0.bluetopperer.online Open in urlscan Pro
104.248.199.158 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://happyeasterimages.org/
Effective URL:
https://0.bluetopperer.online/index.php?p=gqyggylcgu5dkmryga&sub1=onlinewatch&sub2=gather
Submission: On March 24 via manual (March 24th 2022, 10:44:29 pm UTC) from US — Scanned from DE

Summary HTTP 67 Redirects Behaviour Indicators

Summary

This website contacted 18 IPs in 4 countries across 17 domains to perform 67 HTTP transactions. The main IP is 104.248.199.158, located in Amsterdam, Netherlands and belongs to DIGITALOCEAN-ASN, US. The main domain is 0.bluetopperer.online.
TLS certificate: Issued by R3 on March 23rd 2022. Valid for: 3 months.

This is the only time 0.bluetopperer.online was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 23	2a06:98c1:312... 2a06:98c1:3120::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
1	143.204.98.98 143.204.98.98	16509 (AMAZON-02) (AMAZON-02)
9	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	151.139.242.29 151.139.242.29	33438 (STACKPATH) (STACKPATH)
1 4	111.90.143.157 111.90.143.157	45839 (SHINJIRU-...) (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd)
1	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2600:9000:224... 2600:9000:224a:9800:c:abe:f440:93a1	16509 (AMAZON-02) (AMAZON-02)
1	3.123.86.254 3.123.86.254	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2006	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
2	104.248.199.158 104.248.199.158	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	188.166.135.13 188.166.135.13	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
67	18

23 2a06:98c1:3120::7 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

happyeasterimages.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-98.fra50.r.cloudfront.net

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.242.29 (United States)

ASN33438 (STACKPATH, US)

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 111.90.143.157 (Kuala Lumpur, Malaysia) 1 redirects

ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY)
PTR: server1.kamon.la

ads.specialadves.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
scripts.classicpartnerships.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
brend.specialadves.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:224a:9800:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.123.86.254 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-123-86-254.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.248.199.158 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)

bluetopperer.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
0.bluetopperer.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.166.135.13 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)

se18.biz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	happyeasterimages.org 1 redirects happyeasterimages.org	188 KB
11	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 90 tpc.googlesyndication.com — Cisco Umbrella Rank: 122	294 KB
5	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 38	45 KB
5	gstatic.com fonts.gstatic.com	70 KB
3	specialadves.com 1 redirects ads.specialadves.com — Cisco Umbrella Rank: 321379 brend.specialadves.com Failed	2 KB
3	sharethis.com platform-api.sharethis.com — Cisco Umbrella Rank: 4644 buttons-config.sharethis.com — Cisco Umbrella Rank: 5510 l.sharethis.com — Cisco Umbrella Rank: 4230	43 KB
2	bluetopperer.online bluetopperer.online Failed 0.bluetopperer.online	103 KB
2	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 57 www.google.com — Cisco Umbrella Rank: 2	848 B
1	se18.biz se18.biz — Cisco Umbrella Rank: 544784	265 B
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 147	37 KB
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 246	63 KB
1	google.de adservice.google.de — Cisco Umbrella Rank: 8832	792 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 716	655 B
1	classicpartnerships.com scripts.classicpartnerships.com	738 B
1	wp.com stats.wp.com — Cisco Umbrella Rank: 2544	3 KB
1	dmca.com images.dmca.com — Cisco Umbrella Rank: 12193	633 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	2 KB
67	17

	Domain	Requested by
23	happyeasterimages.org	1 redirects happyeasterimages.org
8	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com
5	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
5	fonts.gstatic.com	fonts.googleapis.com
3	pagead2.googlesyndication.com	happyeasterimages.org pagead2.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com
2	brend.specialadves.com	ads.specialadves.com scripts.classicpartnerships.com
1	se18.biz	happyeasterimages.org
1	0.bluetopperer.online	happyeasterimages.org
1	bluetopperer.online	brend.specialadves.com
1	www.google.com	1 redirects
1	www.googletagservices.com	googleads.g.doubleclick.net
1	s0.2mdn.net	tpc.googlesyndication.com
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	scripts.classicpartnerships.com	happyeasterimages.org
1	l.sharethis.com	platform-api.sharethis.com
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	stats.wp.com	happyeasterimages.org
1	ads.specialadves.com	happyeasterimages.org
1	images.dmca.com	happyeasterimages.org
1	platform-api.sharethis.com	happyeasterimages.org
1	fonts.googleapis.com	happyeasterimages.org
67	23

