, 01 Dec 2023 14:16:29 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame EF41 39 KB
15 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 15:59:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13118
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 27 Dec 2024 15:59:50 GMT

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 1AE1 0
0 58ms
58ms Fetch
image/gif 142.250.181.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjstV9otKzjiPDbvwlovb_7gdW_qNwuEgnS2b36AFVCV3-Zrxt0DPMOLZSjF0PUn855CXkHrnAfU7ifGVwW08QlaAFXFW1riVWL0XkAAkHJ_qrxewlun4jwEQ4160gZ-74jk_RYiZjtZcZEkaU2NK9dAxxaJ9Lm-pfwZzf-j94MrndkX13RrgUY8I5fQqqekUpbVVuWfg78wJrQVlLft0-cXV9j5fc37DNZKdKkuqnjA8l8oS76uWcMQU5m-103STJPzPuC1jqWPpgYGNKdheZO7RHgzVKUakbRL9WlBgZ5HR0OSP45B-_oWofNG5cubMAnIPbzOFOkC1E0uP8M2yaykjalTtawCK2r-ojyV8wb0eV7WL9-YNNy5NNRc9GfEY_OXTFsHXAIgo2Z3tFxgvykhMCkVW_RMCzQXjvqrvclod9lKTml6g85xnFstCtzDJDDHExWEU6sFA6sZpMD6_OXc3BLdzA_hXnWHxg554BB61KwQlQpVSCeHpcQTmvYHGCuWzxfxc4UyykYUWaUrxTfnVSGZR17gLDTkJVTEiMDso9qM-UzIJdyJ9d46kM9b6Vkk3Euo5AH-kk3mG-xLDgxBzNcmocZtlZ4iBvxVZZj0hJap5hl0Vk2ihxuWiCH5kSImXQzRXTK-Q86G23K5UVjR1h4DCcufczJLfjr8x1Apb9FdGRBWm5vAT2sf9B2honRV65w0erAQgczIt1fNXRzQQU7UTRdicSp3nfVN6PjZsr7l9qwuUXqdx9CJVRu7nICxY55SMBtmfDMoZsdWJm1-L4aCpPk7bS_C-8XxEmJppHp3jF9UZXdnS6JqnZm0WrkVRPqWB6Of_9cILqDsTntTGJXTTVPO2bjQZgxOl6Q1CvAADjMif_H4JL7SCiYEnfZDu9iwkx7wdP8aeqWopXGU32A_oRLkXL2zsjlHMIjPtIwAQ6Bo67ZOGAVwAezmQH-hv7kOWjJnhsDBF5JG6GqAXkW7eOKHLhI6nWDdl7CDyORu6mJ5U1JcZuZuahcwog0SOVckt7-AEx7YHt4H-YKwoHni5NmfjNkjirlQOnDdD4ZzXTQewaBZk8vEMS6uyLi1Malx3tM_wVFkchwAIinOmfSCAKx8qeEyb94Xha5tvQOzs9P1_LG3RajWOqOx_cSEPLrYhuagYy2jfCWpqgpwSMn80hmhnUXN0TZxItSsFKzXyYcMSdd_dQTo1nZs9dgqyFCCmCb8aRKKIJk2v2dqhE8IGyKs5oyvSlwtJrPBF0ryiRYjQZtfUv0BTFvE94S3DSIp0_6EKzm0zgRqBZHoTpq4nJYXTCuJ7703YRFWJCdo&sai=AMfl-YSzW43HeLqXbTXjiIPyd0kfODkAykvKb3AcSPDHNP5MPNPxeSFuLuhUH7SRxvUDdDySYv5LUTMSWjuZjk2i9b4HMl9onI9YBGUPMNeA_voUIAPSPXAX0FQr8nj2ZuXruxLImRJZATF8y7ETHarxJT_fRLIYBFH6QfAHPKZ7V-48K5_lWiJe5wCsrXIwQ55py-ACVcdL4BZzaewkeyjiUJtO1R9ZG9EUWDpm_ltJhzzcwIc3OJ-f_B_u014oy6kQQkuUzDfkifk-GPyEzlix-UYaeW332YJCWz-IxJwa0-lCkH4BOn_yVpeXhPXW9Hx5wlD9WNh8yZvkOeI8u93q8SqAp0Z3cUPYcYjdsU6_tsC9UlrTD-LO0lt0vZ_EqFpXXWPeQ51q26_EtFwrhjDSqJDOqdaHM7dJp-0RHxVqsDjWGjLGyaQfdztTrco_gYkzyaaRJ65HMqTe3T-KFJPde5zf_EqSdh-8MH3oWuj1UU626V8zQErHGVqyw6UJcfLFjxZfnMW3y37Zhg&sig=Cg0ArKJSzLpCDQSoeS4QEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9zdGVhbXBvd2VyZWQuY29t&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=161&vt=11&dtpt=160&dett=2&cstd=0&cisv=r20231207.22402&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame D29B 0
0 60ms
59ms Fetch
image/gif 142.250.181.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsu1zDGx6io74vXDj79ryE_u6age2u8P0o1glgNe6ozXuMhOYBI2gJGJ-xAcWXnucyVC-yaYYdeYVSfVDHT4PesJjHc5ppKOskDBonnPIHaFTFob2oZDWW0_P32iUoTw9mIKPxPwdIb5pTXYxuPZxkx_QqswgoqGMq1O7avZDDV7SaNuhnYXa_hI-vFlo4BBcSXCp_PV5X57wFcMnqbRwQbqRY01VmaCqFlw6T2d0DfDTA267zBMRDYBMeS9QP3wgjeJgxUWj2BRFpOZFs2vNJMYRzhsC63OiEt_DqUuCqCdOoU17RnhK3vCavo9EvmqUQlI1JUcrYR1FfzLiEMVywdoF_oZq0wiXNchdjwcxd0b6JREFCF-s6ePRaohS-gsX9U_Ec_xDNrhavMo2OqhEn_0BKZwSntq_pwzr5m2DDbRIVEnG5JGjnhGSQ7R5k3jjPPXjqIyBzlnx0i4ctbZfcBz5tNBEhzFm1RDH3NyQOIyv6x1__s5lXn6mL9DkYWK_TGO0V400vAsPpSjLlcMSPqcRdTuVn4v58D0VsN6u5-rEbvUKDVV-6ol4cl0bc7JW4fGZbvTl5nEFJOz-KM7M4vzP57ODW-imY-xXcZJQSICA9IfQqXMt1oNp-EaPff-4ohNZLzPqs9W1t0BE_DHDKzvEjAAEgXybY6_4geVpWsO3Tb47_7Ghr9I7ANm6kpIYN-Mr_95o-d_4G7pEzJmFuexCKkdQ6oRSIvCjs97-sy5bwdy0uSVpBn5STkW04zIxf7ne6-KcCgHA7YeGPJ1IebeOM8P1OU4d-IB91zQqoGNA-VOHhzDNk9vBY5sBtn-LkJYuBt7nH2qb0Ht9MQKte7_Y-W9h3qKc6qK_1ox8MkWdKWvOFfs8MX25zPQ0Zt9THwiDU-bBpnY6p9z8onVopHz1FRn4Jl7ephIl2mMNZXFFkFkMfKLwT06YDrSYq6QkhKjHerPbsOCc4c1eQkdGkkcn7R3durTSUyLZcpkXdeXcuR4cSOmTd21bTGl8coyWdpKdJ5_KFWzaiuVTab7BOnXDunE6lyb-9mGMEq79KLiGnmf7BIudCBczKGC26YUkOblqgcCczeLFR_zxxmzcCRnrDJfeSlGi8JuRtrmzVxOiTWJAb929lC3PQBXECOOpBT0MeK0Dos8K-kUK4aQEyoygfSguaPeWKgUpn1r_WQlXAJHhTh0HP6_5t6w8C78z8M7OvEJ1cb8iguxLxe6QZUjXd6htRIMv2GU9kyURxd9lF6NXCAV4t-TsupcnEojeApP8O4KEcAa7antf8uvGk3R6327v7LymQ9Jp_tylSXZaS0qinz7S_ThSz1w5K4Tt0WB&sai=AMfl-YS4OkmnK6x2pdmF1QfWKrZVPpGIgLtjVF6pDHaQJX2mKwRN_q50dpmc8wnV9b9qY-AXTqDxG6x9s1_NyRPHPvUULzdXOP66OZovUskK-ux_Tl3hg8S_xo6HgEY97khSvfaOEMvre6NLi3aLWk_4Mra_rUAK3SyMmRK-akEP8AFZNHGyI_nuHtYZJftLphlmSV67120aB_7pKK0eMZ4PwF0ltaHFNXgmUXLszrZvHy7iPoxlNW_LI1TYVAF_uYHm0_TkKY28BaTxhM3F-M6yM-YDJXVrPne1FLT7wNG-PhftanbA0-VXZVwKPw46p6LR4NZ0KPvWkZXse8LoEnwMAKSFaAg2snCWjUzi0y5NeP4UcH97Ya3CNBnjQxcmd-VBRY0Oxe9ALaq-3AiAU319kKrD66iEBh986HGwtmgW&sig=Cg0ArKJSzCZz3SMotWjyEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9zdGVhbXBvd2VyZWQuY29t&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=78&vt=11&dtpt=77&dett=2&cstd=0&cisv=r20231207.63176&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 7BC2 38 KB
13 KB 20ms
20ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 208390
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 26 Dec 2023 09:45:18 GMT
expires: Wed, 25 Dec 2024 09:45:18 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame D29B 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 862f63eefaa5192d593ad417be71f701e7a11391e657f27d7da9bdae8251186f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 60B5 6 KB
3 KB 20ms
20ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://lollty.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 19:38:27 GMT
expires: Fri, 27 Dec 2024 19:38:27 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sda.css
live.demand.supply/css/ 4 KB
2 KB 119ms
119ms Stylesheet
text/css 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/css/sda.css

Requested by

Host: client
URL: about:client

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

649af545f5efd2a265363ceeb7fdf9dc6dc8c85dfba4d7d3a538930c3d181b39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-nf-request-id: 01HGBT2QSHKRTSSRN72B94ZTRT
date: Thu, 28 Dec 2023 19:38:28 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
server: cloudflare
age: 2476888
etag: W/"505b1404b8e3597f62714f70edb3d993-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: max-age=2592000,immutable,stale-if-error=604800
cf-ray: 83cc438798c19055-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame E636 0
0 66ms
66ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CTigWs86NZbzjMezW9u8PmqiY2A-xlez1dNiaqIySEbDMgfKcOBABIJWbyiFglYKAgJQHoAHG74KCA8gBCakCS0lmBwvuej7gAgCoAwHIAwqqBKYCT9CYF-gPZnkIuj-OFgiS1G7SeuFz34Wblomh998vdXGx1lAScJudqSF7hy59vHVuSDEdyyjSxGMMKz85eF9IGkhC3xLR3QVZFEdaV2alOggPjtNTm9BaTH92xCAbCt3TwYwnz64JF9KBNs2VGjgIV8-lmrmVaTnsO28lAVbh6a68Sl8oFGYaWfmx1OvEzsWsYKBzMhy_iIsK9rMwLKrJsHQ64zmIXzlE973ZgFvXqIoR-5SR2NKTbKPnDucwtO9j09WE43dqSMgQ_5jjwp0U5X8XWIjUVQlCVgeg9lOsyw6BRPi0Xgl_EPMvPIRJxuhnJBeEWLzAhwaHdbVPikBZ_T9bZh2N5zH2RleY3j4dCYLZenCEKSgkD0mLIjtPauxrbmLyyZ_ywASN-u3aoQTgBAGIBfjdorhKkgUECAQYAZIFBAgFGASgBi6AB6KQ_X2oB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBRDXp4sB0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOliK15v68LKDA5oJfGh0dHBzOi8vd3d3LnF1aW55eC5jb20vZGUvZ2FydG5lci13b3JrZm9yY2UtbWFuYWdlbWVudD91dG1fY2FtcGFpZ249R2xvYmFsLTIwMjItUTMtR2FydG5lciZ1dG1fc291cmNlPXBwYyZ1dG1fbWVkaXVtPWRpc3BsYXmACgPICwGiDCAqHgoc5LSxAu61sQK1uLECrLqxAuS0sQLutbECu7uxAuINEwi4_Jv68LKDAxVsq_0HHRoUBvu4E-QD2BMNiBQD0BUBgBcBshceChwIABIUcHViLTc1MDc0MzkyMzM4NjU0MTUY_fkT&sigh=39uzoFy1m9c&uach_m=%5B%5D&ase=2&nis=5&cid=CAQSOwAvHhf_apgeV2sr3RQ6YUILiwnl6K-n4LEWZardik4pW4sx7PtsS7qhhNd9axt2Q1HTvGDjeI092IFBGAE&template_id=484&cbvp=2
Requested by: Host: lollty.pro
URL: https://lollty.pro/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 1345
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOpkRiZrhHv4k9a_sbt8ruI&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOpkRiZrhHv4k9a_sbt8ruI&google_cver=1&C=1

43 B
737 B

83ms
83ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOpkRiZrhHv4k9a_sbt8ruI&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN8DEJ7K15oEGPDf_4ACMAE&v=APEucNV-PF111fUaz8K7T28FuDSvS7SIw3FNSN0NNizg4eXuCkdnMNZOTjOL1taqy68swatD5QK16QcqJxSweyrKQUu-nqabUqwdypNNBh9Mm3YVykvAG_sL6aYu8u9566uZeoBoaUhw58sKznuMLLoMr23-MApNV4urj3_NBbN-G9so4yn-qnNzX1nhv0jktYYKu_1HV16L
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=veNXNG0%2B%2FQ3VLgdvTN9TNHwLiTnHpRQ7lzYBcHtSld%2FZ2AENPg139xsA2WLKk3Xt330MnKCVK7L1%2BW0cCTYJ%2BEoMY2Tmt5bCoq3sdevxMIsxswszkRA%2FHYcBUeisUugDMa0i9swNTpv05A%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 83cc43887f3958f6-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IqsgZofW7f%2FRLx12vA%2B4iGfRpQ%2Bk%2FkpnUSOcOgBFUNkZcXsyYyRodu%2B4un%2BT8rHJotMCwffxJuzVhMiMcceMjlh5YOzrokH36zxcQ%2BDSGzu49bnTPqA8DjmBDOUWhzIiNigRXCESr5M0eg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEOpkRiZrhHv4k9a_sbt8ruI&google_cver=1&C=1
cache-control: no-cache
cf-ray: 83cc43882d6b4480-TXL
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 1345
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZY3OtNcZkaFnOkKFb0m3zgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOpkRiZrhHv4k9a_sbt8ruI&google_cver=1

