www.user-shield.com Open in urlscan Pro
2606:4700:20::681a:51  Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.user-shield.com/new/yt/	4 KB 2 KB	193ms 145ms	Document text/html	2606:4700:20::681a:51 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.user-shield.com/new/yt/?cy_platform=mobile&cy_platform_type=af&cy_app=com.expressvpn.vpn&af_prt=takoomi&pid=propellerads_int&c=5320220&af_channel=Protect_Your_Internet_Connection&af_siteid=2743201&af_click_lookback=7d&clickid=528397527784186300&af_installpostback=false&fbclid=IwAR2AK8ncGRWBSee6SBZ3YOtZKZqdH-nmrFum92IMx3e9otBuR5VgqGcOKVA&h=AT0FNBo1diCRp4A-psCNt9pnQEkiUTCX_sApeq9K4kEl-Mz9Ya55x9FVi571YhyVp7ZwsGUtntfg6JRHcrk0jOvSQDzNqs2czczWH9B_W7yIg_uuqmjCBZH6i6jUoYieG3E Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:51 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6d1b98ec80bbbe1aab33327d5a719d6656b6dc31f67d8ac74f91ccd30145b065 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers date Fri, 18 Mar 2022 01:30:17 GMT content-type text/html x-amz-id-2 3piWzrfROL5FUi5Lp+JPvDo56vGKsPyVoTFa9ni+fHbEJY2WLnyrKL47kraCdYGdPJRg48WXrnI= x-amz-request-id M07073BWHFMMMSYT last-modified Mon, 06 Dec 2021 09:57:32 GMT cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wAFIB%2BzmJZ3CX8BMg49AoMbRakCMiz8F%2FHwMlV3EP9ilbUa%2FHqXswcFDFHgA%2BUEai7VTMD8NY%2FYc2qw1%2BDsvUMWBTCG%2B%2BUmdoECXTiVqZLUEjhNW5BsBYjb082pUB%2FWtNQngfBIWfz2%2FiGQy1vQVvlU%3D"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 6eda33c4ece40f7a-MXP content-encoding br
GET H2	200	style.css www.user-shield.com/new/yt/	2 KB 1020 B	24ms 23ms	Stylesheet text/css	2606:4700:20::681a:51 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.user-shield.com/new/yt/style.css Requested by Host: www.user-shield.com URL: https://www.user-shield.com/new/yt/?cy_platform=mobile&cy_platform_type=af&cy_app=com.expressvpn.vpn&af_prt=takoomi&pid=propellerads_int&c=5320220&af_channel=Protect_Your_Internet_Connection&af_siteid=2743201&af_click_lookback=7d&clickid=528397527784186300&af_installpostback=false&fbclid=IwAR2AK8ncGRWBSee6SBZ3YOtZKZqdH-nmrFum92IMx3e9otBuR5VgqGcOKVA&h=AT0FNBo1diCRp4A-psCNt9pnQEkiUTCX_sApeq9K4kEl-Mz9Ya55x9FVi571YhyVp7ZwsGUtntfg6JRHcrk0jOvSQDzNqs2czczWH9B_W7yIg_uuqmjCBZH6i6jUoYieG3E Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:51 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b3f675457fa2954cdc4e4c2f4c55fad8f4e0100b8f4f57376468e3d5890b24ee Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.user-shield.com/new/yt/?cy_platform=mobile&cy_platform_type=af&cy_app=com.expressvpn.vpn&af_prt=takoomi&pid=propellerads_int&c=5320220&af_channel=Protect_Your_Internet_Connection&af_siteid=2743201&af_click_lookback=7d&clickid=528397527784186300&af_installpostback=false&fbclid=IwAR2AK8ncGRWBSee6SBZ3YOtZKZqdH-nmrFum92IMx3e9otBuR5VgqGcOKVA&h=AT0FNBo1diCRp4A-psCNt9pnQEkiUTCX_sApeq9K4kEl-Mz9Ya55x9FVi571YhyVp7ZwsGUtntfg6JRHcrk0jOvSQDzNqs2czczWH9B_W7yIg_uuqmjCBZH6i6jUoYieG3E User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Fri, 18 Mar 2022 01:30:17 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 1468 cf-polished origSize=3605 x-amz-request-id DBA1M056QQ3J494C x-amz-id-2 fGCvNEIFl6NnDkEi/WKiiDyfCjVorbDuxpkMUTWDTPLH0Zha/BdCnFXFqR3G/TXybE25ZLZjsHE= last-modified Mon, 06 Dec 2021 09:57:33 GMT server cloudflare etag W/"be5a55596863cc95626c5310bcbf553e" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pxwN6jxUlens6RxkaJWB25KHT%2BDJNMefTlG6oqTWBUP59m1c%2BBQMFC0Jk%2F8tyhg1XsTo07hgY3VL3lRA0mAzyBDUC7du5B88cDAROHy9MyIOQMMHua6OG7JoeNNtOCcLkTiP3v18x%2FPHstYobwjYee0%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=259200 cf-ray 6eda33c5fdc00f7a-MXP cf-bgj minify