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-13` - `2022-07-12`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-28` - `2022-05-23`	3 months	crt.sh
sharethis.com Amazon	`2021-07-19` - `2022-08-17`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-28` - `2022-05-23`	3 months	crt.sh
images.dmca.com Go Daddy Secure Certificate Authority - G2	`2022-03-11` - `2023-03-29`	a year	crt.sh
specialadves.com R3	`2022-03-19` - `2022-06-17`	3 months	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
classicpartnerships.com R3	`2022-03-19` - `2022-06-17`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-02-28` - `2022-05-23`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-02-28` - `2022-05-23`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
brend.specialadves.com R3	`2022-03-19` - `2022-06-17`	3 months	crt.sh
bluetopper.online R3	`2022-03-23` - `2022-06-21`	3 months	crt.sh
se18.biz R3	`2022-03-22` - `2022-06-20`	3 months	crt.sh

This page contains 5 frames:

Frame: https://se18.biz/?auf=gu3wgzlbgu5dcnrqgixtkmrygaxtqlzsmvstim3fmmyc6mruf4ytmnbyge3dcobwgu&p=b&sub1=onlinewatch&sub2=gather&sub3=&sub4=&cpc=0&cpm=0
Frame ID: A5523DF302FB8ABA28D9553FA24796D5
Requests: 53 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220323/r20190131/zrt_lookup.html
Frame ID: 0006C43C069CC759FD62B84028B30B2B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2525651058144004&output=html&h=600&slotname=2178804305&adk=720124719&adf=1877256209&pi=t.ma~as.2178804305&w=300&lmt=1648159951&psa=0&format=300x600&url=https%3A%2F%2Fhappyeasterimages.org%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1648161862171&bpp=4&bdt=351&idt=95&shv=r20220323&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&correlator=8167437203989&frm=20&pv=2&ga_vid=1945497355.1648161862&ga_sid=1648161862&ga_hid=321912361&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1135&ady=230&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31065741%2C31063247&oid=2&pvsid=271489604791121&pem=182&tmod=256156460&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=qPOCMH41x4&p=https%3A//happyeasterimages.org&dtd=116
Frame ID: D73507E9AF9270929FDC16F66F15387D
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4832910516238442415/300x600/verti_300x600.html
Frame ID: F9EC7257AD09E199162A676282ABFCA6
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: BD65A21690FC2F1D4A95826412314244
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://happyeasterimages.org/ HTTP 301
https://happyeasterimages.org/ Page URL
https://brend.specialadves.com/location.php?spec=2&p=578&get=348 HTTP 302
https://brend.specialadves.com/go.php?id=098&sid=1663&pid=77432 Page URL
https://bluetopperer.online/go/gqyggylcgu5dkmryga?sub1=onlinewatch&sub2=gather Page URL
https://0.bluetopperer.online/index.php?p=gqyggylcgu5dkmryga&sub1=onlinewatch&sub2=gather Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/
wp-embed\.min\.js\?ver=([\d.]+)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

67
Requests

90 %
HTTPS

56 %
IPv6

17
Domains

23
Subdomains

18
IPs

4
Countries

852 kB
Transfer

2175 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://happyeasterimages.org/ HTTP 301
https://happyeasterimages.org/ Page URL
https://brend.specialadves.com/location.php?spec=2&p=578&get=348 HTTP 302
https://brend.specialadves.com/go.php?id=098&sid=1663&pid=77432 Page URL
https://bluetopperer.online/go/gqyggylcgu5dkmryga?sub1=onlinewatch&sub2=gather Page URL
https://0.bluetopperer.online/index.php?p=gqyggylcgu5dkmryga&sub1=onlinewatch&sub2=gather Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://happyeasterimages.org/ HTTP 301
https://happyeasterimages.org/

Request Chain 55

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 59

https://brend.specialadves.com/location.php?spec=2&p=578&get=348 HTTP 302
https://brend.specialadves.com/go.php?id=098&sid=1663&pid=77432

