urlscan.io logo urlscan.io
SecurityTrails logo

ex.com Open in urlscan Pro
52.128.23.153  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://sar.ex.com/
Effective URL: http://ex.com/
Submission: On August 13 via manual from AE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 21 HTTP transactions. The main IP is 52.128.23.153, located in United States and belongs to DOSARREST, US. The main domain is ex.com.
This is the only time ex.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

9    52.128.23.153 (United States)

ASN19324 (DOSARREST, US)
sar.ex.com
ex.com
2    2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
6    2a00:1450:4001:812::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
3    2600:9000:2104:7c00:14:b436:55c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
static.uniregistry.com
1    2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
afs.googleusercontent.com
Domain Requested by
7 ex.com sar.ex.com
ex.com
6 www.google.com ex.com
www.google.com
3 static.uniregistry.com ex.com
2 ajax.googleapis.com ex.com
2 sar.ex.com 1 redirects
1 afs.googleusercontent.com www.google.com
1 www.gstatic.com ex.com
21 7

This site contains no links.

Subject Issuer Validity Valid
*.uniregistry.com
Go Daddy Secure Certificate Authority - G2		 2020-07-27 -
2022-07-27		 2 years crt.sh
www.google.com
GTS CA 1C3		 2021-07-12 -
2021-10-04		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-07-12 -
2021-10-04		 3 months crt.sh
*.googleusercontent.com
GTS CA 1C3		 2021-07-12 -
2021-10-04		 3 months crt.sh

This page contains 6 frames:

Primary Page: http://ex.com/
Frame ID: FD1CD0F6B5063ED28F382D4483B46AB5
Requests: 4 HTTP requests in this frame

Frame: http://ex.com/tg.php?uid=ex6116cb68ded263.18655672
Frame ID: F0A4494DE60A9F09625A08CFD80B2B51
Requests: 2 HTTP requests in this frame

Frame: http://ex.com/search_caf.php?uid=ex6116cb68ded263.18655672&src=mountains&abp=1
Frame ID: A2866A21033E93750765FF9947CE746D
Requests: 9 HTTP requests in this frame

Frame: http://ex.com/page.php?ex6116cb68ded263.18655672
Frame ID: 034704CE03ADF112C6E0FC6201A3A5CF
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/dp/ads?adsafe=low&channel=000049&cpp=0&hl=en&client=dp-nameadmin21_3ph_js&r=m&psid=2306733352&type=3&terms=Bad%20Credit%20Fix%2CBusiness%20Franchises%2CBusiness%20Programs%2CBusiness%20Software%2CCommodity%20Trading%2CConference%20Calls%2CDomain%20Hosting%2CEquity%20Loans%2CFashion%2CFinancial%20Planning%2CFundraising%2CHome%20Business%2CInvestments%2CISPs%2CMerchant%20Accounts%2COnline%20Gambling%2CPayroll%20Services%2CPersonals%2CPhoto%20Personals%2CRegister%20A%20Domain%2CRelocation%20Services%2CRetirement%20Planning%2CStock%20Trading%2CWeb%20Hosting&swp=as-drid-2566949902788368&uiopt=true&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300494%2C17300496%2C17300756%2C17300758%2C17300769%2C17300771%2C17300788%2C17300791%2C17300792&format=r6&num=0&output=afd_ads&domain_name=ex.com&v=3&adext=as1%2Csr1&bsl=8&pac=0&u_his=2&u_tz=120&dt=1628883817537&u_w=1600&u_h=1200&biw=1600&bih=1200&isw=1598&ish=1200&psw=1598&psh=293&frm=1&uio=sl1sr1-&cont=rs&csize=w620h0&inames=master-1&jsv=11776&rurl=http%3A%2F%2Fex.com%2Fsearch_caf.php%3Fuid%3Dex6116cb68ded263.18655672%26src%3Dmountains%26abp%3D1&referer=http%3A%2F%2Fex.com%2F
Frame ID: C9DF4E6E5EEBFA85A5FF7EA3295A465B
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/js/bg/1ybhf5PHJCoiRTy-ubeljLlyS14gR-QFfTY_U8tl74U.js
Frame ID: 62E3B573D59947FC173981DB1BB5A4A3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://sar.ex.com/ Page URL
  2. http://sar.ex.com/ HTTP 302
    http://ex.com/ Page URL
  3. http://ex.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