43 B
731 B

53ms
53ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOpkRiZrhHv4k9a_sbt8ruI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN8DEJ7K15oEGPDf_4ACMAE&v=APEucNV-PF111fUaz8K7T28FuDSvS7SIw3FNSN0NNizg4eXuCkdnMNZOTjOL1taqy68swatD5QK16QcqJxSweyrKQUu-nqabUqwdypNNBh9Mm3YVykvAG_sL6aYu8u9566uZeoBoaUhw58sKznuMLLoMr23-MApNV4urj3_NBbN-G9so4yn-qnNzX1nhv0jktYYKu_1HV16L
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Aotzo1kV4jSQybh7i2r%2BBKpoYh5v44ZJ%2Fz6kErspXx8xj2s0mVeEtEAZgCHaxOWFDdGfghZI6qxMsizv6he4GQNF5A71xX3WZ3g17ShGWHR1wzbJC8HJ%2BeZaFLleiXnw2Vvud75rnny5PQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 83cc438959c058f6-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOpkRiZrhHv4k9a_sbt8ruI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 1345
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESELEXlhYfg3dU-5iI-LnE3cc&google_cver=1

43 B
839 B

29ms
29ms

Image
image/gif

37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESELEXlhYfg3dU-5iI-LnE3cc&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN8DEJ7K15oEGPDf_4ACMAE&v=APEucNV-PF111fUaz8K7T28FuDSvS7SIw3FNSN0NNizg4eXuCkdnMNZOTjOL1taqy68swatD5QK16QcqJxSweyrKQUu-nqabUqwdypNNBh9Mm3YVykvAG_sL6aYu8u9566uZeoBoaUhw58sKznuMLLoMr23-MApNV4urj3_NBbN-G9so4yn-qnNzX1nhv0jktYYKu_1HV16L

Protocol

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
an-x-request-uuid: 0b367c3d-db8c-4a4a-b9fb-762643f5fa08
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.218.25; 217.114.218.25; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESELEXlhYfg3dU-5iI-LnE3cc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 1345
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDgzNjUzMTg4MTQ0MDM0MzEwNA%3D%3D

170 B
243 B

29ms
29ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDgzNjUzMTg4MTQ0MDM0MzEwNA%3D%3D

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
an-x-request-uuid: e701aa64-307d-4056-a232-35a245ca13b0
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDgzNjUzMTg4MTQ0MDM0MzEwNA%3D%3D
x-proxy-origin: 217.114.218.25; 217.114.218.25; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 container.html Show response
3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 664C 6 KB
3 KB 20ms
20ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://lollty.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 19:38:27 GMT
expires: Fri, 27 Dec 2024 19:38:27 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

HEAD
H3 200 e.js Show response
live.demand.supply/e/ 0
478 B 29ms
29ms XHR
application/javascript 2606:4700::6810:8516
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://live.demand.supply/e/e.js?gl=1.15&b=2&r=lollty.pro_auto_interstitial_desktop&sy=bcca2b83-7abe-4fff-ba29-317d94b92357&ts=83&cd=2&mlbr=ch&mlos=wi&mlla=en&mlco=us&mldo=lollty.pro&mlre=3upload.com&mlin=1&mlsi=undefinedxundefined&mlbw=4g&mlcs=NaN&mltp=393f7ba6-e3cb-4fd8-b079-c2f43ae10ac6&e=lm&dsReferer=bG9sbHR5LnByby8=

Requested by

Host: live.demand.supply
URL: https://live.demand.supply/impl.v17.25.3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:8516 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-nf-request-id: 01HGAVP3F4929PJKMKJF614G1K
date: Thu, 28 Dec 2023 19:38:28 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 1611839
cf-polished: origSize=2
alt-svc: h3=":443"; ma=86400
content-length: 1
cf-bgj: minify
server: cloudflare
etag: "a49e9f0a501edbf396bf43092ec1efa3-ssl"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: s-maxage=2592000,stale-if-error=604800
accept-ranges: bytes
cf-ray: 83cc4387f8e83637-FRA

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 1505 0
104 B 243ms
113ms Image
text/plain 2a02:fa8:8806:21::1690
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEBsjekfAZLA6OQqKG4hw6bg&google_cver=1&google_push=AXcoOmRCnOg7UGq_iN34_HGXy0bNOD90HmumQ4n2jl9vqLyADFF2kXmlRSS3QjG24DxFsFTbQrfP2CE0ywd9saa6BMY-2pwm3w
Requested by: Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:21::1690 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 1505
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEIqwHog8NfKCNqIM0yXMl8E&google_cver=1&google_push=AXcoOmTbvUBZYjfTB6imoidB2C1k4AEfMn6WCXbCdDGyfnWNI44hOOETRUqtQwRtmFQ1yISwK1NYu7BAPU9Zuxow-pd0SCxdvQ&re...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEIqwHog8NfKCNqIM0yXMl8E&google_cver=1&google_push=AXcoOmTbvUBZYjfTB6imoidB2C1k4AEfMn6WCXbCdDGyfnWNI44hOOETRUqtQwRtmFQ1yISwK1NYu7BAPU9Zuxow-pd0SCxdvQ&...

43 B
420 B

194ms
186ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEIqwHog8NfKCNqIM0yXMl8E&google_cver=1&google_push=AXcoOmTbvUBZYjfTB6imoidB2C1k4AEfMn6WCXbCdDGyfnWNI44hOOETRUqtQwRtmFQ1yISwK1NYu7BAPU9Zuxow-pd0SCxdvQ&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmTbvUBZYjfTB6imoidB2C1k4AEfMn6WCXbCdDGyfnWNI44hOOETRUqtQwRtmFQ1yISwK1NYu7BAPU9Zuxow-pd0SCxdvQ%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 83cc43898d3d30e2-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 528
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEIqwHog8NfKCNqIM0yXMl8E&google_cver=1&google_push=AXcoOmTbvUBZYjfTB6imoidB2C1k4AEfMn6WCXbCdDGyfnWNI44hOOETRUqtQwRtmFQ1yISwK1NYu7BAPU9Zuxow-pd0SCxdvQ&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmTbvUBZYjfTB6imoidB2C1k4AEfMn6WCXbCdDGyfnWNI44hOOETRUqtQwRtmFQ1yISwK1NYu7BAPU9Zuxow-pd0SCxdvQ%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 83cc43884bbb30e2-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1505
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEG23BSTsZbP6xzkwDr50cvE&google_cver=1&google_push=AXcoOmSASGqDmtUjEsS-viE1dCFA8fsV_Y-f-y82KoVbaMSdsG2MnqQ-O64VngqMyMgIpGQNGXExgtJtQAHApQOcD-w7-4mfmw8
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=26154EFCA1B94EF397A78AC978118445&google_push=AXcoOmSASGqDmtUjEsS-viE1dCFA8fsV_Y-f-y82KoVbaMSdsG2MnqQ-O64VngqMyMgIpGQNGXExgtJtQAHApQO...

170 B
188 B

33ms
31ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=26154EFCA1B94EF397A78AC978118445&google_push=AXcoOmSASGqDmtUjEsS-viE1dCFA8fsV_Y-f-y82KoVbaMSdsG2MnqQ-O64VngqMyMgIpGQNGXExgtJtQAHApQOcD-w7-4mfmw8

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 28 Dec 2023 19:38:28 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=26154EFCA1B94EF397A78AC978118445&google_push=AXcoOmSASGqDmtUjEsS-viE1dCFA8fsV_Y-f-y82KoVbaMSdsG2MnqQ-O64VngqMyMgIpGQNGXExgtJtQAHApQOcD-w7-4mfmw8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 27 Dec 2023 19:38:28 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1505
Redirect Chain

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEJo52nw6NB23pAu3tdcnElo&google_cver=1&google_push=AXcoOmSztY84mDP36_9DvLrQ7h4WDkuhnb-Gob_s9kx1D70e_R24HmEq1cXyT7k2Jt6286DKREtxvA_gu0p8R...
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEJo52nw6NB23pAu3tdcnElo&google_push=AXcoOmSztY84mDP36_9DvLrQ7h4WDkuhnb-Gob_s9kx1D70e_R24HmEq1cXyT7k2Jt6286DKREtxvA_gu0p8R...
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmSztY84mDP36_9DvLrQ7h4WDkuhnb-Gob_s9kx1D70e_R24HmEq1cXyT7k2Jt6286DKREtxvA_gu0p8RViy2nMdSoF1tQ&google_hm=UjdPNEFxUV9UcjJBQkRYY0...

170 B
188 B

32ms
31ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmSztY84mDP36_9DvLrQ7h4WDkuhnb-Gob_s9kx1D70e_R24HmEq1cXyT7k2Jt6286DKREtxvA_gu0p8RViy2nMdSoF1tQ&google_hm=UjdPNEFxUV9UcjJBQkRYY0RLWmM=

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 28 Dec 2023 19:38:29 GMT
Content-Type: text/html; charset=utf-8
Location: https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmSztY84mDP36_9DvLrQ7h4WDkuhnb-Gob_s9kx1D70e_R24HmEq1cXyT7k2Jt6286DKREtxvA_gu0p8RViy2nMdSoF1tQ&google_hm=UjdPNEFxUV9UcjJBQkRYY0RLWmM=
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 234
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 1505 0
166 B 148ms
39ms Image
text/html 198.47.127.19
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEOujxjV1OrKwbWXXqbIr2wI&google_cver=1&google_push=AXcoOmQaFnxTcjK5JMztGH0wZ9iY_QLGRWsOyzg9-YeQAleufHXgWPeR3QwJntMMKsDg8sxfuiLPW4lW8jWfXiRRSrpqrFHAWFE
Requested by: Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Thu, 28 Dec 2023 19:38:28 GMT
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 1505
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEJuzF8RAsXTcOZfBZoh1HFE&google_cver=1&google_push=AXcoOmSl5HK0-pXjHTmuIHjWUe37R5wBMEWZW_Beozk4M76HkyLyaapF2kAQaJaXTjt9B1_lT5oseOLy5hgo...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSl5HK0-pXjHTmuIHjWUe37R5wBMEWZW_Beozk4M76HkyLyaapF2kAQaJaXTjt9B1_lT5oseOLy5hgovwlGcYYbaVc4EXY

170 B
232 B

31ms
31ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSl5HK0-pXjHTmuIHjWUe37R5wBMEWZW_Beozk4M76HkyLyaapF2kAQaJaXTjt9B1_lT5oseOLy5hgovwlGcYYbaVc4EXY

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSl5HK0-pXjHTmuIHjWUe37R5wBMEWZW_Beozk4M76HkyLyaapF2kAQaJaXTjt9B1_lT5oseOLy5hgovwlGcYYbaVc4EXY
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1505
Redirect Chain

https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEKfpi83d7CJkDi2sthu5VRY&google_cver=1&google_push=AXcoOmSUOjIf_Y2Se9iTO1l4wVn9zezgfw05HpfaRq7CSq_adcPE-UjMb_UkyqW3dFm...
https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmSUOjIf_Y2Se9iTO1l4wVn9zezgfw05HpfaRq7CSq_adcPE-UjMb_UkyqW3dFmEbPEgRc3KQHYlaEdrjsYOiGZx3IoCDr1r

170 B
188 B

31ms
31ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmSUOjIf_Y2Se9iTO1l4wVn9zezgfw05HpfaRq7CSq_adcPE-UjMb_UkyqW3dFmEbPEgRc3KQHYlaEdrjsYOiGZx3IoCDr1r

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-akamai-request-id: 1ce8c1b8
date: Thu, 28 Dec 2023 19:38:28 GMT
x-bytefaas-request-id: 202312281938280DD24D6E0EE08C9552C9
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2312281938280DD24D6E0EE08C9552C9-4DDA32662438020A-00
x-cache: TCP_MISS from a195-138-255-5.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing: inner; dur=5, cdn-cache; desc=MISS, edge; dur=0, origin; dur=96
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202312281938280DD24D6E0EE08C9552C9
access-control-max-age: 86400
access-control-allow-methods: *
location: https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmSUOjIf_Y2Se9iTO1l4wVn9zezgfw05HpfaRq7CSq_adcPE-UjMb_UkyqW3dFmEbPEgRc3KQHYlaEdrjsYOiGZx3IoCDr1r
x-bytefaas-execution-duration: 4.37
access-control-allow-origin: *
access-control-allow-credentials: true
x-gw-dst-psm: ad.union.pangle_web_traffic
x-tt-trace-host: 01830b7dd967e2b758146f097fc5634684da436b5b2f0997050d8a8079aafed6beb955de3214874865a369f32112994258be0edbaa4611ba5469314f547073cf3c5fa748a1fd43894bbd6603750c7c85d95332032cb29fa8b3e1e9656c37a8c582
x-origin-response-time: 96,195.138.255.5
cache-control: max-age=0, no-cache, no-store
access-control-allow-headers: *
expires: Thu, 28 Dec 2023 19:38:28 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 1505 0
50 B 28ms
28ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KxnWD5yaBg7bbhsFoaN6lWtVUS_oNE1xKUJ9I4D-PPrlL9vQhegVTs_VI3DtdNeXIxlmKY8Q