GET H2	200	loader.gif www.user-shield.com/new/yt/	19 KB 20 KB	24ms 23ms	Image image/gif	2606:4700:20::681a:51 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.user-shield.com/new/yt/loader.gif Requested by Host: www.user-shield.com URL: https://www.user-shield.com/new/yt/?cy_platform=mobile&cy_platform_type=af&cy_app=com.expressvpn.vpn&af_prt=takoomi&pid=propellerads_int&c=5320220&af_channel=Protect_Your_Internet_Connection&af_siteid=2743201&af_click_lookback=7d&clickid=528397527784186300&af_installpostback=false&fbclid=IwAR2AK8ncGRWBSee6SBZ3YOtZKZqdH-nmrFum92IMx3e9otBuR5VgqGcOKVA&h=AT0FNBo1diCRp4A-psCNt9pnQEkiUTCX_sApeq9K4kEl-Mz9Ya55x9FVi571YhyVp7ZwsGUtntfg6JRHcrk0jOvSQDzNqs2czczWH9B_W7yIg_uuqmjCBZH6i6jUoYieG3E Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:51 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6678fbb34f3ef18c5649c7cfc1302c671ff5b1c8e9f4365fb51f3d629dab2924 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.user-shield.com/new/yt/?cy_platform=mobile&cy_platform_type=af&cy_app=com.expressvpn.vpn&af_prt=takoomi&pid=propellerads_int&c=5320220&af_channel=Protect_Your_Internet_Connection&af_siteid=2743201&af_click_lookback=7d&clickid=528397527784186300&af_installpostback=false&fbclid=IwAR2AK8ncGRWBSee6SBZ3YOtZKZqdH-nmrFum92IMx3e9otBuR5VgqGcOKVA&h=AT0FNBo1diCRp4A-psCNt9pnQEkiUTCX_sApeq9K4kEl-Mz9Ya55x9FVi571YhyVp7ZwsGUtntfg6JRHcrk0jOvSQDzNqs2czczWH9B_W7yIg_uuqmjCBZH6i6jUoYieG3E User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Fri, 18 Mar 2022 01:30:17 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 1191 cf-ray 6eda33c5fdc10f7a-MXP content-length 19889 x-amz-id-2 ahjWU5IfttY19pBQAUW1qYaOfxUfj9lTS7S2j/4J86KzVilaewC1fqQP1Mb4VaAfTKOCI3JZQBc= last-modified Mon, 06 Dec 2021 09:57:33 GMT server cloudflare etag "5e47c12dca8da91748533fd68bb806ff" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nyTbKXxqwBBa4CwuJeD%2BMdL8nNX5Sri%2BJ6p%2FoA8DT99tCn%2BYtA6QXt5f%2Fg9PKm1Tig1Wst23%2F%2BG3QHEmrhNr0MUbCaVlleuhFKMSZQy3v4sdwp5jYT5nJqDo7DsxLBngk3UPqg4sPb3b%2B469KMf71dQ%3D"}],"group":"cf-nel","max_age":604800} x-amz-request-id DBAB3HAWX4AY9HA9 cache-control max-age=259200 accept-ranges bytes content-type image/gif
GET H2	200	rocket-loader.min.js Show response www.user-shield.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/	12 KB 4 KB	21ms 20ms	Script application/javascript	2606:4700:20::681a:51 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.user-shield.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Requested by Host: www.user-shield.com URL: https://www.user-shield.com/new/yt/?cy_platform=mobile&cy_platform_type=af&cy_app=com.expressvpn.vpn&af_prt=takoomi&pid=propellerads_int&c=5320220&af_channel=Protect_Your_Internet_Connection&af_siteid=2743201&af_click_lookback=7d&clickid=528397527784186300&af_installpostback=false&fbclid=IwAR2AK8ncGRWBSee6SBZ3YOtZKZqdH-nmrFum92IMx3e9otBuR5VgqGcOKVA&h=AT0FNBo1diCRp4A-psCNt9pnQEkiUTCX_sApeq9K4kEl-Mz9Ya55x9FVi571YhyVp7ZwsGUtntfg6JRHcrk0jOvSQDzNqs2czczWH9B_W7yIg_uuqmjCBZH6i6jUoYieG3E Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:51 