21
Requests

43 %
HTTPS

83 %
IPv6

6
Domains

7
Subdomains

6
IPs

2
Countries

573 kB
Transfer

910 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://sar.ex.com/ Page URL
  2. http://sar.ex.com/ HTTP 302
    http://ex.com/ Page URL
  3. http://ex.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • http://sar.ex.com/ HTTP 302
  • http://ex.com/

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
sar.ex.com/ 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://sar.ex.com/
Protocol
HTTP/1.1
Server
52.128.23.153 , United States, ASN19324 (DOSARREST, US),
Reverse DNS
Software
nginx /
Resource Hash
18f09c1d29a74bf5fdc537abe24591685e6129ed09e70ad4be1045b64a1de8de

Request headers

Host
sar.ex.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server
nginx
Date
Fri, 13 Aug 2021 19:43:35 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Keep-Alive
timeout=20
X-DIS-Request-ID
e110a28c36b37e480a584eff6c8358c0
P3P
CP="NON DSP COR ADMa OUR IND UNI COM NAV INT"
Cache-Control
no-cache
Content-Encoding
gzip
/
ex.com/
Redirect Chain
  • http://sar.ex.com/
  • http://ex.com/
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://ex.com/
Requested by
Host: sar.ex.com
URL: http://sar.ex.com/
Protocol
HTTP/1.1
Server
52.128.23.153 , United States, ASN19324 (DOSARREST, US),
Reverse DNS
Software
nginx /
Resource Hash
18f09c1d29a74bf5fdc537abe24591685e6129ed09e70ad4be1045b64a1de8de

Request headers

Host
ex.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://sar.ex.com/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://sar.ex.com/

Response headers

Server
nginx
Date
Fri, 13 Aug 2021 19:43:36 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Keep-Alive
timeout=20
X-DIS-Request-ID
d4251d01fffdf463defaff6ca5894483
P3P
CP="NON DSP COR ADMa OUR IND UNI COM NAV INT"
Cache-Control
no-cache
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Fri, 13 Aug 2021 19:43:36 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
0
Connection
keep-alive
Keep-Alive
timeout=20
Set-Cookie
uid=sar6116cb682abbd0.72366391; expires=Sun, 12-Sep-2021 19:43:36 GMT; Max-Age=2592000 SRV=lander02|YRbLW|YRbLW; path=/
Location
http://ex.com
X-DIS-Request-ID
8df0d1f6b33934bf6786b9e3e98fd36c
Primary Request Cookie set /
ex.com/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://ex.com/
Requested by
Host: ex.com
URL: http://ex.com/
Protocol
HTTP/1.1
Server
52.128.23.153 , United States, ASN19324 (DOSARREST, US),
Reverse DNS
Software
nginx / PHP/5.6.39-0+deb8u1
Resource Hash
4261da17b85a705514a5fa960d57fe121abc855a9c23830679335253f2dfb6bd

Request headers

Host
ex.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://ex.com/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Cookie
YPF8827340282Jdskjhfiw_928937459182JAX666=185.236.201.227
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://ex.com/

Response headers

Server
nginx
Date
Fri, 13 Aug 2021 19:43:36 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
945
Connection
keep-alive
Keep-Alive
timeout=20
X-Powered-By
PHP/5.6.39-0+deb8u1
Set-Cookie
uid=ex6116cb68ded263.18655672; expires=Sun, 12-Sep-2021 19:43:36 GMT; Max-Age=2592000 SRV=lander06|YRbLW|YRbLW; path=/
X-Adblock-Key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ==_VR4d+aKGViLA1Dz0ccs+9YSiyXlGcfh3BcVqGYCl4XAXNMvhttb5s2e3Q8zvLQQRwNpP8m/J74N5PsAUR8tVAA==
Vary
Accept-Encoding
Content-Encoding
gzip
Cache-control
private
X-DIS-Request-ID
5ff6f7ca432bcbd013ed7f3a0249c095
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.5.2/ 		84 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js
Requested by
Host: ex.com
URL: http://ex.com/
Protocol
HTTP/1.1
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8f0a19ee8c606b35a10904951e0a27da1896eafe33c6e88cb7bcbe455f05a24a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://ex.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 12 Aug 2021 05:42:30 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
136867
Content-Security-Policy-Report-Only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy
cross-origin
Content-Length
30082
X-XSS-Protection
0
Last-Modified
Tue, 03 Mar 2020 19:15:00 GMT
Server
sffe
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Expires
Fri, 12 Aug 2022 05:42:30 GMT
tg.php
ex.com/ Frame F0A4 		335 B
718 B 		Document
General
Check archive.org
Download Go to
Full URL
http://ex.com/tg.php?uid=ex6116cb68ded263.18655672
Requested by
Host: ex.com
URL: http://ex.com/
Protocol
HTTP/1.1
Server
52.128.23.153 , United States, ASN19324 (DOSARREST, US),
Reverse DNS
Software
nginx / PHP/5.6.39-0+deb8u1
Resource Hash
268622cf635e194da8f9fc18eb451a41aa1f73be9e876e05d9ceeaeabc37c60d