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame D3BC 624 B
242 B 62ms
62ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYjIzo4gEwAQ&v=APEucNWcaKUP4H1cvi3hb2ouP-u3fgAf1FOSPB70DEHDT1T4xje_kBFGzkuG24ZWuigu5HgTYYYBcBxXSdWu3bGd5tWqjgfC7Py9AzRffhHVfMVUzkMQ8umT5Yg2EJh_Mtqa8QuqkzXkc4oSrDP_tSGA9e9RNJ0CpOaLTuWfMVj9cicFQQizKiWC3_e4THiYYFAxoOKQ6_Jr

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 19:38:28 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame E2BA 172 KB
60 KB 69ms
22ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
Origin: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 23:49:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71364
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 28 Dec 2023 23:49:04 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame E2BA 7 KB
3 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 02:43:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 60902
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 11 Jan 2024 02:43:26 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame E2BA 23 KB
9 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 20:43:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82528
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9269
x-xss-protection: 0
server: cafe
etag: 11706523405290302210
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Jan 2024 20:43:00 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame E2BA 41 KB
14 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 22 Dec 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 524000
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 21 Dec 2024 18:05:08 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame E2BA 3 KB
1 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 15:59:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13119
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 11 Jan 2024 15:59:49 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 306A 1 KB
643 B 23ms
23ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 37498
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 09:13:30 GMT
etag: 48472445140208031
expires: Fri, 29 Dec 2023 09:13:30 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame E2BA 20 KB
8 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63849
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 11 Jan 2024 01:54:19 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame E2BA 0
0 29ms
28ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQSFmaJ9gicMIE_hsmtLxBN9nQg6nfkWBmd1jcgoHLYp0n8vzgv74j0tYeXnZJVofacxtc3hkHMxr1hphdAUgXieOcn2Q
Requested by: Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame E2BA 203 KB
64 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Dec 2023 19:38:28 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame E2BA 42 B
63 B 59ms
59ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BcZjT7mYHf5W81vMqR5U7a3CLtfvSPySbiTwPyqd42mB0cHIy34kNw6CAFk3q5X3XERpuXLIHP_fEMm0TG1Ris6Bbn2Pl17E2ZmmN8iW4VqVWfaQY

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css2
fonts.googleapis.com/ Frame 664C 4 KB
671 B 31ms
31ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 28 Dec 2023 19:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 28 Dec 2023 18:28:41 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 28 Dec 2023 19:38:28 GMT

GET
H2 200 e21910fd923a6283b5d44b2382eabc86.js Show response
www.gstatic.com/mysidia/ Frame E506 9 KB
4 KB 71ms
23ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e21910fd923a6283b5d44b2382eabc86.js?tag=client_fast_engine_2019

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

27d5ba2175dc395614adb2c69fe9f4bff9abddef3a7c6e3e30a68587f428a37b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 02:12:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 235562
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4064
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 25 Mar 2024 02:12:26 GMT

GET
H2 200 43280567f396343d5424196559bfbf8c.js Show response
www.gstatic.com/mysidia/ Frame E506 146 KB
54 KB 90ms
42ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/43280567f396343d5424196559bfbf8c.js?tag=video_mra/web_interstitial_raspberry_ms

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

be779b0e322b81f76bc00f275690c7a6b7f3cb407bdf383874080af920808c5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Sun, 24 Dec 2023 12:40:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 370707
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54724
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sat, 23 Mar 2024 12:40:01 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame E506 21 KB
1 KB 32ms
32ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500%2C600

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

76740b2a7b0a35eed6ceb509cefd8ddd6955bd5c656b0581f2dcdb48040ced8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 28 Dec 2023 19:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 28 Dec 2023 19:21:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 28 Dec 2023 19:38:28 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame E506 2 KB
822 B 24ms
23ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63849
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 11 Jan 2024 01:54:19 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame E506 23 KB
9 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 23:00:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74291
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9269
x-xss-protection: 0
server: cafe
etag: 11706523405290302210
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Jan 2024 23:00:17 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame E506 3 KB
1 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 15:59:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13119
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 11 Jan 2024 15:59:49 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame E506 20 KB
8 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 01:54:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63849
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8571
x-xss-protection: 0
server: cafe
etag: 5853369240893788875
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 11 Jan 2024 01:54:19 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame E506 0
0 31ms
31ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTfKX86wXDIzw3miGAzbprmPBwaj5NLOB5Rfv6u7mmjBrys7v2z2dEzJy12wblMVpWPeKNnE7NOogRNDJqGrCaFq8uwvw
Requested by: Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame E506 203 KB
64 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65731
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702472459035717"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Dec 2023 19:38:28 GMT

GET
H2 200 f9d9b65dbd646119ce96bad0f484d579.js Show response
www.gstatic.com/mysidia/ Frame E506 37 KB
15 KB 70ms
24ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f9d9b65dbd646119ce96bad0f484d579.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 09:13:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 123895
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15460
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 26 Mar 2024 09:13:33 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame 664C 22 KB
9 KB 27ms
25ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

db2bdaad0dc9232fadb3de900bf039a0f356521698f213df1edf601e02a5870d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 10:17:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33644
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9210
x-xss-protection: 0
server: cafe
etag: 13914886398874665762
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 11 Jan 2024 10:17:44 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 664C 205 B
519 B 66ms
24ms Image
image/png 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 05:09:21 GMT
x-content-type-options: nosniff
age: 52147
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 27 Dec 2024 05:09:21 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 664C 604 B
695 B 84ms
42ms Image
image/png 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 01:15:38 GMT
x-content-type-options: nosniff
age: 66170
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 27 Dec 2024 01:15:38 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 7BC2 39 KB
15 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 15:59:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13118
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 27 Dec 2024 15:59:50 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95abaca5a5f710cf478b0360960174ac2153a14f8e875794d2dda4df164263ae

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=UTF-8

GET
DATA 200
OK truncated
/ Frame E2BA 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 77181483b66a0a48ff355f2e23f9abae7942613b1f010ae9c07c35f282e0d128

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 306A
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmTCMm...
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-ZucVwsQIfR36GYi6YCWWrNVCbJidRjDUynPdPg&google_push=AXcoOmTCMm5f-GSGS5M23tu6MPUDwvF1uo5HUt1FfO8aD05gGTokr6m4AtnlsTMvayrMTGMRYF6Y0O09l22F...

170 B
188 B

31ms
30ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-ZucVwsQIfR36GYi6YCWWrNVCbJidRjDUynPdPg&google_push=AXcoOmTCMm5f-GSGS5M23tu6MPUDwvF1uo5HUt1FfO8aD05gGTokr6m4AtnlsTMvayrMTGMRYF6Y0O09l22FGxEig57wXGM5_LEn

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-ZucVwsQIfR36GYi6YCWWrNVCbJidRjDUynPdPg&google_push=AXcoOmTCMm5f-GSGS5M23tu6MPUDwvF1uo5HUt1FfO8aD05gGTokr6m4AtnlsTMvayrMTGMRYF6Y0O09l22FGxEig57wXGM5_LEn
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 860142
content-length: 0
expires: Thu, 28 Dec 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 306A
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPAFg9EvSf0fdApvdsqMS4I&google_cver=1&google_push=AXcoOmT2rwTNyJnQClvv8Yce_RcgGW6gERU8lt1RKplleFRB4vbpH40hysWtkk5RIIJqJCl6Bsm...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFFQTFk3NUgtSS02RVlB&google_push=AXcoOmT2rwTNyJnQClvv8Yce_RcgGW6gERU8lt1RKplleFRB4vbpH40hysWtkk5RIIJqJCl6BsmtcpCM2odydpCH17Tv9wTyfrCR

170 B
188 B

32ms
32ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFFQTFk3NUgtSS02RVlB&google_push=AXcoOmT2rwTNyJnQClvv8Yce_RcgGW6gERU8lt1RKplleFRB4vbpH40hysWtkk5RIIJqJCl6BsmtcpCM2odydpCH17Tv9wTyfrCR

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFFQTFk3NUgtSS02RVlB&google_push=AXcoOmT2rwTNyJnQClvv8Yce_RcgGW6gERU8lt1RKplleFRB4vbpH40hysWtkk5RIIJqJCl6BsmtcpCM2odydpCH17Tv9wTyfrCR
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: f2725c115d816cae2dce6044d9cf3fcf
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 306A
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEJ...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AXcoOmQZjQ0XGKxcEVmc__bCaP0PNyvv5QOnmNzykvCw-kPA8WNT7xvJKnk9XDqCILWU1bRR_fcj6PxcTTZF1LSOQ4oHcRl-k3KD&redir=https%3A%2F%2Fcm.g.doubl...
https://sync.targeting.unrulymedia.com/csync/RX-1b45fade-4e0f-44f5-88d6-d9b072be8780-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAXcoOmQZjQ0XGKxcEVmc__bCa...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmQZjQ0XGKxcEVmc__bCaP0PNyvv5QOnmNzykvCw-kPA8WNT7xvJKnk9XDqCILWU1bRR_fcj6PxcTTZF1LSOQ4oHcRl-k3KD&google_hm=AxtF-t5OD0T1iNbZsHK-h4A

170 B
188 B

32ms
32ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmQZjQ0XGKxcEVmc__bCaP0PNyvv5QOnmNzykvCw-kPA8WNT7xvJKnk9XDqCILWU1bRR_fcj6PxcTTZF1LSOQ4oHcRl-k3KD&google_hm=AxtF-t5OD0T1iNbZsHK-h4A

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmQZjQ0XGKxcEVmc__bCaP0PNyvv5QOnmNzykvCw-kPA8WNT7xvJKnk9XDqCILWU1bRR_fcj6PxcTTZF1LSOQ4oHcRl-k3KD&google_hm=AxtF-t5OD0T1iNbZsHK-h4A
date: Thu, 28 Dec 2023 19:38:29 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX1b45fade4e0f44f588d6d9b072be8780003
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 306A
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEFhltcYWVhVKqCj68_ueUZc&google_cver=1&google_push=AXcoOmQ639aCpjMSDZZ9rhVmg6wiq8cVUjhmSXD9DTm4JnqoDzajftPdEmU9dJenUR9YBv7LL7xGzY-c6QsiP1-qKqNpP5keeWc
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AXcoOmQ639aCpjMSDZZ9rhVmg6wiq8cVUjhmSXD9DTm4JnqoDzajftPdEmU9dJenUR9YBv7LL7xGzY-c6QsiP1-qKqNpP5keeWc...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTY2Njg2OTQ2ODE1Mjc3MDkyNTg5NA%3D%3D&google_push=AXcoOmQ639aCpjMSDZZ9rhVmg6wiq8cVUjhmSXD9DTm4JnqoDzajftPd...

170 B
188 B

32ms
31ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTY2Njg2OTQ2ODE1Mjc3MDkyNTg5NA%3D%3D&google_push=AXcoOmQ639aCpjMSDZZ9rhVmg6wiq8cVUjhmSXD9DTm4JnqoDzajftPdEmU9dJenUR9YBv7LL7xGzY-c6QsiP1-qKqNpP5keeWc

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTY2Njg2OTQ2ODE1Mjc3MDkyNTg5NA%3D%3D&google_push=AXcoOmQ639aCpjMSDZZ9rhVmg6wiq8cVUjhmSXD9DTm4JnqoDzajftPdEmU9dJenUR9YBv7LL7xGzY-c6QsiP1-qKqNpP5keeWc
date: Thu, 28 Dec 2023 19:38:28 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 306A
Redirect Chain

https://cs.media.net/cksync?type=g&google_gid=CAESEJXfEJvS9H3bwEfxKiadbQc&google_cver=1&google_push=AXcoOmQZOiIZpa1ljUIwufsyueHo6DLXG8KS3R2ZcqPo8P-JZRhf31SO-pg04fsI3jFQs_vnLgqCEIN0t3QwatK6r5JPkG7fpZOC
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzQ2NzkzOTA4ODI4MDk1NDAwMFYxMA%3d%3d&mn_hm=MzQ2NzkzOTA4ODI4MDk1NDAwMFYxMA%3d%3d&google_sc=1&google_push=AXcoOmQZOiIZpa1ljUIwufsyueHo6DL...

170 B
188 B

30ms
30ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzQ2NzkzOTA4ODI4MDk1NDAwMFYxMA%3d%3d&mn_hm=MzQ2NzkzOTA4ODI4MDk1NDAwMFYxMA%3d%3d&google_sc=1&google_push=AXcoOmQZOiIZpa1ljUIwufsyueHo6DLXG8KS3R2ZcqPo8P-JZRhf31SO-pg04fsI3jFQs_vnLgqCEIN0t3QwatK6r5JPkG7fpZOC&gdpr=&gdpr_consent=

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 28 Dec 2023 19:38:28 GMT
Server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location: https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MzQ2NzkzOTA4ODI4MDk1NDAwMFYxMA%3d%3d&mn_hm=MzQ2NzkzOTA4ODI4MDk1NDAwMFYxMA%3d%3d&google_sc=1&google_push=AXcoOmQZOiIZpa1ljUIwufsyueHo6DLXG8KS3R2ZcqPo8P-JZRhf31SO-pg04fsI3jFQs_vnLgqCEIN0t3QwatK6r5JPkG7fpZOC&gdpr=&gdpr_consent=
Content-Type: text/html
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 154
x-mnet-hl2: E
Expires: Thu, 28 Dec 2023 19:38:28 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 306A
Redirect Chain

https://gtrace.mediago.io/ju/cs/google?google_gid=CAESEFB8ob5J4beWXRc_z5Gidko&google_cver=1&google_push=AXcoOmTKlknk5_jC_bIjAc5vTDTqPi1jZasmSdaFD1u7Im5ncd4lU0fThsENfGn-ijynI41oKlnmbnD7AKKmFuiuNuJd3...
https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmTKlknk5_jC_bIjAc5vTDTqPi1jZasmSdaFD1u7Im5ncd4lU0fThsENfGn-ijynI41oKlnmbnD7AKKmFuiuNuJd3oN4heLfzw&google_hm=f5ef61ca0828...