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.user-shield.com/new/yt/?cy_platform=mobile&cy_platform_type=af&cy_app=com.expressvpn.vpn&af_prt=takoomi&pid=propellerads_int&c=5320220&af_channel=Protect_Your_Internet_Connection&af_siteid=2743201&af_click_lookback=7d&clickid=528397527784186300&af_installpostback=false&fbclid=IwAR2AK8ncGRWBSee6SBZ3YOtZKZqdH-nmrFum92IMx3e9otBuR5VgqGcOKVA&h=AT0FNBo1diCRp4A-psCNt9pnQEkiUTCX_sApeq9K4kEl-Mz9Ya55x9FVi571YhyVp7ZwsGUtntfg6JRHcrk0jOvSQDzNqs2czczWH9B_W7yIg_uuqmjCBZH6i6jUoYieG3E User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Fri, 18 Mar 2022 01:30:17 GMT content-encoding gzip x-content-type-options nosniff last-modified Mon, 14 Mar 2022 18:25:01 GMT server cloudflare etag W/"622f887d-302c" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-frame-options DENY report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tqXhswYBGeO1x13tYX2HUnetjC9%2BfQSnJIVCgGqW8C3tBXQaZevr9rRiQ2T8cIhKsj8juYFjJln%2FijfbyH2161ZyFFgLo%2BczXqAiFFSolOqEHe7%2BOHPiwoQh8XCUxa1U1ReUXQwiWZj6Z6FyFNyyM%2Bc%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=172800, public nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6eda33c5fdc30f7a-MXP vary Accept-Encoding expires Sun, 20 Mar 2022 01:30:17 GMT
GET H2	200	dynamic_src.js Show response www.user-shield.com/new/yt/	1 KB 1 KB	26ms 25ms	Script application/javascript	2606:4700:20::681a:51 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.user-shield.com/new/yt/dynamic_src.js Requested by Host: www.user-shield.com URL: https://www.user-shield.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:51 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d54602e38364b3f97b3d43d1cbe3ad91ce443ef8118b1c772abed0aea04e187a Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.user-shield.com/new/yt/?cy_platform=mobile&cy_platform_type=af&cy_app=com.expressvpn.vpn&af_prt=takoomi&pid=propellerads_int&c=5320220&af_channel=Protect_Your_Internet_Connection&af_siteid=2743201&af_click_lookback=7d&clickid=528397527784186300&af_installpostback=false&fbclid=IwAR2AK8ncGRWBSee6SBZ3YOtZKZqdH-nmrFum92IMx3e9otBuR5VgqGcOKVA&h=AT0FNBo1diCRp4A-psCNt9pnQEkiUTCX_sApeq9K4kEl-Mz9Ya55x9FVi571YhyVp7ZwsGUtntfg6JRHcrk0jOvSQDzNqs2czczWH9B_W7yIg_uuqmjCBZH6i6jUoYieG3E User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Fri, 18 Mar 2022 01:30:17 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 1191 cf-polished origSize=1637 x-amz-request-id DBAD1PBXQHGZ32R9 x-amz-id-2 bjk75Gg3G+C/3nX6QEFCDNQMmundxPYiFGJYIJsj8XxJ6T6wi1EijPPgV+gr1AGWLAVRytLJcOs= last-modified Mon, 06 Dec 2021 09:57:31 GMT server cloudflare etag W/"571ec141177c9964a701cfa05c3a986b" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eTrs6kcYw3kGmUg6Ewjxi%2F5FhsVqQ8MIemo4JvgtTvqKlN42a6hpgK3VNdm1TwEQJrYget4OxlEWwz2yF7uuQGFm4lszs9Zzs44b5ETzinQbOeKWeoMM3O%2FHA8hARxpnFFU7NJjcgbvW5qMk3VO%2B4M8%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=259200 cf-ray 6eda33c61de20f7a-MXP cf-bgj minify
GET H2	200	common_src.js Show response www.user-shield.com/common/	3 KB 1 KB	25ms 24ms	Script application/javascript	2606:4700:20::681a:51 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.user-shield.com/common/common_src.js Requested by Host: www.user-shield.com URL: https://www.user-shield.