Request headers

Host
ex.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://ex.com/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Cookie
YPF8827340282Jdskjhfiw_928937459182JAX666=185.236.201.227; uid=ex6116cb68ded263.18655672; SRV=lander06|YRbLW|YRbLW
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://ex.com/

Response headers

Server
nginx
Date
Fri, 13 Aug 2021 19:43:37 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
261
Connection
keep-alive
Keep-Alive
timeout=20
X-Powered-By
PHP/5.6.39-0+deb8u1
Vary
Accept-Encoding
Content-Encoding
gzip
X-DIS-Request-ID
da6c3bf5c4e011c393ae58883e60e519
NEL
{"report_to": "dis", "max_age": 3600}
Report-To
{"group": "dis", "max_age": 3600, "endpoints": [{"url": "https://nel.dosarrest.net"}]}
Cookie set search_caf.php
ex.com/ Frame A286 		17 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://ex.com/search_caf.php?uid=ex6116cb68ded263.18655672&src=mountains&abp=1
Requested by
Host: ex.com
URL: http://ex.com/
Protocol
HTTP/1.1
Server
52.128.23.153 , United States, ASN19324 (DOSARREST, US),
Reverse DNS
Software
nginx / PHP/5.6.39-0+deb8u1
Resource Hash
80f527f8a9801fec0e031b47e54174d45dfa0e96e1b2fd42b62fd534134bb442

Request headers

Host
ex.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://ex.com/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Cookie
YPF8827340282Jdskjhfiw_928937459182JAX666=185.236.201.227; uid=ex6116cb68ded263.18655672; SRV=lander06|YRbLW|YRbLW
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://ex.com/

Response headers

Server
nginx
Date
Fri, 13 Aug 2021 19:43:37 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
5509
Connection
keep-alive
Keep-Alive
timeout=20
X-Powered-By
PHP/5.6.39-0+deb8u1
Set-Cookie
uid=ex6116cb68ded263.18655672; expires=Sun, 12-Sep-2021 19:43:37 GMT; Max-Age=2592000
Vary
Accept-Encoding
Content-Encoding
gzip
X-DIS-Request-ID
9f802a6f2146d73d5bd16edd5a1fae54
NEL
{"report_to": "dis", "max_age": 3600}
Report-To
{"group": "dis", "max_age": 3600, "endpoints": [{"url": "https://nel.dosarrest.net"}]}
page.php
ex.com/ Frame 0347 		175 B
615 B 		Document
General
Check archive.org
Download Go to
Full URL
http://ex.com/page.php?ex6116cb68ded263.18655672
Requested by
Host: ex.com
URL: http://ex.com/
Protocol
HTTP/1.1
Server
52.128.23.153 , United States, ASN19324 (DOSARREST, US),
Reverse DNS
Software
nginx / PHP/5.6.39-0+deb8u1
Resource Hash
2b279851315ff78eeeb4caa35aaefee123fa8a84de7c5c2621f4e1517307b802

Request headers

Host
ex.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://ex.com/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Cookie
YPF8827340282Jdskjhfiw_928937459182JAX666=185.236.201.227; uid=ex6116cb68ded263.18655672; SRV=lander06|YRbLW|YRbLW
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://ex.com/