170 B
188 B

34ms
33ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmTKlknk5_jC_bIjAc5vTDTqPi1jZasmSdaFD1u7Im5ncd4lU0fThsENfGn-ijynI41oKlnmbnD7AKKmFuiuNuJd3oN4heLfzw&google_hm=f5ef61ca0828465f2kpsqf00lqply75y

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 28 Dec 2023 19:38:28 GMT
via: 1.1 google
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8
location: https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmTKlknk5_jC_bIjAc5vTDTqPi1jZasmSdaFD1u7Im5ncd4lU0fThsENfGn-ijynI41oKlnmbnD7AKKmFuiuNuJd3oN4heLfzw&google_hm=f5ef61ca0828465f2kpsqf00lqply75y
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 306A
Redirect Chain

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEC_tOnnu7Qmiq6CIb5rFHJQ&google_cver=1&google_push=AXcoOmQ00Vaji8hnL...
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NDgzNjUzMTg4MTQ0MDM0MzEwNA%3D%3D&google_gid=CAESEC_tOnnu7Qmiq6CIb5rFHJQ&google_cver=1&google_push=AXcoOmQ00Vaji8hnLvmyvH4EdWup5jtvuw...

170 B
188 B

30ms
30ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NDgzNjUzMTg4MTQ0MDM0MzEwNA%3D%3D&google_gid=CAESEC_tOnnu7Qmiq6CIb5rFHJQ&google_cver=1&google_push=AXcoOmQ00Vaji8hnLvmyvH4EdWup5jtvuwP3IzBOFdsMhb4EVmKQecePMagYBsWyKW8cITRyVTiWLb1ISkqatafLpqwtoFdFSl9V

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
an-x-request-uuid: 65aee54f-4033-4958-9f7b-d582a48ae845
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NDgzNjUzMTg4MTQ0MDM0MzEwNA%3D%3D&google_gid=CAESEC_tOnnu7Qmiq6CIb5rFHJQ&google_cver=1&google_push=AXcoOmQ00Vaji8hnLvmyvH4EdWup5jtvuwP3IzBOFdsMhb4EVmKQecePMagYBsWyKW8cITRyVTiWLb1ISkqatafLpqwtoFdFSl9V
x-proxy-origin: 217.114.218.25; 217.114.218.25; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 306A 0
12 B 31ms
29ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JU6LBks_G9ZOYq5FSYn6aVDG1qLfzgHURaolxW3yMyJzVSoFi4xVguhSad8iM4Lwmk6Uq7qk8

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame DE73 38 KB
13 KB 23ms
21ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 208390
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 26 Dec 2023 09:45:18 GMT
expires: Wed, 25 Dec 2024 09:45:18 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame D3BC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOpkRiZrhHv4k9a_sbt8ruI&google_cver=1

43 B
735 B

101ms
100ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOpkRiZrhHv4k9a_sbt8ruI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYjIzo4gEwAQ&v=APEucNWcaKUP4H1cvi3hb2ouP-u3fgAf1FOSPB70DEHDT1T4xje_kBFGzkuG24ZWuigu5HgTYYYBcBxXSdWu3bGd5tWqjgfC7Py9AzRffhHVfMVUzkMQ8umT5Yg2EJh_Mtqa8QuqkzXkc4oSrDP_tSGA9e9RNJ0CpOaLTuWfMVj9cicFQQizKiWC3_e4THiYYFAxoOKQ6_Jr
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PQEJAjlDdMdION0xjLPdsxmIQMqLSw7hip%2FTjg3n3UlIyRYBDTy3ckLWnZCLCV5YpJu7M2ayaX2pmfbRMr24w9MIBT1hAKMjeEsml5vVx%2BhEHOgjn0hi5l%2BFKMaRRRl2U5ZwvpodMLcDmw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 83cc4388d85958f6-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOpkRiZrhHv4k9a_sbt8ruI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame D3BC
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZY3OtMJm.ox1ylHzkKSmQwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOpkRiZrhHv4k9a_sbt8ruI&google_cver=1&google_hm=2

43 B
735 B

65ms
65ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOpkRiZrhHv4k9a_sbt8ruI&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYjIzo4gEwAQ&v=APEucNWcaKUP4H1cvi3hb2ouP-u3fgAf1FOSPB70DEHDT1T4xje_kBFGzkuG24ZWuigu5HgTYYYBcBxXSdWu3bGd5tWqjgfC7Py9AzRffhHVfMVUzkMQ8umT5Yg2EJh_Mtqa8QuqkzXkc4oSrDP_tSGA9e9RNJ0CpOaLTuWfMVj9cicFQQizKiWC3_e4THiYYFAxoOKQ6_Jr
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MqxEOSdpwJyfZcKFr8%2FuYDA92otfR7hJugWRQRC74vH5aBCDE0NJPak8rdjgQCFFO17RGkXqSMKEcyKRbSRisAv83%2BEUOFIECXlLk5Ki11xnhJOwQCXBjlpk%2F3wYYH8HP6sdBBD8No8OnA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 83cc438959ba58f6-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOpkRiZrhHv4k9a_sbt8ruI&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame D3BC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESELEXlhYfg3dU-5iI-LnE3cc&google_cver=1

43 B
839 B

185ms
185ms

Image
image/gif

37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESELEXlhYfg3dU-5iI-LnE3cc&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYjIzo4gEwAQ&v=APEucNWcaKUP4H1cvi3hb2ouP-u3fgAf1FOSPB70DEHDT1T4xje_kBFGzkuG24ZWuigu5HgTYYYBcBxXSdWu3bGd5tWqjgfC7Py9AzRffhHVfMVUzkMQ8umT5Yg2EJh_Mtqa8QuqkzXkc4oSrDP_tSGA9e9RNJ0CpOaLTuWfMVj9cicFQQizKiWC3_e4THiYYFAxoOKQ6_Jr

Protocol

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
an-x-request-uuid: 766dbed6-a62d-45ab-9375-ba925a708c28
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.218.25; 217.114.218.25; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESELEXlhYfg3dU-5iI-LnE3cc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D3BC
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDgzNjUzMTg4MTQ0MDM0MzEwNA%3D%3D

170 B
188 B

32ms
31ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDgzNjUzMTg4MTQ0MDM0MzEwNA%3D%3D

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
an-x-request-uuid: 87426843-70b6-4e14-ae25-f057fa106365
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDgzNjUzMTg4MTQ0MDM0MzEwNA%3D%3D
x-proxy-origin: 217.114.218.25; 217.114.218.25; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/15415463092317913147/ Frame 8377 1 KB
768 B 28ms
28ms Document
text/html 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=ByrAIWnZ9X&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

51c012cf2461bf8b29f345373366183c7fd121579b6178e942be0b61d8c7da14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 739
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 19:38:28 GMT
expires: Fri, 27 Dec 2024 19:38:28 GMT
last-modified: Thu, 27 Apr 2023 13:50:29 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
ad.doubleclick.net/pcs/ Frame E2BA 0
0 66ms
66ms Fetch
image/gif 142.250.181.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsv0xn1AYxAGLQ3_LB2dPgjOd7-pIK2Y7vO4TakNb51qawH7Rk5rdCGkAS_gSAQcx-a2onjnzY534XNp4K7sJkC67YNXUDNc_Zk3dFkYaUfSKRrnbzRj_CMk2F041dE38N7IGc9R_k0Etzogjp_OZpc0rVz-jjlC35qpfZ6pSRrLUwuufsFM5nPtnmB7vrlcM9IZffmWwtV1VH2LEpKwEvfdOciuBxjia0nnEdZRqRM75tsD_iawJ7-rA3ygqBXjB7pZIKpt1ambrh1YpZjFyJtPfc9BfgLBf-gE4Z1dMgIYb2WjtWNNSQu4wEPwPMKlBMx59yRh4sghCPoat3p19wwVuGhBeJ7oy3bUW3FsYdGXA1Ap31Tly0A2tHxacf4V9SIZG9kbaIileiOwT41CQGv1padNYHxmCeySyW3tKT7x68n1C8l570rjZxfoD9_rpxOenyVstkZISv1EVgmicrdCq66UptCzBjsGclNU2kAUAKqeC304Y__pAhJm1kTOT3MrEFwGSuFQl_94bJz-5DKYuGQfVNuXuiUckAPxEqSF5bSOVddn3vjuj7Bl76NcFTz3jd2zCl7qAhoPJbicMgCmhGKeJcQZkE6oqkHBjl-ocqLUeTKN73QzcQGI7R804pC1pQxZEyE0prnRPxeTCjaUz5FtR2uNAP2TwMXEBQ4QPmDsfl_XLUHXxpzWZIILIfxGNZTArR8bfBvDYYO2CeOMZOHXEMnu7oQrKYmM4_oykKxEzbPdNA2yQw3oLK9NovYTAq_TO7_O1t9SMKED6MQz5Or2-qzubLT87wqH_tK682tR41zNGcssKRC78Ma91KIIk1BIbaZUCvE4daM7Cwv05tIDjtcvxOQzPHgPj-XqhH498VSPuENX34CbYijzeSLT24JJ4WV7gPIotxfHER7ejjiFQoUrmqYLQYDrxJBrCC55PP7qILOjB9BMds7b-V-Raq1dTanPllkfnSnCYJZ23LdBcLEco3YSAFz3FFei7XWuOfoWEZi28tE0zeXNyTJE8OSpUBhB3ZYf5Z2tSTB1iH09uUVDUvKH5i2kS43AGpnLyyBWipQA6gENwPnxdXKyMdqFDhYEPNQkVmhOc4x84-sVjHHxhD-C1ZaPseF0BJ3WD7gTxq8-TEIHj3vcoB_2_1ho-v5yfrOm7AQUpLv02ABTKXM5IfpgSJRzT69qGdVMMP0_u-09KFvZLK_mPGLIkjZKGjJHyvLf3kZMuoPMghrSF4kYhWTlsgvHzT4-fYPHRsJ5MqKB67tVpVThwP8YHSQmeG3taTYsh9058lwFnXsi34z3rx5yAU10x1QJYwFBxqtGH25nl20iJyTvB3T498XMU8p7CLMIURRrymikLXKN4hi_lM0IDN1o297jEJeK0yVoz_ej5ze89ExCCUnXos0yn3ar9unWP86xvSFRbN9RuxSTrcbDtCDypdo8p6a8Vw&sai=AMfl-YSLH8lSTsKooUj9el9FvEi9Vz82yPi--azA_f4TRvPllyjBQlojdiTBkhvAMj2Asg4pxfrBSq949lrZUIMTRxxcbea7KA6PJeQx-4e26178nBoKQBsgaAkzN7ePAOy4sjy3_eZG8stXfkv2wtOx7PHxJuKnCOsVV1Opm8tbRLCWuXHNlrJPm5lJmlpSDo_kcLOKOKt99YjwUptv5GHyccWz1_3kh1O7lN-gz8xovTFCHGl701LEuzLEgxTtKAFmcW8NLk7FS-PzRG3ZIno4NBZsDNgYEW5NoBWT2x1qbxqzRJfza_mqo4JmQ3qDq9t0G3fnXXSiSnMiqVWKeQCVXn0e5EmBCS-aQtNMjPxMptNE2UpdGNDchQhk0gRrDmM0d7NOSwBt1PgPXW7Y3lTaM3RddEU5wAakz3pjL0gh&sig=Cg0ArKJSzIHHATC7mTWKEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9sdWZ0aGFuc2EuY29tLGh0dHBzOi8vZXhhY3RhZy5jb20&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=121&cbvp=1&cstd=117&cisv=r20231207.63433&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 28 Dec 2023 19:38:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame E2BA 43 B
1 KB 141ms
38ms Image
image/gif 213.202.235.9
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=63&extPu=lh-mindshare&extProvApi=lh_de&extLi=26915561&extCr=180481255&extPm=361198352&gdpr_consent=&gdpr=

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.202.235.9 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Thu, 28 Dec 2023 19:38:27 GMT
X-Content-Type-Options: nosniff
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Do, 28 Dez 2023 07:38:28 GMT
X-ET-Code: 0
Accept-CH: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1119
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame DE73 39 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 15:59:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13118
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 27 Dec 2024 15:59:50 GMT

GET
H3 200 tweenmax_2.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 8377 113 KB
38 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=ByrAIWnZ9X&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=ByrAIWnZ9X&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38915
x-xss-protection: 0
last-modified: Tue, 19 Jun 2018 18:02:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 28 Dec 2023 19:38:28 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 8377 118 KB
40 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=ByrAIWnZ9X&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=ByrAIWnZ9X&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 04:12:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 55555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 29 Dec 2023 04:12:33 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9400 1 KB
643 B 21ms
21ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 37498
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 09:13:30 GMT
etag: 48472445140208031
expires: Fri, 29 Dec 2023 09:13:30 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EF41 0
20 B 60ms
60ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B-QCFs86NZbDgLPWG7_UP79eHqA0AAAAAOAHgBAI&bg=!RUalRgnNAAY3kmNgF5I7ADQBe5WfOEtWJmWtPIcYFdmN3wYAy21SJ5f1_KAXLUZUrX-mq0-MB68cQm9ARrDibjAloDxGAgAAAKFSAAAAAmgBB5kDOfk_TkbFuf-GfG6ObeyX8dSMUKerepGlpaMS9eEs12qURxr79N5ZXikdx6RQWYnKTt5UWxx6xu86VHYscwDh1guVTfyCGMiCiZvIpIn99pukl1hK-4lomt8AH5jCPQiuYI6vefxfg3ypu6CgZhMBxSYS-Yu7dyRwx3JGSBAChx5Zfltme5_Ao_O_u2wyhxpCxnVlMoboc5Zn4OoLflxaifXx0yh8bBAkMh72meFoFUqlnoorV41AI90WTABnd056zY5gsHp4EaV1NwhHJ6oHcqSxEpuL5R-uML9n3jTpIRS-B0y7GX-NuZz3PqepDkyguCpfP2S2vliAGvv5WuDsomQ2Uushm8fMj2qzyMt_tgHi-fA79b_a0espdtDbO0NI2AHetUTr8r07V447NTrz-CYVYXKi7njO1gPTVKqwWn-z3f0MGjiNP8JCaEgNz2e53WyiKbCeD-8IMYgWjC46PC-vN-iwjy1fArMCOsowsdrcot9-bLqMGZu1naIrw3_L1kYbiTkLTV4bXVZ-2K6Y7FUbCu9BJcH3fH6sAxGWee5P5pnoUTcQ38i6fYApoMogq2H1Vfzmez8SBpX17dZualExmsxWAoRcO3DZdxsjw0TguVknj71qFe6kxGL-7SG85FvdjugmHNCM_nmH_n-KnpyvtWB5KYSGYz4xHLiAjFDUHoSyu-04mAsnnSL1aGiX2e3-WNXgObRaeufCiniM7GcURuMbVLM17TwZzmAmPTTDEF9dMwXV9p3cMp8lCTN_UoPwJziKg9pHonyZNH0JkZAh_dWAGihljY7AkDgAdZNlhjWUTFJe9INWJmKgXgw40WTViVk-Eu1evr0gfsIcc08WOzKmHpwJ98uAoN-dJJiQeNvmz0GRcfPBaREihuteB6wFvgfeck8zyC0eLVdl0KCw7BUoT8fUfbn6czlYx6R4A3x0bzR5tEo_0LQD6h2TzMsrFM339A47UYfJI8yMjdZn5e5L0MdJy5eqsKbmV2osKUfMBuOYZRPbD-whP7E3JpI2ipjtNpFYCNBHSNB9jkNCCQOsA_fmK86jTaqOdQp-F-DQ0ZaS3Z68NoNahXYl4o0AjG3bpyxSDw

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9400
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGiSyATQekR17Y7BjDDh94k&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGiSyATQekR17Y7BjDDh94k&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=dGJweExkc2sxUmlXZDY1&google_gid=CAESEGiSyATQekR17Y7BjDDh94k&google_cver=1&google_push=AXcoOmSNPOOiIow-rvGAft3asz7WhLGsYMRZfmsjhyq5Iyh...