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:51 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8995b7ac238cbcaaaadf8038f5babf7a8dc4085aacd9f66df8d4d407fdb0e9e3 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.user-shield.com/new/yt/?cy_platform=mobile&cy_platform_type=af&cy_app=com.expressvpn.vpn&af_prt=takoomi&pid=propellerads_int&c=5320220&af_channel=Protect_Your_Internet_Connection&af_siteid=2743201&af_click_lookback=7d&clickid=528397527784186300&af_installpostback=false&fbclid=IwAR2AK8ncGRWBSee6SBZ3YOtZKZqdH-nmrFum92IMx3e9otBuR5VgqGcOKVA&h=AT0FNBo1diCRp4A-psCNt9pnQEkiUTCX_sApeq9K4kEl-Mz9Ya55x9FVi571YhyVp7ZwsGUtntfg6JRHcrk0jOvSQDzNqs2czczWH9B_W7yIg_uuqmjCBZH6i6jUoYieG3E User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Fri, 18 Mar 2022 01:30:17 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 1191 cf-polished origSize=3931 x-amz-request-id PHK30TW3K41XR9F0 x-amz-id-2 GSA7a38HGRZUFj2uUIHYi//HzlkK7TkeiSERSamGhgkhG3HI0hz8sPr4k3wCr03zIbiwoSwcVd4= last-modified Thu, 11 Nov 2021 13:21:03 GMT server cloudflare etag W/"476777752815638c4d367fb5554aa42b" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cu2z6J464c5koT3%2FFllJCP0ezbREJnCeuEz6rGej966jaV1Bku%2B9xi8qlwxpj5VQg3RtwBnNUZslFLHHbRmacqqXKBP7X8NEEEin5rcDNHbSnciLMkBAzbI2lH1TY8%2B25HX0DH0nlE9ux31aizERQV0%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=259200 cf-ray 6eda33c62de50f7a-MXP cf-bgj minify
GET H2	200	jquery-3.4.1.min.js Show response www.user-shield.com/common/	86 KB 31 KB	26ms 26ms	Script application/javascript	2606:4700:20::681a:51 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.user-shield.com/common/jquery-3.4.1.min.js Requested by Host: www.user-shield.com URL: https://www.user-shield.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:51 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.user-shield.com/new/yt/?cy_platform=mobile&cy_platform_type=af&cy_app=com.expressvpn.vpn&af_prt=takoomi&pid=propellerads_int&c=5320220&af_channel=Protect_Your_Internet_Connection&af_siteid=2743201&af_click_lookback=7d&clickid=528397527784186300&af_installpostback=false&fbclid=IwAR2AK8ncGRWBSee6SBZ3YOtZKZqdH-nmrFum92IMx3e9otBuR5VgqGcOKVA&h=AT0FNBo1diCRp4A-psCNt9pnQEkiUTCX_sApeq9K4kEl-Mz9Ya55x9FVi571YhyVp7ZwsGUtntfg6JRHcrk0jOvSQDzNqs2czczWH9B_W7yIg_uuqmjCBZH6i6jUoYieG3E User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Fri, 18 Mar 2022 01:30:17 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 2536 x-amz-request-id PHK61ERX801YYZ39 x-amz-id-2 +06yD1saEQ/PVOnL98ctNTprqxpbfx8xVvHq5/CueihSi3Ht9TgSTOPSksjPm7xmjd4uYHTehR4= last-modified Thu, 14 Oct 2021 11:17:49 GMT server cloudflare etag W/"220afd743d9e9643852e31a135a9f3ae" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EJObePcV7lS6noZsx1M8FlG5DwxpjA5IT7GYai0HPWpMmMFyBmO60sZD520YkjZSCCeGODvl42lCiLJJF%2FiOtEnGjmwaMXiBGkxBGZcIhYOVU%2F0TcGq1DB13Tj8qp%2BWK3%2F4EcEzcSXPCf1K1iE6JpSM%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=259200 cf-ray 6eda33c62de60f7a-MXP
GET H2	200	c0e50e6c Show response impressions.onelink.me/v6wJ/ Frame 17E3	0 263 B	60ms 29ms	Document text/plain	18.66.248.110 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://impressions.onelink.me/v6wJ/c0e50e6c?cy_platform=mobile&cy_platform_type=af&cy_app=com.expressvpn.vpn&af_prt=takoomi&pid=propellerads_int&c=5320220&af_channel=Protect_Your_Internet_Connection&af_siteid=2743201&af_click_lookback=7d&clickid=528397527784186300&af_installpostback=false&fbclid=IwAR2AK8ncGRWBSee6SBZ3YOtZKZqdH-nmrFum92IMx3e9otBuR5VgqGcOKVA&h=AT0FNBo1diCRp4A-psCNt9pnQEkiUTCX_sApeq9K4kEl-Mz9Ya55x9FVi571YhyVp7ZwsGUtntfg6JRHcrk0jOvSQDzNqs2czczWH9B_W7yIg_uuqmjCBZH6i6jUoYieG3E Requested by Host: www.user-shield.com URL: https://www.user-shield.com/new/yt/dynamic_src.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.248.110 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-248-110.dus51.r.cloudfront.net Software http-kit / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://www.user-shield.com/ Response headers content-length 0 date Fri, 18 Mar 2022 01:30:18 GMT server http-kit strict-transport-security max-age=31536000; includeSubDomains x-cache Miss from cloudfront via 1.1 cd8cc1ff175a63c59feeb56bb3687766.cloudfront.net (CloudFront) x-amz-cf-pop DUS51-P1 x-amz-cf-id 7Am-lReiuSvD16KDq3HkDNuJZG8SWUXpq75YjxSjxN7zQ2czQFwcKg==