Response headers

Server
nginx
Date
Fri, 13 Aug 2021 19:43:37 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
158
Connection
keep-alive
Keep-Alive
timeout=20
X-Powered-By
PHP/5.6.39-0+deb8u1
Vary
Accept-Encoding
Content-Encoding
gzip
X-DIS-Request-ID
0229e39f93276fd9d8a557992832286a
NEL
{"report_to": "dis", "max_age": 3600}
Report-To
{"group": "dis", "max_age": 3600, "endpoints": [{"url": "https://nel.dosarrest.net"}]}
track.php
ex.com/ Frame F0A4 		43 B
437 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://ex.com/track.php?uid=ex6116cb68ded263.18655672&d=ex.com&sr=1600x1200
Requested by
Host: ex.com
URL: http://ex.com/tg.php?uid=ex6116cb68ded263.18655672
Protocol
HTTP/1.1
Server
52.128.23.153 , United States, ASN19324 (DOSARREST, US),
Reverse DNS
Software
nginx / PHP/5.6.39-0+deb8u1
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
ex.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer
http://ex.com/tg.php?uid=ex6116cb68ded263.18655672
Cookie
YPF8827340282Jdskjhfiw_928937459182JAX666=185.236.201.227; uid=ex6116cb68ded263.18655672; SRV=lander06|YRbLW|YRbLW
Connection
keep-alive
Cache-Control
no-cache
Referer
http://ex.com/tg.php?uid=ex6116cb68ded263.18655672
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 13 Aug 2021 19:43:37 GMT
NEL
{"report_to": "dis", "max_age": 3600}
Server
nginx
X-Powered-By
PHP/5.6.39-0+deb8u1
Report-To
{"group": "dis", "max_age": 3600, "endpoints": [{"url": "https://nel.dosarrest.net"}]}
Content-Type
image/gif
Connection
keep-alive
Keep-Alive
timeout=20
Content-Length
43
X-DIS-Request-ID
86f5a6a45d0b6c0a7700b8db86ce4446
img.php
ex.com/ Frame 0347 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://ex.com/img.php?ex6116cb68ded263.18655672
Requested by
Host: ex.com
URL: http://ex.com/page.php?ex6116cb68ded263.18655672
Protocol
HTTP/1.1
Server
52.128.23.153 , United States, ASN19324 (DOSARREST, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
ex.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer
http://ex.com/page.php?ex6116cb68ded263.18655672
Cookie
uid=ex6116cb68ded263.18655672
Connection
keep-alive
Cache-Control
no-cache
Referer
http://ex.com/page.php?ex6116cb68ded263.18655672
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 13 Aug 2021 19:43:37 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
P3P
CP="NON DSP COR ADMa OUR IND UNI COM NAV INT"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
text/html
Keep-Alive
timeout=20
X-DIS-Request-ID
a81db8de9e435d312a8f29a1972b4632
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.5.2/ Frame A286 		84 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js
Requested by
Host: ex.com
URL: http://ex.com/search_caf.php?uid=ex6116cb68ded263.18655672&src=mountains&abp=1
Protocol
HTTP/1.1
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8f0a19ee8c606b35a10904951e0a27da1896eafe33c6e88cb7bcbe455f05a24a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://ex.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 12 Aug 2021 05:42:30 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
136867
Content-Security-Policy-Report-Only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy
cross-origin
Content-Length
30082
X-XSS-Protection
0
Last-Modified
Tue, 03 Mar 2020 19:15:00 GMT
Server
sffe
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Expires
Fri, 12 Aug 2022 05:42:30 GMT
caf.js
www.google.com/adsense/domains/ Frame A286 		153 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.google.com/adsense/domains/caf.js
Requested by
Host: ex.com
URL: http://ex.com/search_caf.php?uid=ex6116cb68ded263.18655672&src=mountains&abp=1
Protocol
HTTP/1.1
Server
2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c6a6c21fca815a98c3d964d33e11c8b26074ce7b937807a28ee59282156932db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://ex.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 13 Aug 2021 19:43:37 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Server
sffe
X-Content-Type-Options
nosniff
ETag
"10079385288239006563"
Content-Security-Policy-Report-Only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Content-Type
text/javascript; charset=UTF-8
Cache-Control
private, max-age=3600
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
cross-origin
Accept-Ranges
bytes
X-XSS-Protection
0
Expires
Fri, 13 Aug 2021 19:43:37 GMT
ur-logo-white.png
static.uniregistry.com/assets/img/ Frame A286 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.uniregistry.com/assets/img/ur-logo-white.png
Requested by
Host: ex.com
URL: http://ex.com/search_caf.php?uid=ex6116cb68ded263.18655672&src=mountains&abp=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2104:7c00:14:b436:55c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fba0e94400c61f945747763a6148d7f86f099bb99e195986a39e5bc0cf6972ac