170 B
188 B

31ms
31ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=dGJweExkc2sxUmlXZDY1&google_gid=CAESEGiSyATQekR17Y7BjDDh94k&google_cver=1&google_push=AXcoOmSNPOOiIow-rvGAft3asz7WhLGsYMRZfmsjhyq5Iyhnm8v8aKsQSC202ERpyFaKX5S6n5y5U9TX0K1OFFEqhozGrRJcE-8OFA

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 28 Dec 2023 19:38:28 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-795-gb641a57#rel-ec2-master i-0f7f5cc7c951f6e61@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=dGJweExkc2sxUmlXZDY1&google_gid=CAESEGiSyATQekR17Y7BjDDh94k&google_cver=1&google_push=AXcoOmSNPOOiIow-rvGAft3asz7WhLGsYMRZfmsjhyq5Iyhnm8v8aKsQSC202ERpyFaKX5S6n5y5U9TX0K1OFFEqhozGrRJcE-8OFA
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9400
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEDdW_fc7wds2anjP7Ykx5Z4&google_cver=1&google_push=AXcoOmQpc133DD91NrhJXgIrknizMvC9N1sFcVVSk2ktFsQmttOLcfspDP97KeqI10N4EH8EjKPylZLjSuQ6skYqxXSwUDX...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQpc133DD91NrhJXgIrknizMvC9N1sFcVVSk2ktFsQmttOLcfspDP97KeqI10N4EH8EjKPylZLjSuQ6skYqxXSwUDXiGqrw8Q&google_hm=eS1KQ2hJYksxRTJwSHJG...

170 B
188 B

30ms
30ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQpc133DD91NrhJXgIrknizMvC9N1sFcVVSk2ktFsQmttOLcfspDP97KeqI10N4EH8EjKPylZLjSuQ6skYqxXSwUDXiGqrw8Q&google_hm=eS1KQ2hJYksxRTJwSHJGM0pISjVTYmdOUS5kVkR6ZlBJNH5B

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 28 Dec 2023 19:38:28 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQpc133DD91NrhJXgIrknizMvC9N1sFcVVSk2ktFsQmttOLcfspDP97KeqI10N4EH8EjKPylZLjSuQ6skYqxXSwUDXiGqrw8Q&google_hm=eS1KQ2hJYksxRTJwSHJGM0pISjVTYmdOUS5kVkR6ZlBJNH5B
content-length: 0

GET
H2 200 dds
rtb.openx.net/sync/ Frame 9400 43 B
236 B 84ms
31ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEGJQ0s_bOVcIk2l_KgK5FwQ&google_cver=1&google_push=AXcoOmToB9zhw7ns9MYHxW3wzx74LEmg4nAyIfCOD1shMQvbZ6LbOKpct7w6gpKASFlXpgdc65eQanIrUl3Z_KSv_3OlnshCHXfObg
Requested by: Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9400
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEFs66ePyoICA2dLl4xpx2Ak&google_cver=1&google_push=AXcoOmSossF-owfo_w2H7XF0TBiK1l2OPiZDPTmepl8iJQbcFzb8oywtAcpMaJebuEHxPcnyJ-3sFmCm7PEw...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSossF-owfo_w2H7XF0TBiK1l2OPiZDPTmepl8iJQbcFzb8oywtAcpMaJebuEHxPcnyJ-3sFmCm7PEwriMIZN9quPtitYfnSA

170 B
188 B

30ms
30ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSossF-owfo_w2H7XF0TBiK1l2OPiZDPTmepl8iJQbcFzb8oywtAcpMaJebuEHxPcnyJ-3sFmCm7PEwriMIZN9quPtitYfnSA

Requested by

Host: lollty.pro
URL: https://lollty.pro/

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSossF-owfo_w2H7XF0TBiK1l2OPiZDPTmepl8iJQbcFzb8oywtAcpMaJebuEHxPcnyJ-3sFmCm7PEwriMIZN9quPtitYfnSA
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2 204 v1
match.sharethrough.com/E4rooAtA/ Frame 9400 0
35 B 94ms
23ms Image
text/plain 18.153.246.175
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEMyea_pHwF8BmCK2kg9UmVc&google_cver=1&google_push=AXcoOmRnztJhKchli2Nokj-z3_watuxNuu4XUEweImaFKqr2kWqZrSjJoKFh2Uj32Kc_0t_Q-mgAO_-51sH_opwsKZ6PBQBheGp4jkY
Requested by: Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.153.246.175 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-153-246-175.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:28 GMT

GET
H2 200 https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25
x.bidswitch.net/check_uuid/ Frame 9400 43 B
146 B 199ms
24ms Image
image/gif 18.184.81.93
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEKv7ccmEWKxiIgWGBU2Mxys&google_cver=1&google_push=AXcoOmQirCZVwdhuEZVYMLQPB9ynVXHOQgkIOLKsEoZqPJYbXVr0dj1qj0FVYkVRD6KcjN7WKbTMRcXUpN4ewzFTzHClqcy8RZXGxQ
Requested by: Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.81.93 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-81-93.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:28 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9400
Redirect Chain

https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEKWUElFIhoMEofXENw_dgtY&google_cver=1&google_push=AXcoOmQkEsICRw9K88k8FE7YZankSvvKneqyHIPUwUc_kQ-ddMFbZDQs9pnLypkc-sx...
https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmQkEsICRw9K88k8FE7YZankSvvKneqyHIPUwUc_kQ-ddMFbZDQs9pnLypkc-sxv1xyDyGS4C5wsiMSIfLeKPib3vW8zfiyM5H8

170 B
188 B

35ms
35ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmQkEsICRw9K88k8FE7YZankSvvKneqyHIPUwUc_kQ-ddMFbZDQs9pnLypkc-sxv1xyDyGS4C5wsiMSIfLeKPib3vW8zfiyM5H8

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-akamai-request-id: 14e1115b.1ce8c1f2
date: Thu, 28 Dec 2023 19:38:28 GMT
x-bytefaas-request-id: 202312281938286C7E41CEB9EA52BE7CC2
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2312281938286C7E41CEB9EA52BE7CC2-4DDA32662435B76E-00
x-cache: TCP_MISS from a195-138-255-5.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time: 103,195.138.255.5
server-timing: cdn-cache; desc=MISS, edge; dur=95, origin; dur=8, inner; dur=5
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202312281938286C7E41CEB9EA52BE7CC2
x-cache-remote: TCP_MISS from a23-218-219-29.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52668873) (-)
access-control-max-age: 86400
access-control-allow-methods: *
location: https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmQkEsICRw9K88k8FE7YZankSvvKneqyHIPUwUc_kQ-ddMFbZDQs9pnLypkc-sxv1xyDyGS4C5wsiMSIfLeKPib3vW8zfiyM5H8
x-bytefaas-execution-duration: 4.07
access-control-allow-origin: *
access-control-allow-credentials: true
x-gw-dst-psm: ad.union.pangle_web_traffic
x-tt-trace-host: 01830b7dd967e2b758146f097fc5634684cf02315ab66cd4531c20ea5641fa4020b379a4b42a1bc4071d7dc11b347a1a3fbfbc06dcb84c92ce38711d6611427f61e740f1cf42a76171347ffb24a718edc1f018ba11c68b443a1f44f8ba0bf8e179cdfd0dbf08069768f4015ca2992a39a6
x-origin-response-time: 8,23.218.219.29
cache-control: max-age=0, no-cache, no-store
access-control-allow-headers: *
expires: Thu, 28 Dec 2023 19:38:28 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 9400 0
12 B 30ms
29ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LBbMDB_MXwGpY8sWhfs8iWNEd-gnXq5ZNQXVsgHq1JV1Egl0i4a6TqwwYtHq3tItFBYsoW1nAV

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:28 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js Show response
pagead2.googlesyndication.com/bg/ Frame B19F 50 KB
19 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js

Requested by

Host: 3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
URL: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80f4d9c7c420e58b6a1d8013b9512aef088d5e019824b98db55e90fa74480346

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 13:49:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 193752
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19632
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 25 Dec 2024 13:49:16 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7BC2 0
20 B 60ms
60ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BG1kEs86NZevzMtj77_UPhpas0AcAAAAAOAHgBAI&bg=!paalpunNAAY3kmNgF5I7ADQBe5WfODNAmycCY32lm8p32lSyH9OqqbvkJzFfWlQF2Qw4LsvvIV7LERRuvk-SpKmWB41gAgAAAGxSAAAAAWgBBwoAMfnBEYj52fhTfdbfhzAeKBOMVsCo1p5AlIh8Ej2LCv2LnF7zEU6uVAYXT0jsVZyMv_uZAx47s3AZhqhbh82OGreqpmQ6ybzy0BB106JGwj8Xp3ML-aLeomS2TthIYQR18ogqNTeZ4gQaEspUN5N_cy-CVT67ybXq6AuUjVdCY4bMtNl8qqPDObsX2FknLtT1KbPY1nfSF8GJ2NvzBSq8BPseTPds7OrNVi8CehGrUjDBFEcgf1nulAs-pxwG7PD2yPkSsfmlGQHPx0Z5042SoJ3tKpHUvmWY2XW6o-WtyC7wGVT233ZwVDipvBXNd_Buwzl71R5ns0R0ZCBQJSoAjGDqJElhYrXt7f0z1pegz0sNbPPZK_Zb6aeC6-8y_vPmL9ntLvW68az7sMgVzShTNRm0CHGsdGM0hn6ewgR3VRNFpYXa3Jwsp8lf_1Z7KcOeZLOszwyPBmnfwx_In_tM1uvfc2Svgri4aQzWOyRimTmN2qnCIaRf7kvia4d61pKBFoM6AE7kLUbuWLYMYSCFIkppOE6pefr-QAv_O_F5pzTsndW1VEVHdKGXqEKQiykzJcJpLOaibiZhqprBj4KK7wBNtXxDT9LFqgE6Fw9lDZ0oSoZ_wlpJjoDuTfuNO5XwVprcs_a38ucATNHzS04Golzn1PbIDHlsf96IDKjxUBS83YOgu31A-CFxFSU2IwcJT3z6264_dNiUMeKUR0bTFmNBkfQISADHZSbasYnMgt53dtRZJsrr2blN5_p5C5gPlM7YLEdUUTJu6gqzmcGhLhN1MbYQ7sGq_YXhHN0KdxZTaTGe_zn-VUxcEDxCGug2UZouY5Tvw00p-uo2Fd0mWd7_dgLZkRFttReOLqLL-qn19vnWlo5E3xnfimF11NEuunxXB5Io9HgnwvnV-I5GMMlZnUrIScOeMjfVd7xiy5yIN9xr-dTTMLqXyAmzhfvrOIEmc6US6Wh8pU--Y2Ao4kcv1d4aPg_-Q96CeXf3n_uscnAIEEUQEIB5uV5PG-CyMA9VJCLV2kZRvliINKNehG3sA6OOUGvFYjrT9Dct_Lq8jUSiTApSnzzARWYxETWUHm3SbzTvE7FtpMOVXyZgq4Y7PiINxEHL-mCTkKBecLXN3Jc