GET H2	200	retargeting.js Show response www.libcdn.xyz/js/	5 KB 2 KB	149ms 104ms	Script application/javascript	2606:4700:3030::6815:212d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.libcdn.xyz/js/retargeting.js?_=1647567017976 Requested by Host: www.user-shield.com URL: https://www.user-shield.com/common/jquery-3.4.1.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6815:212d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9e9296f5e01b66de01b50d1ebe2b65f1fb81a383971410201b2916b708bebdb7 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.user-shield.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Fri, 18 Mar 2022 01:30:18 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-request-id 8FYVHMRBWA3NQTBV alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-amz-id-2 xo35rcsrvkkoSNYlfkUCS+o3hd8QhKXaYt8ZWS8EKvM4J9T+/z6pyBnUHGJYCfXXWtM84zPYJtA= last-modified Sun, 26 Jul 2020 10:08:04 GMT server cloudflare etag W/"e3b5de84e1a9a457c7755e77b2670fea" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7uxOJ1yFomtLNmZTb9PRNdDe724CUOHafU5UNGRFTt%2BTmGQqK6RP0l2JRzdkJaVgnbWIp1m14fvfGEa1p1OIMNuWs8DPtuajVQAQjCUAOBDiwVXrQaoq3ojexBjQ9ikx8lhF2Lvd2%2B6%2BP5iOMA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 6eda33c6cd893760-MXP
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	99 KB 27 KB	23ms 7ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: www.libcdn.xyz URL: https://www.libcdn.xyz/js/retargeting.js?_=1647567017976 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 3e18d0e3dd548e9745884578e3cd9f0a492ddbb6f3b797db364b45bb16cadfb3 Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.user-shield.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400,h3-29=":443"; ma=86400 content-length 26320 x-xss-protection 0 pragma public x-fb-debug E6XIXXZ7URaBtJngpVY+jO5EB9Bht+2JSFJSrH4VGLJUmjlwx8SLgJ5opxChzDDjTUHaHYGtTdXFyqvXALPiJA== x-fb-trip-id 686109401 x-frame-options DENY cross-origin-opener-policy same-origin-allow-popups cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" date Fri, 18 Mar 2022 01:30:18 GMT strict-transport-security max-age=31536000; preload; includeSubDomains report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	tfa.js Show response cdn.taboola.com/libtrc/unip/1260992/	55 KB 17 KB	30ms 7ms	Script application/javascript	151.101.129.44 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.taboola.com/libtrc/unip/1260992/tfa.js Requested by Host: www.libcdn.xyz URL: https://www.libcdn.xyz/js/retargeting.js?_=1647567017976 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.129.44 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash aaf18edf463ccdfd9ca2474f7e4df047ff939a6a0e856e21f20893dfae792328 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.user-shield.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers x-amz-version-id IIHR1Mhp1bdG1JudKS8ojttQd_aleO7e content-encoding gzip etag "c39632b5b379631fffe6d29bc30db723" age 7416 x-cache HIT x-amz-replication-status COMPLETED content-length 17366 x-amz-id-2 VE1SXiUPHwRxWleEPqq5zuiL/Qp1imgkOTi0Lw7CrnxGAUXbsnjAENHbrvl/62Zr10UycaXbZaI= x-served-by cache-hhn4061-HHN last-modified Sun, 13 Mar 2022 11:14:38 GMT server AmazonS3 x-timer S1647567018.167624,VS0,VE1 date Fri, 18 Mar 2022 01:30:18 GMT vary Accept-Encoding x-amz-request-id 5V7QSB6DYXV9M9T0 via 1.1 varnish cache-control private,max-age=14401 accept-ranges bytes content-type application/javascript; charset=utf-8 abp 11 x-cache-hits 1