Request headers

Referer
http://ex.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 13 Aug 2021 15:18:12 GMT
via
1.1 e029c86e892e2d8a35492f6625a1d26e.cloudfront.net (CloudFront)
last-modified
Thu, 21 Feb 2019 17:05:35 GMT
server
AmazonS3
age
15926
etag
"675bb51e4b3da04a4b718ece9cbc1ddb"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
public, max-age=86400
x-amz-cf-pop
AMS1-C1
content-length
3578
x-amz-cf-id
iZmSeRJxXYxbnrhOwAP5IaL3PIafLVZ4X_9I6rZXzEgeB3JYAhn4BA==
partner.gif
www.gstatic.com/domainads/tracking/ Frame A286 		43 B
424 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.gstatic.com/domainads/tracking/partner.gif?ts=1628883817516&rid=4121327
Requested by
Host: ex.com
URL: http://ex.com/search_caf.php?uid=ex6116cb68ded263.18655672&src=mountains&abp=1
Protocol
HTTP/1.1
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://ex.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 13 Aug 2021 19:43:37 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 22 Oct 2019 18:15:00 GMT
Server
sffe
Content-Type
image/gif
Cache-Control
no-cache, must-revalidate
Cross-Origin-Resource-Policy
cross-origin
Accept-Ranges
bytes
Content-Length
43
X-XSS-Protection
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
bg-parking.jpg
static.uniregistry.com/assets/img/landing-pages/ Frame A286 		296 KB
297 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.uniregistry.com/assets/img/landing-pages/bg-parking.jpg
Requested by
Host: ex.com
URL: http://ex.com/search_caf.php?uid=ex6116cb68ded263.18655672&src=mountains&abp=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2104:7c00:14:b436:55c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5ab5e1ffa21ca5b51f2872a9b67784224cfc30a55f93624d620b04202f0b9e5b

Request headers

Referer
http://ex.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 13 Aug 2021 13:33:10 GMT
via
1.1 e029c86e892e2d8a35492f6625a1d26e.cloudfront.net (CloudFront)
last-modified
Thu, 21 Feb 2019 17:05:33 GMT
server
AmazonS3
age
22228
etag
"87801d06f55a3c337a4170f56f363ea2"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
public, max-age=86400
x-amz-cf-pop
AMS1-C1
content-length
303563
x-amz-cf-id
h759Vge55pCT9r0Bm4e4w51Ncpb-wJa3aeT8ZtXw-Cpgi15k4aSgKA==
2191FE_4_0.woff
static.uniregistry.com/assets/fonts/proxima-nova/ Frame A286 		63 KB
64 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.uniregistry.com/assets/fonts/proxima-nova/2191FE_4_0.woff
Requested by
Host: ex.com
URL: http://ex.com/search_caf.php?uid=ex6116cb68ded263.18655672&src=mountains&abp=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2104:7c00:14:b436:55c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cdb25634b9f662b7407e5a4980d67f5e29bc6ceb21b4ec973043c1a7b05eb7c7