Requested by

Host: lollty.pro
URL: https://lollty.pro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
ad.doubleclick.net/pcs/ Frame E2BA 0
0 58ms
58ms Fetch
image/gif 142.250.181.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsv0xn1AYxAGLQ3_LB2dPgjOd7-pIK2Y7vO4TakNb51qawH7Rk5rdCGkAS_gSAQcx-a2onjnzY534XNp4K7sJkC67YNXUDNc_Zk3dFkYaUfSKRrnbzRj_CMk2F041dE38N7IGc9R_k0Etzogjp_OZpc0rVz-jjlC35qpfZ6pSRrLUwuufsFM5nPtnmB7vrlcM9IZffmWwtV1VH2LEpKwEvfdOciuBxjia0nnEdZRqRM75tsD_iawJ7-rA3ygqBXjB7pZIKpt1ambrh1YpZjFyJtPfc9BfgLBf-gE4Z1dMgIYb2WjtWNNSQu4wEPwPMKlBMx59yRh4sghCPoat3p19wwVuGhBeJ7oy3bUW3FsYdGXA1Ap31Tly0A2tHxacf4V9SIZG9kbaIileiOwT41CQGv1padNYHxmCeySyW3tKT7x68n1C8l570rjZxfoD9_rpxOenyVstkZISv1EVgmicrdCq66UptCzBjsGclNU2kAUAKqeC304Y__pAhJm1kTOT3MrEFwGSuFQl_94bJz-5DKYuGQfVNuXuiUckAPxEqSF5bSOVddn3vjuj7Bl76NcFTz3jd2zCl7qAhoPJbicMgCmhGKeJcQZkE6oqkHBjl-ocqLUeTKN73QzcQGI7R804pC1pQxZEyE0prnRPxeTCjaUz5FtR2uNAP2TwMXEBQ4QPmDsfl_XLUHXxpzWZIILIfxGNZTArR8bfBvDYYO2CeOMZOHXEMnu7oQrKYmM4_oykKxEzbPdNA2yQw3oLK9NovYTAq_TO7_O1t9SMKED6MQz5Or2-qzubLT87wqH_tK682tR41zNGcssKRC78Ma91KIIk1BIbaZUCvE4daM7Cwv05tIDjtcvxOQzPHgPj-XqhH498VSPuENX34CbYijzeSLT24JJ4WV7gPIotxfHER7ejjiFQoUrmqYLQYDrxJBrCC55PP7qILOjB9BMds7b-V-Raq1dTanPllkfnSnCYJZ23LdBcLEco3YSAFz3FFei7XWuOfoWEZi28tE0zeXNyTJE8OSpUBhB3ZYf5Z2tSTB1iH09uUVDUvKH5i2kS43AGpnLyyBWipQA6gENwPnxdXKyMdqFDhYEPNQkVmhOc4x84-sVjHHxhD-C1ZaPseF0BJ3WD7gTxq8-TEIHj3vcoB_2_1ho-v5yfrOm7AQUpLv02ABTKXM5IfpgSJRzT69qGdVMMP0_u-09KFvZLK_mPGLIkjZKGjJHyvLf3kZMuoPMghrSF4kYhWTlsgvHzT4-fYPHRsJ5MqKB67tVpVThwP8YHSQmeG3taTYsh9058lwFnXsi34z3rx5yAU10x1QJYwFBxqtGH25nl20iJyTvB3T498XMU8p7CLMIURRrymikLXKN4hi_lM0IDN1o297jEJeK0yVoz_ej5ze89ExCCUnXos0yn3ar9unWP86xvSFRbN9RuxSTrcbDtCDypdo8p6a8Vw&sai=AMfl-YSLH8lSTsKooUj9el9FvEi9Vz82yPi--azA_f4TRvPllyjBQlojdiTBkhvAMj2Asg4pxfrBSq949lrZUIMTRxxcbea7KA6PJeQx-4e26178nBoKQBsgaAkzN7ePAOy4sjy3_eZG8stXfkv2wtOx7PHxJuKnCOsVV1Opm8tbRLCWuXHNlrJPm5lJmlpSDo_kcLOKOKt99YjwUptv5GHyccWz1_3kh1O7lN-gz8xovTFCHGl701LEuzLEgxTtKAFmcW8NLk7FS-PzRG3ZIno4NBZsDNgYEW5NoBWT2x1qbxqzRJfza_mqo4JmQ3qDq9t0G3fnXXSiSnMiqVWKeQCVXn0e5EmBCS-aQtNMjPxMptNE2UpdGNDchQhk0gRrDmM0d7NOSwBt1PgPXW7Y3lTaM3RddEU5wAakz3pjL0gh&sig=Cg0ArKJSzIHHATC7mTWKEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9sdWZ0aGFuc2EuY29tLGh0dHBzOi8vZXhhY3RhZy5jb20&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=285&vt=11&dtpt=164&dett=3&cstd=117&cisv=r20231207.63433&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: 3upload.com
URL: https://3upload.com/ib8g06clnxpy

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 71ms
71ms XHR
application/json 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202312060101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cef530faffea60556d9a6915c151165537191069a652993a2afc9a59facf0f29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:28 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12214
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 35ms
34ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 28 Dec 2023 19:38:28 GMT

GET
H3 200 main.js Show response
s0.2mdn.net/creatives/assets/4703545/ Frame 8377 3 KB
1 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4703545/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=ByrAIWnZ9X&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1b2da575466eb30982e08c1020f55bcf2d9565f53bd64c3da87a1d774d75588

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=ByrAIWnZ9X&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:36:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 93
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1100
x-xss-protection: 0
last-modified: Fri, 05 May 2023 10:07:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 28 Dec 2023 19:51:55 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 8377 8 KB
6 KB 62ms
62ms XHR
application/json 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c5bf0e6df9651f90f2aedf49ebc0f2a74fcf8727237e252a229ae16d3d8c3f85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:28 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5889
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DE73 0
20 B 59ms
59ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BSiBTtM6NZdjAA6yj9u8P85uI0AwAAAAAOAHgBAI&bg=!pqWlperNAAY3kmNgF5I7ADQBe5WfOBabFDMVRjCNKOKIPgwg4jYI2e5E46MDVrQp2choGIW1Im1Auqu9ewpKhAAVAPE8AgAAAIpSAAAAAWgBB5kDhxleX1w0nwQJY9vJioyvNf96cOdKJLfPw8tvQzB747uE8jHgCpHEwvI1IaSDOpVxl1XOGcrTB7QpU49Ddfgy1YMDDPtteJc3PC8PVtSqnL9_3jV4OV5pSeX5gFNQc4EaMTALk9CinyrgXd4Zft3Qntc7chnEXzn2uT-7HoGQ1kpNkiq82l7uJqUdSu-zTZigWouUDITOOcFbXUPVSbAbZx4qawRhgIPjBGXAQ9KhOuizNlx9Ms1u0D1_YQz-0f7qBZeUKi-nPwkMXFZQQK4a-RMb-t92FYARwJynE69eBSqC0-TQak0kQeb9Fca84deBe2ZwNNNjwhHGL7MW8mMGl1Vs4n9PWVLa6rsEJ2VsGqL5nHotF3lxjTHjGt8OUpgPXiVy3g7jgTMrl0KwTsYDPgRzmKGFvAq3XodRjfOVJM6eMzeykwXsCaZHgDGNRfIIGUXeCgOm8hCa7wmgfIgIZA6DwFr1RNlKFw_3XDK2bQB2yc7WU-07V4sHbSw_ewsDIQTIyEG7d-UXVpXbOxp_KPkyibXygHZ31c2sisuVAnoLKdPmkin22nflVcbQvL12fmywfkP7vYeBwg1x4TbReoQsYZFcPI7RtpRd_TKlROU8SaAJAzOl5z1L1pDmeIDN-OpDvsFfhnhQKY1fctx-GovqZc0b0LrWEqNQE9zOhVR7kIKH_U4TobVZNFcU7Bk-Ad1UVTDnNsptgwKWokrgWvsaLjGcuTGlBSxbDXRioRrwqys9ZtxVDiEISVKYV4yDfe1w5avaLdmdbMLPtWA-3aW1aXwhHrCzr08NPrWuCwqWauG4mHuaXAmfxo5NqxORvxcJmkhbd0qoM9cal7JH3aJLaxazHpKdJo-XDKlmXkCQdqwIkZbFD3qfdk6G5jSy2Pt0IXct8HCQ_AmbUIE7FHbVal_wAYi5_chmdTkIs6_uB-0xvIw0lFhnJg35_MN0P8OwvK4IQ0TV3-7MHbYmI52DGPmezq_CoK25-fMOrTCoK5Tm3Muzb46VAfZn873DELYEZZFZwh04xX_82tvL-95zQuTj_TR89xeEKGM8xdGmjykr_yC0BA-v9xvmcs5fq7hRvM0a0hdeZfQOB8bL1vtBQD5i5e5MZ_qDNoo9Y-8Bb-D1SnnRbKK96VCYfEuImKvlg7uYxlhtnmJ90-YOvDdHTiH6H8cEX4kXmH-G5JE5Vt6kNSyl0Q

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 728x90_de-de_performance.js Show response
s0.2mdn.net/creatives/assets/4703545/ Frame 8377 80 KB
19 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4703545/728x90_de-de_performance.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/main.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e44e8a9cf91c3d915be31bc1d006e1df1cd438c981b592f966c059739694ad2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=ByrAIWnZ9X&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:37:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19263
x-xss-protection: 0
last-modified: Mon, 18 Dec 2023 14:40:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 28 Dec 2023 19:52:34 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8950 13 KB
5 KB 21ms
21ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://lollty.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 13021
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 16:01:27 GMT
expires: Fri, 27 Dec 2024 16:01:27 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 2D23 829 B
559 B 29ms
29ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f64ad45c01d1963ee11154bbe2c6abe546fe51ee06aad932e4cf5709d3fb7df3

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-euABKG1IlIMAP3cLjMgssQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://lollty.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-euABKG1IlIMAP3cLjMgssQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 28 Dec 2023 19:38:28 GMT
expires: Thu, 28 Dec 2023 19:38:28 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 star_alliance.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 8377 6 KB
2 KB 21ms
21ms Fetch
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/star_alliance.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/728x90_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

563d8b655debf02dc76ee9cad7e2114692c770d009bfc9ed1f9153eb384593d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=ByrAIWnZ9X&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:36:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 105
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2334
x-xss-protection: 0
last-modified: Thu, 29 Jun 2023 11:06:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 28 Dec 2023 19:51:43 GMT

GET
H3 200 lh_logotype_single.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 8377 5 KB
2 KB 22ms
22ms Fetch
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/lh_logotype_single.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/728x90_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7502e785bdc8f7184cab7e278053c49be4458393085eb2fbddabf35b895c310

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=ByrAIWnZ9X&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:27:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 643
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2151
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 09:41:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 28 Dec 2023 19:42:45 GMT

GET
H3 200 lh_crane.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame 8377 2 KB
1 KB 22ms
21ms Fetch
image/svg+xml 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/lh_crane.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/728x90_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d2067d4b9b5b9d3003ffa4dc17b44616dc00a543f59eea17df555e959f20b53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=ByrAIWnZ9X&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:28:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 569
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1311
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 09:41:55 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 28 Dec 2023 19:43:59 GMT

GET
H3 200 NH_D_EU_Germany-Windows-European_728x90.jpg
s0.2mdn.net/creatives/assets/4703548/ Frame 8377 44 KB
44 KB 23ms
23ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4703548/NH_D_EU_Germany-Windows-European_728x90.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8c6282b043a74b1d92d9edee077e30492ec94b17b7dd9735be93b93b6118db54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=ByrAIWnZ9X&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:26:37 GMT
x-content-type-options: nosniff
age: 711
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45135
x-xss-protection: 0
last-modified: Tue, 08 Nov 2022 08:39:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 28 Dec 2023 19:41:37 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 8377 17 KB
6 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 28 Dec 2023 19:38:28 GMT

GET
H3 200 LufthansaHeadWeb-Bold.woff2
s0.2mdn.net/creatives/assets/4714589/ Frame 8377 50 KB
50 KB 21ms
21ms Font
font/woff2 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4714589/LufthansaHeadWeb-Bold.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a43c20863b324fe2bec355b5ebdc6566861742f92018f12be1b38fa2c8b7767