GET H2	200	262165081659310 Show response connect.facebook.net/signals/config/	308 KB 88 KB	9ms 8ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/262165081659310?v=2.9.57&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 455ddc03ae7e0603319b16f03e0dcda8a816096a266c53e2f990de828083798a Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.user-shield.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400,h3-29=":443"; ma=86400 content-length 89877 x-xss-protection 0 pragma public x-fb-debug QJGuSshdmpACWM6xpzvN4UM2ojugMAZVFBIwa3iNJAeWNYpMOXVCTcrr2FeHPMCEbuMzLv0azGmzaYDY1gm70Q== x-fb-trip-id 686109401 x-frame-options DENY cross-origin-opener-policy same-origin-allow-popups cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" date Fri, 18 Mar 2022 01:30:18 GMT strict-transport-security max-age=31536000; preload; includeSubDomains report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	json Show response trc.taboola.com/1260992/trc/3/	2 KB 1 KB	28ms 21ms	Script application/javascript	151.101.129.44 FASTLY
General Check archive.org Show headers Download Go to Full URL https://trc.taboola.com/1260992/trc/3/json?tim=1647567018194&data=%7B%22id%22%3A535%2C%22ii%22%3A%22%2Fnew%2Fyt%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1647567018186%2C%22cv%22%3A%2220220313-3-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.user-shield.com%2Fnew%2Fyt%2F%3Fcy_platform%3Dmobile%26cy_platform_type%3Daf%26cy_app%3Dcom.expressvpn.vpn%26af_prt%3Dtakoomi%26pid%3Dpropellerads_int%26c%3D5320220%26af_channel%3DProtect_Your_Internet_Connection%26af_siteid%3D2743201%26af_click_lookback%3D7d%26clickid%3D528397527784186300%26af_installpostback%3Dfalse%26fbclid%3DIwAR2AK8ncGRWBSee6SBZ3YOtZKZqdH-nmrFum92IMx3e9otBuR5VgqGcOKVA%26h%3DAT0FNBo1diCRp4A-psCNt9pnQEkiUTCX_sApeq9K4kEl-Mz9Ya55x9FVi571YhyVp7ZwsGUtntfg6JRHcrk0jOvSQDzNqs2czczWH9B_W7yIg_uuqmjCBZH6i6jUoYieG3E%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%3Fcy_platform%3Dmobile%26cy_platform_type%3Daf%26cy_app%3Dcom.expressvpn.vpn%26af_prt%3Dtakoomi%26pid%3Dpropellerads_int%26c%3D5320220%26af_channel%3DProtect_Your_Internet_Connection%26af_siteid%3D2743201%26af_click_lookback%3D7d%26clickid%3D528397527784186300%26af_installpostback%3Dfalse%26fbclid%3DIwAR2AK8ncGRWBSee6SBZ3YOtZKZqdH-nmrFum92IMx3e9otBuR5VgqGcOKVA%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dtakoomiltd2-sc%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1647567018193%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fwww.user-shield.com%2Fnew%2Fyt%2F%3Fcy_platform%3Dmobile%26cy_platform_type%3Daf%26cy_app%3Dcom.expressvpn.vpn%26af_prt%3Dtakoomi%26pid%3Dpropellerads_int%26c%3D5320220%26af_channel%3DProtect_Your_Internet_Connection%26af_siteid%3D2743201%26af_click_lookback%3D7d%26clickid%3D528397527784186300%26af_installpostback%3Dfalse%26fbclid%3DIwAR2AK8ncGRWBSee6SBZ3YOtZKZqdH-nmrFum92IMx3e9otBuR5VgqGcOKVA%26h%3DAT0FNBo1diCRp4A-psCNt9pnQEkiUTCX_sApeq9K4kEl-Mz9Ya55x9FVi571YhyVp7ZwsGUtntfg6JRHcrk0jOvSQDzNqs2czczWH9B_W7yIg_uuqmjCBZH6i6jUoYieG3E%22%2C%22tos%22%3A2%2C%22ssd%22%3A1%2C%22scd%22%3A100%2C%22supv%22%3Atrue%7D%7D&pubit=i Requested by Host: cdn.taboola.com URL: https://cdn.taboola.com/libtrc/unip/1260992/tfa.