Request headers

Origin
http://ex.com
Referer
http://ex.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 13 Aug 2021 05:36:16 GMT
via
1.1 f54d9ad301a95e7dcfde675e1cd5ba89.cloudfront.net (CloudFront)
vary
Origin
age
50841
x-cache
Hit from cloudfront
content-length
64678
last-modified
Thu, 21 Feb 2019 16:49:11 GMT
server
AmazonS3
etag
"9fc5890416c33ae16e05b680c38c4ec7"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/font-woff
access-control-allow-origin
*
cache-control
public, max-age=86400
x-amz-cf-pop
AMS1-C1
x-amz-cf-id
OO3Tn7dqosiVu7QB5zzM788sIEoEwbFSHhrYrRGDwsyXG_rtdF5rYg==
ads
www.google.com/dp/ Frame C9DF 		15 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/dp/ads?adsafe=low&channel=000049&cpp=0&hl=en&client=dp-nameadmin21_3ph_js&r=m&psid=2306733352&type=3&terms=Bad%20Credit%20Fix%2CBusiness%20Franchises%2CBusiness%20Programs%2CBusiness%20Software%2CCommodity%20Trading%2CConference%20Calls%2CDomain%20Hosting%2CEquity%20Loans%2CFashion%2CFinancial%20Planning%2CFundraising%2CHome%20Business%2CInvestments%2CISPs%2CMerchant%20Accounts%2COnline%20Gambling%2CPayroll%20Services%2CPersonals%2CPhoto%20Personals%2CRegister%20A%20Domain%2CRelocation%20Services%2CRetirement%20Planning%2CStock%20Trading%2CWeb%20Hosting&swp=as-drid-2566949902788368&uiopt=true&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300494%2C17300496%2C17300756%2C17300758%2C17300769%2C17300771%2C17300788%2C17300791%2C17300792&format=r6&num=0&output=afd_ads&domain_name=ex.com&v=3&adext=as1%2Csr1&bsl=8&pac=0&u_his=2&u_tz=120&dt=1628883817537&u_w=1600&u_h=1200&biw=1600&bih=1200&isw=1598&ish=1200&psw=1598&psh=293&frm=1&uio=sl1sr1-&cont=rs&csize=w620h0&inames=master-1&jsv=11776&rurl=http%3A%2F%2Fex.com%2Fsearch_caf.php%3Fuid%3Dex6116cb68ded263.18655672%26src%3Dmountains%26abp%3D1&referer=http%3A%2F%2Fex.com%2F
Requested by
Host: www.google.com
URL: http://www.google.com/adsense/domains/caf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
cccf3cfa4106912ef7325972af5591ae27a7e06ecac8a4e53c35e4da440f1995
Security Headers
Name Value
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/dp/ads?adsafe=low&channel=000049&cpp=0&hl=en&client=dp-nameadmin21_3ph_js&r=m&psid=2306733352&type=3&terms=Bad%20Credit%20Fix%2CBusiness%20Franchises%2CBusiness%20Programs%2CBusiness%20Software%2CCommodity%20Trading%2CConference%20Calls%2CDomain%20Hosting%2CEquity%20Loans%2CFashion%2CFinancial%20Planning%2CFundraising%2CHome%20Business%2CInvestments%2CISPs%2CMerchant%20Accounts%2COnline%20Gambling%2CPayroll%20Services%2CPersonals%2CPhoto%20Personals%2CRegister%20A%20Domain%2CRelocation%20Services%2CRetirement%20Planning%2CStock%20Trading%2CWeb%20Hosting&swp=as-drid-2566949902788368&uiopt=true&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300494%2C17300496%2C17300756%2C17300758%2C17300769%2C17300771%2C17300788%2C17300791%2C17300792&format=r6&num=0&output=afd_ads&domain_name=ex.com&v=3&adext=as1%2Csr1&bsl=8&pac=0&u_his=2&u_tz=120&dt=1628883817537&u_w=1600&u_h=1200&biw=1600&bih=1200&isw=1598&ish=1200&psw=1598&psh=293&frm=1&uio=sl1sr1-&cont=rs&csize=w620h0&inames=master-1&jsv=11776&rurl=http%3A%2F%2Fex.com%2Fsearch_caf.php%3Fuid%3Dex6116cb68ded263.18655672%26src%3Dmountains%26abp%3D1&referer=http%3A%2F%2Fex.com%2F
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
http://ex.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://ex.com/