67 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
happyeasterimages.org/
Redirect Chain

http://happyeasterimages.org/
https://happyeasterimages.org/

66 KB
10 KB

174ms
134ms

Document
text/html

2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://happyeasterimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b96491bfd6ad562224719a3c45d0badb4538d044c0f745d4ed99d2ecc6e4ca9a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
content-type: text/html; charset=UTF-8
vary: X-Forwarded-Proto,Accept-Encoding
last-modified: Thu, 24 Mar 2022 22:12:31 GMT
referrer-policy: no-referrer-when-downgrade
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EMetuPL%2FFa0wTgaqBvqYk2XkOAh6uksWtYuHivOdC%2FydauobNgqjdZAHw8r9kGLUANpcqRIyes6Co4xwsy4r8xPxYRvyRIweHoGR%2FNCy01GnOf08TQHq6KqNcpwKfnWd5CMx%2BYxi0QCKvXl96pwWSVBk7I4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6f12ee57bcdc3742-MXP
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

Date: Thu, 24 Mar 2022 22:44:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 24 Mar 2022 23:44:22 GMT
Location: https://happyeasterimages.org/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kpIQgxH5ZtKMnJSBfL8ZwPJfUEQbURE%2Fl2ShQNGJXtDCqjhd0i7%2F87ZsLEhXp4qeoEj%2FCFRXkryFqPdqEKsfj9HeE3vJB7EnqA%2BKNbXeTDA9ESPKtV6aVXRL0VJ%2BYSZadq3F%2FXb7AoWbZG1y7%2F13h22ahac%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 6f12ee574f6ce930-MRS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 style.min.css
happyeasterimages.org/wp-includes/css/dist/block-library/ 53 KB
8 KB 176ms
174ms Stylesheet
text/css 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://happyeasterimages.org/wp-includes/css/dist/block-library/style.min.css?ver=5.5.9
Requested by: Host: happyeasterimages.org
URL: https://happyeasterimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 14 Sep 2020 11:12:28 GMT
server: cloudflare
etag: W/"d293-5af441c2c0987-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D0E82y4UEGA%2BGPUSd0LfOhmAhD5%2Fr9F%2BdAlTwuUTBRbPH3HDzaXQ7c3i34nT4jr6aeVanV1XCru5BiugNo5nV2exBhSIdxZvd7zx6oWGxhWd1oTD4iz6mGlh3HBX2O47zVHs63uAePIQjtDRIknpu%2BXhro4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 6f12ee58af193742-MXP
expires: Sat, 11 Mar 2023 11:31:29 GMT

GET
H2 200 theme.min.css
happyeasterimages.org/wp-includes/css/dist/block-library/ 2 KB
1 KB 157ms
154ms Stylesheet
text/css 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://happyeasterimages.org/wp-includes/css/dist/block-library/theme.min.css?ver=5.5.9
Requested by: Host: happyeasterimages.org
URL: https://happyeasterimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d5575c28819cc80d5cf47729e998387ddc2d510a6adf37ce5a19b8f2127ee05

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 14 Sep 2020 11:12:28 GMT
server: cloudflare
etag: W/"8aa-5af441c2c0987-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DGJPc%2FBtgg1rzrvdWQHILlcV%2BMYnYReNbcnv%2BSnSmj5qXblQgRXQ8m3LlkGJbuZcqO5U4h9CN6MNEU4%2Bcfo57P%2BF9X0QvOlh0JH3r6MZrnPDvl4y0vtPRhb%2F7qmn46VYORo9RIfy0CSJsO7YuBkDdCyi9%2Bc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 6f12ee58bf1c3742-MXP
expires: Sat, 11 Mar 2023 11:31:30 GMT

GET
H2 200 styles.css
happyeasterimages.org/wp-content/plugins/contact-form-7/includes/css/ 2 KB
919 B 175ms
171ms Stylesheet
text/css 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://happyeasterimages.org/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.2.2
Requested by: Host: happyeasterimages.org
URL: https://happyeasterimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3f0c9fc4895c2194ee2a6717d10676003c0c62ce6d626a02ccc8ccca7b0ff50