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.129.44 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 77593749e63327537c482d2e1e74dfc2578f64ccf062cc62f327fb661a784ede Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.user-shield.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers x-vcl-time-ms 15 date Fri, 18 Mar 2022 01:30:18 GMT content-encoding gzip server nginx x-timer S1647567018.207272,VS0,VE15 x-served-by cache-hhn4061-HHN vary Accept-Encoding x-cache MISS p3p policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM" access-control-allow-origin * access-control-allow-credentials true accept-ranges bytes content-type application/javascript; charset=utf-8 via 1.1 varnish x-cache-hits 0
GET H2	200	/ www.facebook.com/tr/	44 B 410 B	22ms 7ms	Image image/gif	2a03:2880:f11c:8083:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=262165081659310&ev=PageView&dl=https%3A%2F%2Fwww.user-shield.com%2Fnew%2Fyt%2F%3Fcy_platform%3Dmobile%26cy_platform_type%3Daf%26cy_app%3Dcom.expressvpn.vpn%26af_prt%3Dtakoomi%26pid%3Dpropellerads_int%26c%3D5320220%26af_channel%3DProtect_Your_Internet_Connection%26af_siteid%3D2743201%26af_click_lookback%3D7d%26clickid%3D528397527784186300%26af_installpostback%3Dfalse%26fbclid%3DIwAR2AK8ncGRWBSee6SBZ3YOtZKZqdH-nmrFum92IMx3e9otBuR5VgqGcOKVA%26h%3DAT0FNBo1diCRp4A-psCNt9pnQEkiUTCX_sApeq9K4kEl-Mz9Ya55x9FVi571YhyVp7ZwsGUtntfg6JRHcrk0jOvSQDzNqs2czczWH9B_W7yIg_uuqmjCBZH6i6jUoYieG3E&rl=&if=false&ts=1647567018225&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbc=fb.1.1647567018223.IwAR2AK8ncGRWBSee6SBZ3YOtZKZqdH-nmrFum92IMx3e9otBuR5VgqGcOKVA&fbp=fb.1.1647567018224.1763693829&it=1647567018180&coo=false&exp=p0&rqm=GET Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.user-shield.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Fri, 18 Mar 2022 01:30:18 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 44 expires Fri, 18 Mar 2022 01:30:18 GMT
GET H3	200	/ www.facebook.com/tr/	44 B 91 B	17ms 7ms	Image image/gif	2a03:2880:f11c:8083:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=262165081659310&ev=Microdata&dl=https%3A%2F%2Fwww.user-shield.com%2Fnew%2Fyt%2F%3Fcy_platform%3Dmobile%26cy_platform_type%3Daf%26cy_app%3Dcom.expressvpn.vpn%26af_prt%3Dtakoomi%26pid%3Dpropellerads_int%26c%3D5320220%26af_channel%3DProtect_Your_Internet_Connection%26af_siteid%3D2743201%26af_click_lookback%3D7d%26clickid%3D528397527784186300%26af_installpostback%3Dfalse%26fbclid%3DIwAR2AK8ncGRWBSee6SBZ3YOtZKZqdH-nmrFum92IMx3e9otBuR5VgqGcOKVA%26h%3DAT0FNBo1diCRp4A-psCNt9pnQEkiUTCX_sApeq9K4kEl-Mz9Ya55x9FVi571YhyVp7ZwsGUtntfg6JRHcrk0jOvSQDzNqs2czczWH9B_W7yIg_uuqmjCBZH6i6jUoYieG3E&rl=&if=false&ts=1647567019729&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22(1)%20Notification%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.57&r=stable&ec=1&o=30&fbc=fb.1.1647567018223.IwAR2AK8ncGRWBSee6SBZ3YOtZKZqdH-nmrFum92IMx3e9otBuR5VgqGcOKVA&fbp=fb.1.1647567018224.1763693829&it=1647567018180&coo=false&es=automatic&tm=3&exp=p0&rqm=GET Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.user-shield.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Fri, 18 Mar 2022 01:30:19 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin content-length 44 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 priority u=3,i expires Fri, 18 Mar 2022 01:30:19 GMT