Response headers

content-type
text/html; charset=UTF-8
content-disposition
inline
date
Fri, 13 Aug 2021 19:43:37 GMT
expires
Fri, 13 Aug 2021 19:43:37 GMT
cache-control
private, max-age=3600
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding
br
server
gws
content-length
8412
x-xss-protection
0
set-cookie
CONSENT=PENDING+333; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.google.com; Secure
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
caf.js
www.google.com/adsense/domains/ Frame C9DF 		153 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/adsense/domains/caf.js
Requested by
Host: www.google.com
URL: https://www.google.com/dp/ads?adsafe=low&channel=000049&cpp=0&hl=en&client=dp-nameadmin21_3ph_js&r=m&psid=2306733352&type=3&terms=Bad%20Credit%20Fix%2CBusiness%20Franchises%2CBusiness%20Programs%2CBusiness%20Software%2CCommodity%20Trading%2CConference%20Calls%2CDomain%20Hosting%2CEquity%20Loans%2CFashion%2CFinancial%20Planning%2CFundraising%2CHome%20Business%2CInvestments%2CISPs%2CMerchant%20Accounts%2COnline%20Gambling%2CPayroll%20Services%2CPersonals%2CPhoto%20Personals%2CRegister%20A%20Domain%2CRelocation%20Services%2CRetirement%20Planning%2CStock%20Trading%2CWeb%20Hosting&swp=as-drid-2566949902788368&uiopt=true&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300494%2C17300496%2C17300756%2C17300758%2C17300769%2C17300771%2C17300788%2C17300791%2C17300792&format=r6&num=0&output=afd_ads&domain_name=ex.com&v=3&adext=as1%2Csr1&bsl=8&pac=0&u_his=2&u_tz=120&dt=1628883817537&u_w=1600&u_h=1200&biw=1600&bih=1200&isw=1598&ish=1200&psw=1598&psh=293&frm=1&uio=sl1sr1-&cont=rs&csize=w620h0&inames=master-1&jsv=11776&rurl=http%3A%2F%2Fex.com%2Fsearch_caf.php%3Fuid%3Dex6116cb68ded263.18655672%26src%3Dmountains%26abp%3D1&referer=http%3A%2F%2Fex.com%2F
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bbea15bc843f6ac44ba724f22b75497c601ae452dd220954ac940560798ee1af
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 13 Aug 2021 19:43:37 GMT
content-encoding
gzip
vary
Accept-Encoding
server
sffe
x-content-type-options
nosniff
etag
"7923931487887062146"
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Fri, 13 Aug 2021 19:43:37 GMT
chevron.svg
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/ Frame C9DF 		200 B
443 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg
Requested by
Host: www.google.com
URL: https://www.google.com/dp/ads?adsafe=low&channel=000049&cpp=0&hl=en&client=dp-nameadmin21_3ph_js&r=m&psid=2306733352&type=3&terms=Bad%20Credit%20Fix%2CBusiness%20Franchises%2CBusiness%20Programs%2CBusiness%20Software%2CCommodity%20Trading%2CConference%20Calls%2CDomain%20Hosting%2CEquity%20Loans%2CFashion%2CFinancial%20Planning%2CFundraising%2CHome%20Business%2CInvestments%2CISPs%2CMerchant%20Accounts%2COnline%20Gambling%2CPayroll%20Services%2CPersonals%2CPhoto%20Personals%2CRegister%20A%20Domain%2CRelocation%20Services%2CRetirement%20Planning%2CStock%20Trading%2CWeb%20Hosting&swp=as-drid-2566949902788368&uiopt=true&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300494%2C17300496%2C17300756%2C17300758%2C17300769%2C17300771%2C17300788%2C17300791%2C17300792&format=r6&num=0&output=afd_ads&domain_name=ex.com&v=3&adext=as1%2Csr1&bsl=8&pac=0&u_his=2&u_tz=120&dt=1628883817537&u_w=1600&u_h=1200&biw=1600&bih=1200&isw=1598&ish=1200&psw=1598&psh=293&frm=1&uio=sl1sr1-&cont=rs&csize=w620h0&inames=master-1&jsv=11776&rurl=http%3A%2F%2Fex.com%2Fsearch_caf.php%3Fuid%3Dex6116cb68ded263.18655672%26src%3Dmountains%26abp%3D1&referer=http%3A%2F%2Fex.com%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a0f2728b3c46b9817c807714ed006928bf5dc446c3f848d8d7d9c7d9fe81fd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 13 Aug 2021 07:32:29 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Thu, 22 Oct 2020 21:45:00 GMT
server
sffe
age
43868
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
content-type
image/svg+xml
cache-control
public, max-age=82800
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
175
x-xss-protection
0
expires
Sat, 14 Aug 2021 06:32:29 GMT
1ybhf5PHJCoiRTy-ubeljLlyS14gR-QFfTY_U8tl74U.js
www.google.com/js/bg/ Frame 62E3 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/js/bg/1ybhf5PHJCoiRTy-ubeljLlyS14gR-QFfTY_U8tl74U.js
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d726e17f93c7242a22453cbeb9b7a58cb9724b5e2047e4057d363f53cb65ef85
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 12 Aug 2021 09:02:34 GMT
content-encoding
br
x-content-type-options
nosniff
age
124863
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13373
x-xss-protection
0
last-modified
Tue, 03 Aug 2021 09:30:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 12 Aug 2022 09:02:34 GMT
gen_204
www.google.com/afs/ Frame A286 		0
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/afs/gen_204?client=dp-nameadmin21_3ph_js&output=uds_ads_only&zx=pnrvj8qn1lo4&aqid=acsWYYv8JZOhygX_t4y4DQ&psid=2306733352&pbt=bs&adbx=489&adby=171&adbh=374&adbw=620&adbn=master-1&eawp=partner-dp-nameadmin21_3ph_js&errv=11776766210875481620&csadii=19&csadr=208&lle=0&llm=1000&ifv=1&usr=1
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://ex.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 13 Aug 2021 19:43:39 GMT
server
gws
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-type
text/html; charset=ISO-8859-1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
gen_204
www.google.com/afs/ Frame A286 		0
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/afs/gen_204?client=dp-nameadmin21_3ph_js&output=uds_ads_only&zx=nf1f0ythbvin&aqid=acsWYYv8JZOhygX_t4y4DQ&psid=2306733352&pbt=bv&adbx=489&adby=171&adbh=374&adbw=620&adbn=master-1&eawp=partner-dp-nameadmin21_3ph_js&errv=11776766210875481620&csadii=19&csadr=208&lle=0&llm=1000&ifv=1&usr=1
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://ex.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 13 Aug 2021 19:43:39 GMT
server
gws
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-type
text/html; charset=ISO-8859-1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| GetParam function| logStatus