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=1920
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 14 Sep 2020 11:13:02 GMT
server: cloudflare
etag: W/"780-5af441e32d7fd-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YoecqOt6YPxe2YKknabGiCKXtch%2BMRWEFbohlwyNOz74UX7LfFP6VecMLIdUP2Fz7eYtUxk7aR1aZ6B%2Fm%2BfBjE2Zd0ViPVs5QUkoKB9iEX3oOaG4f5zf9jgpxQ8YHjPKMfhlTK3CQoUHuXLOYm4%2Fp3KvMks%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 6f12ee58bf223742-MXP
expires: Fri, 10 Mar 2023 18:21:01 GMT

GET
H2 200 mu-style.css
happyeasterimages.org/wp-content/plugins/sharethis-share-buttons/css/ 0
427 B 130ms
126ms Stylesheet
text/css 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://happyeasterimages.org/wp-content/plugins/sharethis-share-buttons/css/mu-style.css?ver=5.5.9
Requested by: Host: happyeasterimages.org
URL: https://happyeasterimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=26
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 14 Sep 2020 11:13:06 GMT
server: cloudflare
etag: W/"1a-5af441e69b712"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y2PfUoGs2szQ3CiA91c5i2Gn6hMhXnh8V3y9cI4G5OVBjA%2Fi7wS1IybYVGERTDg%2FXVtfvftLUzPxJdhTbzuN%2BW%2BAjOS149sd3A6znU8MBSXW65JekHzhFuVQ6ded2k1oNao6ZHwbDhHSU8jQbj%2FpF5SUuZU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 6f12ee58bf243742-MXP
expires: Wed, 22 Mar 2023 10:33:47 GMT

GET
H2 200 font-awesome.min.css
happyeasterimages.org/wp-content/themes/bam/assets/css/ 30 KB
7 KB 173ms
169ms Stylesheet
text/css 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://happyeasterimages.org/wp-content/themes/bam/assets/css/font-awesome.min.css?ver=4.7.0
Requested by: Host: happyeasterimages.org
URL: https://happyeasterimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 09 Apr 2020 05:47:34 GMT
server: cloudflare
etag: W/"7918-5a2d5274c8f22-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PItgxbtrL9r01tY2jEDeNeLsshZBS3fs3iIZClJXKqaSDIJVjoHK75WvlU7GfdhwzEyF%2B5p9kw%2BRjI%2BYjLjDEs%2FQwXc5%2F2Qpl23yv0qk5sv%2Be6Jmnw6iXMVjU3uqtqsOrjABN3deG6CHr4g9MtkJjh2SkVY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 6f12ee58bf253742-MXP
expires: Fri, 10 Mar 2023 18:21:01 GMT

GET
H2 200 style.css
happyeasterimages.org/wp-content/themes/bam/ 34 KB
8 KB 176ms
173ms Stylesheet
text/css 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://happyeasterimages.org/wp-content/themes/bam/style.css?ver=5.5.9
Requested by: Host: happyeasterimages.org
URL: https://happyeasterimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b40cbacf2398a9d80e985aa79a19604506636db1cd02b512e44bfa83b574847d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=53078
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 09 Apr 2020 05:47:34 GMT
server: cloudflare
etag: W/"cf56-5a2d5274db804-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q3hvKpRfUW1koYl1YApOQ0FTrikE%2BmWgPzBLVqGp9BVwaW4fhEJZTMYGYXljSaH1BSAY4faHrt%2BzJYs2u107aWABn0hiG8ROSE%2FohYDOpezqjzGdTzxrLikGNRkVwRniDtiFe6wtgNOODonXPMOr%2FcqxVWA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 6f12ee58bf293742-MXP
expires: Sat, 11 Mar 2023 11:31:30 GMT

GET
H2 200 css
fonts.googleapis.com/ 39 KB
2 KB 41ms
17ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100i%2C200i%2C300i%2C400i%2C500i%2C600i%2C700i%2C800i%2C900i|Roboto+Condensed%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100i%2C200i%2C300i%2C400i%2C500i%2C600i%2C700i%2C800i%2C900i%26subset%3Dlatin

Requested by

Host: happyeasterimages.org
URL: https://happyeasterimages.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

27dd0deb3e6fd3b862d96f44cf43137139a8422ffb6ff30cd0dea8f7b1dff9fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 24 Mar 2022 21:53:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 24 Mar 2022 22:44:22 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 24 Mar 2022 22:44:22 GMT