GET H2	204	unip Show response trc-events.taboola.com/1260992/log/3/	0 250 B	89ms 14ms	XHR text/plain	141.226.228.48 TABOOLA-AS
General Check archive.org Show headers Download Go to Full URL https://trc-events.taboola.com/1260992/log/3/unip?en=pre_d_eng_tb&tos=1552&scd=100&ssd=1&est=1647567018189&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1647567019743&vi=1647567018186&ri=5e2b2c3d0fd27e78ed83f979662b15f0&ref=null&cv=20220313-3-RELEASE&item-url=https%3A%2F%2Fwww.user-shield.com%2Fnew%2Fyt%2F%3Fcy_platform%3Dmobile%26cy_platform_type%3Daf%26cy_app%3Dcom.expressvpn.vpn%26af_prt%3Dtakoomi%26pid%3Dpropellerads_int%26c%3D5320220%26af_channel%3DProtect_Your_Internet_Connection%26af_siteid%3D2743201%26af_click_lookback%3D7d%26clickid%3D528397527784186300%26af_installpostback%3Dfalse%26fbclid%3DIwAR2AK8ncGRWBSee6SBZ3YOtZKZqdH-nmrFum92IMx3e9otBuR5VgqGcOKVA%26h%3DAT0FNBo1diCRp4A-psCNt9pnQEkiUTCX_sApeq9K4kEl-Mz9Ya55x9FVi571YhyVp7ZwsGUtntfg6JRHcrk0jOvSQDzNqs2czczWH9B_W7yIg_uuqmjCBZH6i6jUoYieG3E Requested by Host: cdn.taboola.com URL: https://cdn.taboola.com/libtrc/unip/1260992/tfa.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.user-shield.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers access-control-allow-origin https://www.user-shield.com pragma no-cache date Fri, 18 Mar 2022 01:30:19 GMT cache-control no-cache access-control-allow-credentials true server nginx p3p policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| structuredClone object| oncontextlost object| oncontextrestored object| __cfQR function| $ function| jQuery string| pixelType string| base_link string| platform_type_default string| platform_default object| base_links_dic function| removeURLParameter boolean| __cfRLUnblockHandlers function| fbq function| _fbq object| _tfa function| _typeof object| TFASC object| TRC object| _taboola number| taboola_view_id object| TRCImpl function| __trcError

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.user-shield.com/	1970-01-20 03:49:03	Name: _fbc Value: fb.1.1647567018223.IwAR2AK8ncGRWBSee6SBZ3YOtZKZqdH-nmrFum92IMx3e9otBuR5VgqGcOKVA
			.user-shield.com/	1970-01-20 03:49:03	Name: _fbp Value: fb.1.1647567018224.1763693829
			.facebook.com/	1970-01-20 03:49:03	Name: fr Value: 04uLGgdj2sLtgUmMo..BiM-Cq...1.0.BiM-Cq.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.taboola.com
connect.facebook.net
impressions.onelink.me
trc-events.taboola.com
trc.taboola.com
www.facebook.com
www.libcdn.xyz
www.user-shield.com
141.226.228.48
151.101.129.44
18.66.248.110
2606:4700:20::681a:51
2606:4700:3030::6815:212d
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
3e18d0e3dd548e9745884578e3cd9f0a492ddbb6f3b797db364b45bb16cadfb3
455ddc03ae7e0603319b16f03e0dcda8a816096a266c53e2f990de828083798a
6678fbb34f3ef18c5649c7cfc1302c671ff5b1c8e9f4365fb51f3d629dab2924
6d1b98ec80bbbe1aab33327d5a719d6656b6dc31f67d8ac74f91ccd30145b065
77593749e63327537c482d2e1e74dfc2578f64ccf062cc62f327fb661a784ede
8995b7ac238cbcaaaadf8038f5babf7a8dc4085aacd9f66df8d4d407fdb0e9e3
9e9296f5e01b66de01b50d1ebe2b65f1fb81a383971410201b2916b708bebdb7
aaf18edf463ccdfd9ca2474f7e4df047ff939a6a0e856e21f20893dfae792328
b3f675457fa2954cdc4e4c2f4c55fad8f4e0100b8f4f57376468e3d5890b24ee
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d54602e38364b3f97b3d43d1cbe3ad91ce443ef8118b1c772abed0aea04e187a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855