1 Cookies

Domain/Path Name / Value
ex.com/ Name: uid
Value: ex6116cb68ded263.18655672

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

afs.googleusercontent.com
ajax.googleapis.com
ex.com
sar.ex.com
static.uniregistry.com
www.google.com
www.gstatic.com
2600:9000:2104:7c00:14:b436:55c0:93a1
2a00:1450:4001:80e::200a
2a00:1450:4001:812::2004
2a00:1450:4001:827::2001
2a00:1450:4001:830::2003
52.128.23.153
18f09c1d29a74bf5fdc537abe24591685e6129ed09e70ad4be1045b64a1de8de
268622cf635e194da8f9fc18eb451a41aa1f73be9e876e05d9ceeaeabc37c60d
2b279851315ff78eeeb4caa35aaefee123fa8a84de7c5c2621f4e1517307b802
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
4261da17b85a705514a5fa960d57fe121abc855a9c23830679335253f2dfb6bd
5ab5e1ffa21ca5b51f2872a9b67784224cfc30a55f93624d620b04202f0b9e5b
80f527f8a9801fec0e031b47e54174d45dfa0e96e1b2fd42b62fd534134bb442
8f0a19ee8c606b35a10904951e0a27da1896eafe33c6e88cb7bcbe455f05a24a
a0f2728b3c46b9817c807714ed006928bf5dc446c3f848d8d7d9c7d9fe81fd1f
bbea15bc843f6ac44ba724f22b75497c601ae452dd220954ac940560798ee1af
c6a6c21fca815a98c3d964d33e11c8b26074ce7b937807a28ee59282156932db
cccf3cfa4106912ef7325972af5591ae27a7e06ecac8a4e53c35e4da440f1995
cdb25634b9f662b7407e5a4980d67f5e29bc6ceb21b4ec973043c1a7b05eb7c7
d726e17f93c7242a22453cbeb9b7a58cb9724b5e2047e4057d363f53cb65ef85
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
fba0e94400c61f945747763a6148d7f86f099bb99e195986a39e5bc0cf6972ac