GET
H2 200 jetpack.css
happyeasterimages.org/wp-content/plugins/jetpack/css/ 75 KB
15 KB 179ms
175ms Stylesheet
text/css 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://happyeasterimages.org/wp-content/plugins/jetpack/css/jetpack.css?ver=8.9.2
Requested by: Host: happyeasterimages.org
URL: https://happyeasterimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 143635d78dd0f4c56bb1c8515461ae8fdf06b273e71e76b46eec37d6fc59fa9c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=76995
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Jun 2021 15:13:28 GMT
server: cloudflare
etag: W/"12cc3-5c3de0478613c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wa8VBS2D1r7kS2%2BTIdvzuAm1vtCQmwQW%2FsIaJ476kzk5Fd0LgcbjZzTHQKFPsdJBaqX%2BWxZOQN70C1tekFuc%2FtJFm1%2F%2BCD9PH%2BEjUlhGlzaMuH9jtntFS5Xb0B6sjo52ceuZBn0J4bcepPVlEn5g%2FOD%2FTPI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 6f12ee58bf2b3742-MXP
expires: Fri, 24 Mar 2023 19:57:11 GMT

GET
H2 200 jquery.js Show response
happyeasterimages.org/wp-includes/js/jquery/ 95 KB
34 KB 143ms
140ms Script
application/x-javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://happyeasterimages.org/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: happyeasterimages.org
URL: https://happyeasterimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c7ee0238fa5cd80a02ef9870a7fff498ef52097181cb73edb9219dc022fd919

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=96873
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 05 Sep 2019 03:12:19 GMT
server: cloudflare
etag: W/"17a69-591c5b0897cbd-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QzA%2FCNVfL%2BYl%2F2VDl1VWIBHur6AKqiOJ4aBLFYbgr7gzgTr54WM8ZpmVuYydKSJgykWTOPrD3Mqry9ROhb7a6dy6DvBarJPN3lO7cAiPqfarocE%2FMimZDIVh%2F0aUhsFpsknAHsZW3ErMvG8GMxN3cM2rFJk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 6f12ee58bf2d3742-MXP
expires: Fri, 10 Mar 2023 15:30:27 GMT

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 184 KB
41 KB 39ms
8ms Script
text/javascript 143.204.98.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform-api.sharethis.com/js/sharethis.js

Requested by

Host: happyeasterimages.org
URL: https://happyeasterimages.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-98.fra50.r.cloudfront.net

Software

Resource Hash

414363cb8150c2f60382da1d5a33f260caad65a54d6933e6b28534763d388db8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:36:58 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 444
etag: W/"2e0e3-tEY0wJEY/wwExgi0NrFi684gQTw"
x-frame-options: SAMEORIGIN
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
via: 1.1 6ea9fcffa719a56ee2be748a73d37974.cloudfront.net (CloudFront)
edge-control: cache-maxage=60m,downstream-ttl=60m
cache-control: max-age=600, public
x-amz-cf-pop: FRA50-C1
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-id: sOOaOdeOCx43vke_bmkmvqoTKOfYDxVMWhC_KTK1CPdzayWO81xJVw==

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 156 KB
54 KB 54ms
28ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: happyeasterimages.org
URL: https://happyeasterimages.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a62051bde20d0b3e343394fd3b165550db84693436d8dd1b865b8ed5662d756a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54729
x-xss-protection: 0
server: cafe
etag: 14688185761094256411
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 24 Mar 2022 22:44:22 GMT

GET
H2 200 DMCABadgeHelper.min.js Show response
images.dmca.com/Badges/ 465 B
633 B 211ms
27ms Script
application/javascript 151.139.242.29
STACKPATH

General

Check archive.org

Show headers Download Go to

Full URL: https://images.dmca.com/Badges/DMCABadgeHelper.min.js
Requested by: Host: happyeasterimages.org
URL: https://happyeasterimages.org/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.242.29 , United States, ASN33438 (STACKPATH, US),
Reverse DNS
Software: nginx / ASP.NET
Resource Hash: e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: gzip
last-modified: Fri, 21 Jun 2019 20:14:34 GMT
server: nginx
x-powered-by: ASP.NET
etag: "26b181f16d28d51:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
link: <http://dmca-images.azurewebsites.net/Badges/DMCABadgeHelper.min.js>; rel="canonical"
content-length: 280
expires: Sat, 23 Apr 2022 22:44:19 GMT

GET
H/1.1 200
OK / Show response
ads.specialadves.com/ping/ 581 B
738 B 931ms
571ms Script
text/plain 111.90.143.157
SHINJIRU-MY-AS-AP...