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/15415463092317913147/index.html?e=69&leftOffset=0&topOffset=0&c=ByrAIWnZ9X&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:15 GMT
x-content-type-options: nosniff
age: 13
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51548
x-xss-protection: 0
last-modified: Fri, 18 Nov 2022 11:46:13 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 28 Dec 2023 19:53:15 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 8950 39 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 15:59:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13118
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 27 Dec 2024 15:59:50 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2D23 0
0 55ms
55ms Image
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202312060101&jk=1069012116819260&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 0562 39 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 15:59:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13119
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 27 Dec 2024 15:59:50 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 8950 0
10 B 22ms
22ms Image
text/plain 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?miCdEg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 28 Dec 2023 19:38:29 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1AE1 42 B
64 B 58ms
58ms Fetch
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsut5yFulZWoA5t4ZK7aWepQ5JUw6p_VhyMxB8SWPSnTClpjkMnClJcTNk2k0yqHd5N9mB0cwSnStWDgYaCxHjNRiFOX2fS3FPfd03fvcOGf9jTuUid3pXfVxHKxPfkWt2VSCsWncMF5zy0&sai=AMfl-YSIren-6SQbR1IddWPsMXcwGx7z4r4uh0H5TAAGcPYlM3p-7sLGVScInkAWI93Jth2NeR4jGxD4uuchD6mOTUulnYIvHVrJnAdxCd_tM6p3yoYjpMDJp8z8RcqWSo7jfGk7-nMK24YnqoAvEkDgQQ&sig=Cg0ArKJSzL5TjyDbdzxPEAE&cid=CAQSTwAvHhf_Z2FfBqz3Jn7IGC6DHMiYLHF0ZL2SBAWzSF7fGc6otK9N3CuBq9DsHmw7pWcVRTbd_OJIhg7KW3xBNRnfDyPc5ykK6ohuzjn0hAQYAQ&id=lidar2&mcvt=1000&p=732,315,982,1285&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231213&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3736545718&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1703792308197&rpt=182&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D29B 42 B
64 B 59ms
59ms Fetch
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsudE3nJdKUEVwoc892X0kXjJaaBx3S98dyziYMPYzBkiw88Dd0vVjSpwm2ZayZexV8j0wR0IAIiU4CpAzSr-ZbSGt5N81VKIq4sVOKVQVOXDOS2BeA56FHacRNF9nM--9jLIpzcZeF4Fsg&sai=AMfl-YQyqUJVXVRWsRw3dhO8WjLgtKSJrjeDaDp83xxczlVB4t46TZh0Notq8QVb7v394dSkxRekSGflQv8G7PkBwxndsQu-BxcV841i4eZKjKYunniYVITFOfTb5Oo&sig=Cg0ArKJSzO0Eg8HWMPCqEAE&cid=CAQSOwAvHhf_Vw-aVbMevc6_8BfVxuASi6t0o6dQXoAJ4kvoGyq63FGmO1CW5PKbFYJgOxfQrlxoElO15j3JGAE&id=lidar2&mcvt=1000&p=442,650,692,950&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231213&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=4064778401&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1703792308284&rpt=146&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame E636 42 B
64 B 64ms
64ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssONuZ28MBQypTK0b4xq9gngtZNeQ4rtxjoW_888mTC65cYXKABMmj9WfDkMTye7J1b1UGzKj3r9HX_P4koQgwJt5tl2UJvHrWcwaqXgUUIW7QuDhsMpqSLpb276qd0OX2L6adyoe-RVpaF8ck_TCxlYvRE&sai=AMfl-YSv_Fvd5e06LBCGrtwwICAkGJg9oRbE-YYNml13ATMNclyPTma4D4OZg3qE-_pPfoxBALfRRdvcOK2Jga5ELyacIYSZbAceLWpDZ5TUPE_WVqkNuw7XXe-g6DA&sig=Cg0ArKJSzEXvN0ukqiFYEAE&cid=CAQSOwAvHhf_apgeV2sr3RQ6YUILiwnl6K-n4LEWZardik4pW4sx7PtsS7qhhNd9axt2Q1HTvGDjeI092IFBGAE&id=ampim&o=288,280&d=1024,300&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,0,1000,1000&tos=0,0,0,1000,0&tfs=261&tls=1261&g=100&h=100&tt=1261&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 61ms
61ms Image
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202312060101&jk=1069012116819260&bg=!8fKl8r3NAAY3kmNgF5I7ADQBe5WfOB2CVQyBMvFFc8GMgfKgmATSpBRSdRM0MAaHMfMvPH7pZ0u4y93QHngPxen1AzYZAgAAAC9SAAAAAmgBB5kC7FEDsKJrtyf-PFtgNN2e7bpKcG2bAq4--ymgUtfgACMubxUdWij8Ca-cx2EwONfo_vuGBSHQFevtBOl3Xc5pG-q9CFN5QEw00sJX2DurKsYGhzzzkR_k8HdfgAjxvdONk5uoHcotMaSOWGACd7u8twEcJFjWaLQBfGava4LumttxfcJ0Zoa8hDJb2w3Skh6lvocGNNcoENIVFoxNASp286T1AbDNsW-a-rH-EB-mmgsYKtWwRaUI4Eyw_InoIDuN0v82dV4n4g6hgnJEgmE-2PcjpNxPw8rEUTpd56leIp6trHJohgPydjIVIMq7yBNZC-ug0GQx0KxBsSEl3BZGgUw7y1Ox9o3ulN8BHxwMV8vcruQOBwOb-KI0jenbkZU0b6Qz6OLYvfyTzLWU8fxqqmGxfAf5Xk5Iu8PFm6qOMeuV4TopGuHqmAOHHcEn82nGUykK8C3Wls7Dz4SZzEDcdWwIwzE_uQKyLIZidjtBhRcAutACCH6u8myXG9a_nSktPONvtOlBBNZgpWFyCNNhAXxFSm67fDO9Ztf8QHVxDgTqLY0obLsVvdz--ttwnzeoE4vDx_2xJSbVjSzFX7mw34a8lCpE6Ks26SFiz6kF9MwAAR0WKii2tqu3B_Q1reihCw-lCuD0bVe4ZsP85TZoVIpJUguDfYSgdD2U9bFo1nxTU4J4T2DXFRG8R7QjI2fqJFHVignj2BFD3QfxC3BblagIfeJOVpl_5a1oXO3y4CNwD8-u-hY-ZUTZEcYzgZNYK2ztqE1EQFSoNaOXwU_CA8AH8biepXAiqY_vNmxzoYlJNhVuea8MKJy7vgHuNQG8s5HeHWjPY07FUmLHcoggSZ2OR9PqRHpgvDbCeRapIPzD5OADY22YyJS4YtdVAKrx007mUbc8jhJMbfNQXfvjM_AWdGKLpMViIJsT-lQ6ViXcVbGKWsY2fybKRr9FO9eE3rUqgBL7J7iwZMOZQv8VLXGeeqO_n9msLq4-xL0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lollty.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E2BA 42 B
64 B 61ms
61ms Fetch
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss6d04G2hZgdIETj-OOpLrn6-DaKLVk3QZF2uu9rCRhakxjwesJVUT5DPYzCeTfENgSl1zDfyusp9PE0UMAZO92Di9VBcKLdezanz-EVs7xxi5AtqGxZ_cxgNQn5J6n4eur7I4Gm3WOK_Qyb-Y3WcEZ49rA&sai=AMfl-YRhnXOskuOtTu8HAix12EtQ7PYri5p4g9jVaezYjs6qdyOM3-FQfYkHRfyDevyswTXjLIdlM-nD01PJvAyVhWfNSGeQ9eRhGENg8JyvGDtctlrIennSJWOFAl8&sig=Cg0ArKJSzO_P9LGd6ZyzEAE&cid=CAQSOwAvHhf_otrKtqqzOx2vlph5HzpTiyVloZov6ppguHmt97msYnFj4cbvEn1xKEUhKHw8Nls9rS0RpZAOGAE&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=336,837,1000,1108,1166&tos=336,501,163,108,58&v=20231213&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2043699473&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1703792308493&rpt=97&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 28 Dec 2023 19:38:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 3upload.com
URL: https://3upload.com/use.fontawesome.com/releases/v5.9.0/css/all.css

Domain: 3upload.com
URL: https://3upload.com/css/font/OpenSans-Regular.woff

Domain: 3upload.com
URL: https://3upload.com/css/font/OpenSans-Regular.ttf

Verdicts & Comments Add Verdict or Comment

182 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

43 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.3upload.com/	1969-12-31 23:59:59	Name: lang Value: german
.3upload.com/	1970-01-20 17:36:41	Name: affiliate Value: Uoh6gQfBldMAL4w%2FWfvx1Z4JwB0yVW509F8k0I0TEdwprKtJUQVgJiKjeKrFLn8vkPL%2FuwI0He80BYxKCbDv9%2BY2g1sDCqE%2F3Q%3D%3D
3upload.com/	1969-12-31 23:59:59	Name: visited Value: visited, visited_expires=Thu Dec 28 2023 20:39:25 GMT+0100 (Central European Standard Time), path=/
.3upload.com/	1970-01-21 02:52:32	Name: __utma Value: 131791437.862455627.1703792306.1703792306.1703792306.1
.3upload.com/	1969-12-31 23:59:59	Name: __utmc Value: 131791437
.3upload.com/	1970-01-20 21:39:20	Name: __utmz Value: 131791437.1703792306.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.3upload.com/	1970-01-20 17:16:32	Name: __utmt Value: 1
.3upload.com/	1970-01-20 17:16:34	Name: __utmb Value: 131791437.1.10.1703792306
live.demand.supply/	1970-01-21 02:52:32	Name: demandSupplyTi Value: 393f7ba6-e3cb-4fd8-b079-c2f43ae10ac6
.demand.supply/	1970-01-20 17:16:34	Name: __cf_bm Value: TZzp3XjBoJ1.meG9TBXgPTapGhzpNGUl8zau0TPgi78-1703792306-1-AeDJLFsKcYEXkLitSgwgKDcwzniWrmWCeIpJybb0dXBonSwMR0LQqLDfuKjme3sNX64Pb/Pvf31JYPzG+HFquEQ=
.lollty.pro/	1970-01-21 02:52:32	Name: __utma Value: 109180184.468208656.1703792307.1703792307.1703792307.1
.lollty.pro/	1969-12-31 23:59:59	Name: __utmc Value: 109180184
.lollty.pro/	1970-01-20 21:39:20	Name: __utmz Value: 109180184.1703792307.1.1.utmcsr=3upload.com\|utmccn=(referral)\|utmcmd=referral\|utmcct=/
.lollty.pro/	1970-01-20 17:16:32	Name: __utmt Value: 1
.lollty.pro/	1970-01-20 17:16:34	Name: __utmb Value: 109180184.1.10.1703792307
.lollty.pro/	1970-01-21 02:02:08	Name: connectId Value: {"ttl":86400000,"lastUsed":1703792307781,"lastSynced":1703792307781}
.openx.net/	1970-01-21 02:02:08	Name: i Value: 1a796579-e7bf-4e3f-a5d6-b11aebe97d5c\|1703792307
.criteo.com/	1970-01-21 02:38:08	Name: receive-cookie-deprecation Value: 1
.criteo.com/	1970-01-21 02:38:08	Name: uid Value: 167395d0-3b3a-4553-88ce-70f26c0fce46
.lollty.pro/	1970-01-21 02:38:08	Name: cto_bundle Value: YDA-QF85VkIwWHRLbklwJTJCSWhiYzBlZkVkRTd6dGpwQ2x2RExNRzlZYlV4YnNlUVJRWWNIenZPMmdIWFE0ODJFS1dxQUNLeHYlMkJxZVlJVFE2TUZaQUplYWszOUFsYTZDakRQUUFPMTlqV3dVUjN6V2NSUEdyVldnbDRUc1NHalB0Mm84UDI4OHFtYWpmSnJvNG9VQTBKQiUyRiUyQlpMZyUzRCUzRA
.lollty.pro/	1970-01-21 02:38:08	Name: __gads Value: ID=37061ecdeb1d160d:T=1703792307:RT=1703792307:S=ALNI_MZW3IMQzE_Ww7Wke1NsuFIWcxZg9A
.lollty.pro/	1970-01-21 02:38:08	Name: __gpi Value: UID=00000d2ef682b1e2:T=1703792307:RT=1703792307:S=ALNI_MaCHI4DqwQ_VOdEJhMmOZpEelnCGA
.doubleclick.net/	1970-01-21 02:38:08	Name: IDE Value: AHWqTUn3itulTw_X-5j8xMJ4ATFD5zflbFPyYETWEoKCv0t77n4ZcomLz3a5WOeChZ0
.adnxs.com/	1970-01-20 19:26:08	Name: uuid2 Value: 4836531881440343104
.casalemedia.com/	1970-01-20 19:26:08	Name: CMPS Value: 1160
.simpli.fi/	1970-01-21 02:03:34	Name: suid Value: 26154EFCA1B94EF397A78AC978118445
.3lift.com/	1970-01-20 19:26:08	Name: tluid Value: 1666869468152770925894
pixel.rubiconproject.com/	1970-01-20 19:26:08	Name: receive-cookie-deprecation Value: 1
.mediago.io/	1970-01-21 02:02:08	Name: __mguid_ Value: f5ef61ca0828465f2kpsqf00lqply75y
.casalemedia.com/	1970-01-21 02:02:08	Name: CMID Value: ZY3OtNcZkaFnOkKFb0m3zgAA
.casalemedia.com/	1970-01-20 19:26:08	Name: CMPRO Value: 3285
.media.net/	1970-01-21 02:02:08	Name: visitor-id Value: 3467939088280954000V10
m.exactag.com/	1970-01-20 19:26:08	Name: exactag_new_gk Value: b2fafd8758784cb681ea8e0439ad122a%7C26.02.2024%2019%3A38%3A28
m.exactag.com/	1970-01-20 21:35:44	Name: exactag_new_uk Value: 88fb6fd8fb824e7bb62bae67fb67e121%7c
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: 48535a16bce64ddcba4fc93c
.adnxs.com/	1970-01-20 19:26:08	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Il_kAQyf!]tbPl1M>e)ZlrFUfJ+tGXxp$GMGtjE9UUf<zWs/ZTlVrWz_oS_K?i>l]n_%3If)y3KL9D3I?+me#tCU
.w55c.net/	1970-01-21 02:48:13	Name: wfivefivec Value: tbpxLdsk1RiWd65
.yahoo.com/	1970-01-21 02:02:29	Name: A3 Value: d=AQABBLTOjWUCEJai1WeOEZENZD2xu9QOpAkFEgEBAQEgj2WXZQAAAAAA_eMAAA&S=AQAAAkbmxasOtPx_Md1aTVE74U0
.w55c.net/	1970-01-20 17:59:44	Name: matchgoogle Value: 5
.tribalfusion.com/	1970-01-20 19:26:08	Name: ANON_ID Value: aUntuJON6Je8ZbUxralUAwWulZbVAr3aZduw62ZaBsSRYcRG7shCAR3d3C17pEdAku1wjTMwVbF3xuTGR6lpeagGbsjP
.zemanta.com/	1970-01-21 02:02:08	Name: zuid Value: R7O4AqQ_Tr2ABDXcDKZc
.1rx.io/	1970-01-21 02:02:08	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-1b45fade-4e0f-44f5-88d6-d9b072be8780-003%22%7D
.targeting.unrulymedia.com/	1970-01-21 02:02:08	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-1b45fade-4e0f-44f5-88d6-d9b072be8780-003%22%7D