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.specialadves.com/ping/?crampress.j
Requested by: Host: happyeasterimages.org
URL: https://happyeasterimages.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.90.143.157 Kuala Lumpur, Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY),
Reverse DNS: server1.kamon.la
Software: nginx /
Resource Hash: 003e361d0c0374b7d49d1e831c26c1895e0984d19b9a688f787e7d72e11838c1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 25 Mar 2022 06:44:29 GMT
Server: nginx
Connection: keep-alive
Content-Length: 581
Content-Type: text/plain; charset=utf-8

GET
H2 200 scripts.js Show response
happyeasterimages.org/wp-content/plugins/contact-form-7/includes/js/ 10 KB
4 KB 140ms
137ms Script
application/x-javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://happyeasterimages.org/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.2.2
Requested by: Host: happyeasterimages.org
URL: https://happyeasterimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5b7081f13d8010daa9976c4b189fe646c0271542cbeb69f52f89e51b414ef666

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=14105
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 14 Sep 2020 11:13:02 GMT
server: cloudflare
etag: W/"3719-5af441e32d7fd-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YkRuJQy4J6OPDpFqYZUZy1b4tFUJb52XRBz6dzLk86FOJrtTwN2aUTnC03kcMG2XbtHvFnHebO4IF19Z9wlbasIsH%2B45P%2BUAy7L5o3M411tVZnlLFOc7rB9hdTgrMK%2BIR6dkJ2wQGol3qX3bjkwTA5Jrs6s%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 6f12ee58bf323742-MXP
expires: Wed, 22 Mar 2023 16:03:23 GMT

GET
H2 200 smush-lazy-load.min.js Show response
happyeasterimages.org/wp-content/plugins/wp-smushit/app/assets/js/ 8 KB
4 KB 156ms
154ms Script
application/x-javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://happyeasterimages.org/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.7.0
Requested by: Host: happyeasterimages.org
URL: https://happyeasterimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f3b9ef807d3988e8ce73d3012e2f19cab12503a411c79719959f42cb8728f566

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 14 Sep 2020 11:13:06 GMT
server: cloudflare
etag: W/"210b-5af441e70db39-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vG58oNa4L5TiZoYY2kq8rXjQAJm%2BJKJNU019N2KTryWlftq1WC5xfoDDyD4YaWnzu3PlNduYrXF0N2hIjekRHlTqGypz0ODRKPe7NjeAlcx3uNCO56KNK62ZsDxTq3%2B7YiAJ6DSIZYKz8nfDQTPiKnGM3Mk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 6f12ee58bf353742-MXP
expires: Wed, 22 Mar 2023 14:19:53 GMT

GET
H2 200 scripts.js Show response
happyeasterimages.org/wp-content/themes/bam/assets/js/ 106 B
440 B 172ms
169ms Script
application/x-javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://happyeasterimages.org/wp-content/themes/bam/assets/js/scripts.js?ver=5.5.9
Requested by: Host: happyeasterimages.org
URL: https://happyeasterimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e0e6eb298e68c7bdff99b6e6ea92dd7db3ca5337336a3a2011166077205537e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=140
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 09 Apr 2020 05:47:34 GMT
server: cloudflare
etag: W/"8c-5a2d5274c7f82-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bg%2Bazaa9UbMccuwKZarM7m3vJKVx1gInhk1IWnZn1VM5us2lSW%2BiDvXFpOVD57yJPovxFPLVRlii5PAcbusa7qcJiEqXFhHK48kcGtWa1pTO3hkB%2FZaDoIe04XC9xf54Dhmoa4AWkrtW4orVSg%2F6ZXpgUPA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 6f12ee58cf553742-MXP
expires: Wed, 22 Mar 2023 14:19:53 GMT

GET
H2 200 main-navigation.js Show response
happyeasterimages.org/wp-content/themes/bam/assets/js/ 3 KB
1 KB 176ms
174ms Script
application/x-javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://happyeasterimages.org/wp-content/themes/bam/assets/js/main-navigation.js?ver=5.5.9
Requested by: Host: happyeasterimages.org
URL: https://happyeasterimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b2467f4d0e26b9ca7d9694038a7edbadbbc17cb3afd5c3165495568d63f18ea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=3690
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 09 Apr 2020 05:47:34 GMT
server: cloudflare
etag: W/"e6a-5a2d5274c7f82-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h8WWgLuBg9Swz239iYi10ZlfG7Sp7jNZxQ64l%2F9eITIz%2BT7OxNCVITlbAG%2BM7hPZaKqfl7xIxaW7owVpQsXS%2BCiZ4xGw7EerXRwUk08MBtc62fvgOJTmnJO5sikYqzl%2BiVfX42GxCiMFO89sbODBfP7vpzk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 6f12ee58cf5a3742-MXP
expires: Wed, 22 Mar 2023 14:19:53 GMT

GET
H2 200 skip-link-focus-fix.js Show response
happyeasterimages.org/wp-content/themes/bam/assets/js/ 426 B
608 B 180ms
178ms Script
application/x-javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://happyeasterimages.org/wp-content/themes/bam/assets/js/skip-link-focus-fix.js?ver=20151215
Requested by: Host: happyeasterimages.org
URL: https://happyeasterimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 405a5e4943b97243440d632a958bb6e79f1d1929666745000a22ebaa5fa2d819

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=685
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 09 Apr 2020 05:47:34 GMT
server: cloudflare
etag: W/"2ad-5a2d5274c7f82-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UHLp1yA2sO3eT6cA7CVLrE59%2FtCT8dedV7akzBLJzdjNqBTkZM%2FukQa5C2gTNt7NGPoIYGI2zmX9Iz2QmyUZ3ogpd%2FvjPZ7XZ1JqKWCQAwODVoY1hSPriwJAddVlnADItGp1zOQa4DJzZVF037sz6sZKWrI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 6f12ee58cf5c3742-MXP
expires: Wed, 22 Mar 2023 14:19:53 GMT

GET
H2 200 lazy-images.min.js Show response
happyeasterimages.org/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/src/js/ 9 KB
3 KB 173ms
171ms Script
application/x-javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://happyeasterimages.org/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/src/js/lazy-images.min.js?ver=1.0.0
Requested by: Host: happyeasterimages.org
URL: https://happyeasterimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 245e542efded75af621b3a93818490cd57df8a41da0333184f643e2071c9ea0e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Jun 2021 15:13:28 GMT
server: cloudflare
etag: W/"23dc-5c3de04765d9a-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wQ%2Fbt361b%2FQSwWCSsBYmhrbiAaPozF2t6oF0HYRd7g4eJIn8PtU9oCGK3SP2XTRQ3VQtoCsXhkEEwGt1weYGGRnIEqzBeI4k4viFg6AxhK6PQaiQF9J5UFtrlE9j6FPzb%2FN0qYHHrOQqfaWNYoWD%2BTpjngc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 6f12ee58cf5d3742-MXP
expires: Fri, 10 Mar 2023 15:29:01 GMT

GET
H2 200 wp-embed.min.js Show response
happyeasterimages.org/wp-includes/js/ 1 KB
1022 B 176ms
174ms Script
application/x-javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://happyeasterimages.org/wp-includes/js/wp-embed.min.js?ver=5.5.9
Requested by: Host: happyeasterimages.org
URL: https://happyeasterimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 15 Apr 2021 03:06:56 GMT
server: cloudflare
etag: W/"592-5bffa27f6a975-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qXr56kuLTGEmNfeGkTwGSorMttuJJwEX8Jo9AJ0TiRc2RNm%2FhMP5uTjk3BWLqJT6JMETTQtm22qHYGFoM6IctJQxu9Fp%2FAnkyURNPgjR%2BqPyYH58Zlfi3RNdmLojgVt9RvZUm1gUuaOyBooWlFJ6OGlYDVg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 6f12ee58cf5e3742-MXP
expires: Sat, 11 Mar 2023 11:31:30 GMT