11 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://3upload.com/ib8g06clnxpy Message: Refused to apply style from 'https://3upload.com/use.fontawesome.com/releases/v5.9.0/css/all.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
network	error	URL: https://dripgleamborrowing.com/86/39/34/8639343528bcb857ab22195fb7b28a21.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://adservice.google.com/adsid/integrator.js?domain=3upload.com Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://dripgleamborrowing.com/86/39/34/8639343528bcb857ab22195fb7b28a21.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307050101/show_ads_impl_fy2021.js?bust=31075832 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://googleads.g.doubleclick.net/pagead/html/r20230628/r20190131/zrt_lookup.html Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4485722904051021&output=html&adk=1812271804&adf=3025194257&lmt=1688647068&plat=1%3A16777216%2C2%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2F3upload.com%2Fbuk3llhurtlc&ea=0&pra=5&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE0LjAuNTczNS4xOTkiLFtdLDAsbnVsbCwiNjQiLFtbIk5vdC5BL0JyYW5kIiwiOC4wLjAuMCJdLFsiQ2hyb21pdW0iLCIxMTQuMC41NzM1LjE5OSJdLFsiR29vZ2xlIENocm9tZSIsIjExNC4wLjU3MzUuMTk5Il1dLDBd&dt=1688647068464&bpp=386&bdt=24&idt=386&shv=r20230628&mjsv=m202307050101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dffacc299809de38b-22480ea790e2003f%3AT%3D1688645542%3ART%3D1688646981%3AS%3DALNI_Mb2N6AvbdtXE0uvKxGcYVgulT1kIA&gpic=UID%3D00000ca0b14e8fe8%3AT%3D1688645542%3ART%3D1688646981%3AS%3DALNI_MYodgLO1OppICJQLBsdxBHgBY4M0A&nras=1&correlator=3963259299356&frm=20&pv=2&ga_vid=565754033.1688645529&ga_sid=1688645529&ga_hid=430499464&ga_fc=1&u_tz=180&u_his=3&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1903&bih=969&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C31075630%2C44759876%2C31075832%2C44788442&oid=2&pvsid=3195434146881601&tmod=1450534492&uas=0&nvt=2&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1920%2C0%2C1920%2C1040%2C1920%2C969&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=400 Message: Failed to load resource: the server responded with a status of 403 ()
javascript	error	URL: https://lollty.pro/ Message: Access to font at 'https://3upload.com/css/font/OpenSans-Regular.woff' from origin 'https://lollty.pro' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://3upload.com/css/font/OpenSans-Regular.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://lollty.pro/ Message: Access to font at 'https://3upload.com/css/font/OpenSans-Regular.ttf' from origin 'https://lollty.pro' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://3upload.com/css/font/OpenSans-Regular.ttf Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3908659e23a5908f36a08e347f253756.safeframe.googlesyndication.com
3upload.com
a.tribalfusion.com
ad.doubleclick.net
adservice.google.com
ajax.googleapis.com
analytics.pangle-ads.com
b1sync.zemanta.com
bcp.crwdcntrl.net
cdn-ima.33across.com
cdn.ampproject.org
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.prod.uidapi.com
cm.g.doubleclick.net
connectid.analytics.yahoo.com
cs.media.net
dclk-match.dotomi.com
dis.criteo.com
dripgleamborrowing.com
dsum-sec.casalemedia.com
eb2.3lift.com
fonts.googleapis.com
fonts.gstatic.com
google-bidout-d.openx.net
googleads.g.doubleclick.net
gtrace.mediago.io
gum.criteo.com
ib.adnxs.com
id5-sync.com
image6.pubmatic.com
invstatic101.creativecdn.com
live.demand.supply
lollty.pro
m.exactag.com
match.sharethrough.com
maxcdn.bootstrapcdn.com
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
pm.w55c.net
pr-bh.ybp.yahoo.com
rtb.openx.net
s.tribalfusion.com
s0.2mdn.net
secure.adnxs.com
securepubads.g.doubleclick.net
ssl.google-analytics.com
static.criteo.net
sync.1rx.io
sync.targeting.unrulymedia.com
tags.crwdcntrl.net
tpc.googlesyndication.com
um.simpli.fi
ups.analytics.yahoo.com
use.fontawesome.com
www.google.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
3upload.com
104.122.24.29
108.128.142.196
142.250.181.226
142.250.181.230
162.19.138.83
172.64.151.101
172.64.152.89
173.233.137.44
178.250.1.9
18.153.246.175
18.184.81.93
18.239.18.33
195.138.255.9
198.47.127.19
199.85.210.80
213.202.235.9
2600:9000:2104:7e00:10:dd8:5e40:93a1
2600:9000:2447:ec00:a:e047:753:a221
2606:4700:10::ac43:266a
2606:4700::6810:5614
2606:4700::6810:8516
2606:4700::6812:18ad
2606:4700::6812:acf
2606:4700:e2::ac40:8c0d
2a00:1450:4001:801::2001
2a00:1450:4001:802::2002
2a00:1450:4001:806::2002
2a00:1450:4001:808::2006
2a00:1450:4001:809::2003
2a00:1450:4001:80e::2002
2a00:1450:4001:812::2008
2a00:1450:4001:813::2003
2a00:1450:4001:813::2004
2a00:1450:4001:81c::2001
2a00:1450:4001:827::200a
2a00:1450:4001:828::2002
2a00:1450:4001:829::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2001
2a00:1450:4001:831::200a
2a02:2638:3::3
2a02:2638:3::c
2a02:fa8:8806:21::1690
2a05:d018:d29:3601:18eb:9096:ecfc:cea8
3.71.149.231
34.102.146.192
34.120.107.143
34.91.62.186
34.96.70.87
34.98.64.218
35.186.253.211
35.214.168.80
37.252.171.52
46.228.174.117
51.89.9.253
52.57.164.72
64.202.112.95
69.173.144.139
76.223.111.18
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
03b65b32e61446736a4169598612403d5ba9b2c6858a2e9f74d6e0ff8254a6de
04d549a4f168546afdc3608bc6ef4ad67a16a2bf2baf8c6770f88f524c924d11
0787e30d6145bc8b8b92ed329f664bcc3012162ccba9ef943d7ada480afb74e9
0a43c20863b324fe2bec355b5ebdc6566861742f92018f12be1b38fa2c8b7767
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
0ef3193ab6a2b16038a371db6beb1c912da29dac3df734f688daad981c6d1272
0fefffa15777b279ce61a06932e05bade8fcb729dd9bee04e93fcdd21e8f4552
108cdb682e1d256ba58174d96775ec12fe2e9515ffa2ca7edfff49343a4d97ea
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
1458c65cd927c3e5bf35667665280eaaf849eef09ed217983334c5c8a78f6759
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
18ebc36644e10f87e20812c15e329c1b25848c62cd6cdfe74427cdf8995bc3a9
20e1aefdc3e9fad719ab19cd548be65e7a71d172d7ff92bf2b7232699e0ff802
27d5ba2175dc395614adb2c69fe9f4bff9abddef3a7c6e3e30a68587f428a37b
2b57b39c75557cc23ef7e555543718c1bd84cd365116af3edaafac2da1ed1494
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
30fe2b25061c04e45888d4eccbe63e113ad09715a8ee40d87485f188a526aa2d
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
38a14abf10435f2ae1d0a8c2269193fdd17d9efc89ae8a3eed0a8d1a9b8f5999
3907cc5ed9d4a0cdb316d069614220b55fccd5624ac173592a7a4c2c3aae0636
3a5a197947223babcd9e0e759e9284202d70ce33b9f8d7e6ffd3f5bce5fec649
3d2067d4b9b5b9d3003ffa4dc17b44616dc00a543f59eea17df555e959f20b53
3def8c1407a25c6fa88e21e82bed1b0d61d6710a98b21115a4c163d4743977e0
3e80ccbe6fe88155e3bdff0b3860a79185986ccc01e184b511dbd71d78984650
409d3fcfd6e913135f2e4e8be5c8ec1c03f6cf3ef2dd7ac7e4cba3af83ab4e44
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ec478e4f7e158845bf295fefbb4130aeee38a3d3e572c8bb54ebe24a52fde18
4f0014d85e7457ee81eb6f09676240ee687fb0057804f01c82485dd2022e7ebd
4f279cbd2464bea089320c265be67c78dc639742a3865924e216ffde43bc3f2e
516f5e4c2dc5c69f3e1707e76695f866f8e62468aca15c1a9ddb165eb684f6f0
51c012cf2461bf8b29f345373366183c7fd121579b6178e942be0b61d8c7da14
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
559aa06c43e959f9e8f889e815e0c3f5e384d18a7eceadd14baba226a8fe19c0
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
563d8b655debf02dc76ee9cad7e2114692c770d009bfc9ed1f9153eb384593d1
566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b
649af545f5efd2a265363ceeb7fdf9dc6dc8c85dfba4d7d3a538930c3d181b39
65d03eb82a79a732d7c0180593c4f5dc98a8fac5c20c3a5446c4f14bf93d280a
66916f9a3b2aa5c8de06a6434037ba2e54d3dc12c3e6822700455561f8486bfe
66e55d8e51156fa72ee6b2b6c906d5062488688c2ce7832d2a00969df0453ddd
6b36e829bb9ddb8c9f053eb9ab4da2bb968538da89d18aa92a8e10f299f007db
6e44e8a9cf91c3d915be31bc1d006e1df1cd438c981b592f966c059739694ad2
72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc
76740b2a7b0a35eed6ceb509cefd8ddd6955bd5c656b0581f2dcdb48040ced8f
77181483b66a0a48ff355f2e23f9abae7942613b1f010ae9c07c35f282e0d128
78283e24af27dcb4486f1205b44eb742e748e11ec09bc9abcfe059527f716ff3
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
80f4d9c7c420e58b6a1d8013b9512aef088d5e019824b98db55e90fa74480346
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
862f63eefaa5192d593ad417be71f701e7a11391e657f27d7da9bdae8251186f
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
8c6282b043a74b1d92d9edee077e30492ec94b17b7dd9735be93b93b6118db54
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
8dad63eeafcbdeea4645523e57bf40a32946768b4ef084625a3f4d03f333ce3d
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
94fd9ca316421dde0bf62a6a9db6983d1e9883949934592ca409d222ec36b56a
95abaca5a5f710cf478b0360960174ac2153a14f8e875794d2dda4df164263ae
9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9d0ac96cb67cbd12672f78d7b6ebbf3ade3190bda4f178a22a3626c44cdfd30c
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a22ca156f7dc5a7b030e29373e4586c6d7f7030d7208c1ec49f53df0d5b8266a
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a53c43f834b32309b084ea9314df8307e9c78cee2202c6e07f216ae4ae5b704d
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
aa7e59e6ec8871088cfeb47bac59a6475c815357deef042c61a5c3c965390546
afce34d5aa267491fb12ec2686260a7552080c41bf2a02e04c55a555dc7347bd
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1e2ac6c387e138763b1ad7e998b6fc2b69e493532e280e75d738859c2a230da
b53b6ad23b258ce11eed97786741510819a369348afcf1260856fe3041fc33de
b82ad8fbcf9bf844726f648ef268b74f8c2f668f56eafd98b05703e086ff1d5b
bcd19a24efaf550f22efecc709b55b457eef3ac4818ae9c981f700375f2486bd
bcda52144be1ce73ce7efa2791d7de8b4b17c3cab66e25cc74c528d3aaf7be8a
bdd1579c84daab8cdd1e5a4f71b546c9eaa6a76418f83e0215c573523614c309
be779b0e322b81f76bc00f275690c7a6b7f3cb407bdf383874080af920808c5c
bfb160e3aa942ad23ab4f1a99ce023d9d12bd107be26cd3bbdd77cb172cf6093
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c1b2da575466eb30982e08c1020f55bcf2d9565f53bd64c3da87a1d774d75588
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96
c5bf0e6df9651f90f2aedf49ebc0f2a74fcf8727237e252a229ae16d3d8c3f85
c6077711ce3174050ccebe6559eb5f0e251942c2cad21900d1c3ef316065565b
c707d5798e40035ef5aa307db04e295703514d654b1e65fa62b04492c687c255
c76398220dc3ef206cd1ed74cf485e6689431b8568776f9e22ee65b574cc6a67
c7f6468c8ac1542980b2d5f637fa933d7d00d2c6ff6690e34505d2aed0c0e23a
c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
cef530faffea60556d9a6915c151165537191069a652993a2afc9a59facf0f29
cf66b1a88c1b59fe8d1068ff7ec392816c6a8a43a1d0647bd940591f09974446
d3e60bf923c38a6dc639c101f2fa183f8c8ae32d152e4385bbd70842918242ee
d68bc1137be444d9f5aa9dbf125e7097a33655b1217f8159f83e2fc31f111b83
d7502e785bdc8f7184cab7e278053c49be4458393085eb2fbddabf35b895c310
d98121a51ed3f911f519cf42be28225dc26b4c9d61cfab0a580118e5c3447463
dae94c217dc1aa9352476e80cc72a8a938aaae1365f86d8d6a489aa22a0b1f9a
db2bdaad0dc9232fadb3de900bf039a0f356521698f213df1edf601e02a5870d
dd90fdb6538987fe7975bd43803b1c7d8d62912a371c788caec32d016e09dca8
de259eb7ba7a0e45575deb33946f1fbc695c97c33145ae4e49af0069d010868e
e02e9f678aa7335580a378a9699afe72d4bb88dab92866f6d3d613c5251576ea
e25632c07d004b4b377578617758690d318aac9c1e73430f66d9adbedeffea43
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e6d58ea2fe2fab105d04533fc94638e8e2dea450d7d9fb4150153c767a43a9b3
e8597b32d50b398bf5bc5fe42efad1221ad5dd436152e26cab60737780d8c746
e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ee7f5cb82973314127baf13071c4aa6bdba47284632130b8b4405af9cc91c779
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef2a613df2732e79fa085207620c7217bf3d24543562fa9c41838a5335525d83
f04876822bb6c01fad7982c03270e7029a82ff1b3052477cffd25c51d94a62e8
f1f06b0187473cbaec080254823a6440df39b17cca07f49ad4ad2f669e06a0bf
f47e1f525f6e5dc4532745b19a4b5f49c5b363abfafb7e0219b5c56d49ed7584
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f64ad45c01d1963ee11154bbe2c6abe546fe51ee06aad932e4cf5709d3fb7df3
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f79516d523443702ed74c090c0792d5514ebda67636b17ab3cfcc08c8f919da5
f7cbc01a310318defd4e31e4616543e2cf3baef5a47562c73ece4c0b716f157e
f7fc9f35d57b992f8230bfce328254df993d406ac852614e08837ec32005b130
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390
fb1f1f32a4dc6dcb8683006d842fe5d5a2f2c37abdae5afd55cfe2d8cd426923

lollty.pro Open in urlscan Pro 199.85.210.80 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

271 Requests

88 %HTTPS

47 %IPv6

46 Domains

64 Subdomains

48 IPs

7 Countries

4057 kBTransfer

7229 kBSize

43 Cookies

31 Outgoing links

Page URL History

Redirected requests

271 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

lollty.pro Open in urlscan Pro
199.85.210.80 Public Scan

Screenshot
Live screenshot

Full Image

271
Requests

88 %
HTTPS

47 %
IPv6

46
Domains

64
Subdomains

48
IPs

7
Countries

4057 kB
Transfer

7229 kB
Size

43
Cookies

271 HTTP transactions
5 data transactions