GET
H2 200 responsive-videos.min.js Show response
happyeasterimages.org/wp-content/plugins/jetpack/modules/theme-tools/responsive-videos/ 777 B
715 B 179ms
177ms Script
application/x-javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://happyeasterimages.org/wp-content/plugins/jetpack/modules/theme-tools/responsive-videos/responsive-videos.min.js?ver=1.3
Requested by: Host: happyeasterimages.org
URL: https://happyeasterimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e3aeb6a6be4f7615a2a32aeda64db2c9f6776a89d361cbd7446952827bd55be

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Jun 2021 15:13:28 GMT
server: cloudflare
etag: W/"309-5c3de0474c758-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oFKYJMPll2jR7sz6oLkxRTHiXcVpB2Ig7NinLZGvWoO8QLBpUcv2A5p4vWM7KTFiwWd4C0zx77R8zMVzl%2BV%2FHPWnKKm%2BsgANP8h1v%2FEpPnKJ3RWrgS%2FdGJl2JAw6gdfWkz%2FMF5acHmbXqJUuUu3a1lhpSJY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 6f12ee58cf603742-MXP
expires: Wed, 22 Mar 2023 14:19:53 GMT

GET
H2 200 core.min.js Show response
happyeasterimages.org/wp-includes/js/jquery/ui/ 4 KB
2 KB 174ms
173ms Script
application/x-javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://happyeasterimages.org/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4
Requested by: Host: happyeasterimages.org
URL: https://happyeasterimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 194ebae85ff853319e8668f23a4c5bf371a7d9f5d550a40980ab53026ddaaa17

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 15 Apr 2021 03:06:56 GMT
server: cloudflare
etag: W/"f59-5bffa27f62c75-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vXDEqh2KHmVc6lnYN1fwWh7VqY4hYZz8Wop0ztS7V%2BbGUdrvtBkiJo2j4Ik3OQqPd97yvzUDQSrg%2Bx%2FfwcqO4R53NE1r4GdmUv016RrePDsM87MFFft4Mze3rQc%2Bg5cFyTE2VEBJvZUQC8IKbFsltSPDxIM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 6f12ee58cf613742-MXP
expires: Fri, 10 Mar 2023 15:29:20 GMT

GET
H2 200 widget.min.js Show response
happyeasterimages.org/wp-includes/js/jquery/ui/ 7 KB
3 KB 174ms
173ms Script
application/x-javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://happyeasterimages.org/wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4
Requested by: Host: happyeasterimages.org
URL: https://happyeasterimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1b4f1024fa4887b47765e2ad4db9bc1f6ea96335f77fd44c62b8538d75e7190c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 15 Apr 2021 03:06:56 GMT
server: cloudflare
etag: W/"1aab-5bffa27f61cd5-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8bhe%2F3oYw5yfnUyNHiU7fsy3JoZT1qij9Y7BZAkB1TLEZI8eftDnJ9So3JX4%2BLHfrtn4FZa6R1nxhexvwKGYB7ypCaa8AKFK8N%2B73g1eL2ZEFloKqL7RIuXxlcRWexGTGUz9mvrKEkhCqI3xKyvWRgbMzcA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 6f12ee58cf643742-MXP
expires: Wed, 15 Mar 2023 07:18:58 GMT

GET
H2 200 tabs.min.js Show response
happyeasterimages.org/wp-includes/js/jquery/ui/ 12 KB
4 KB 179ms
178ms Script
application/x-javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://happyeasterimages.org/wp-includes/js/jquery/ui/tabs.min.js?ver=1.11.4
Requested by: Host: happyeasterimages.org
URL: https://happyeasterimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b91aab00697781a1fb184945cd6e7602db0d45458fa58a53156110945f2b71be

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 15 Apr 2021 03:06:56 GMT
server: cloudflare
etag: W/"2eec-5bffa27f61cd5-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2cgGfZMNn8WVKcpqilgXnXQbhW%2F1IwXeEKBCJYGUAABUGzo9YFki6VsRevMM1OzdS2f3xv9tqCFenBOnSon3gPMm6pOLqfRm87yJBTLElY%2BCC7h30O%2FcxExdu9BSIRejklien75P%2FmX7J%2B9SViiSG2mTaRo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 6f12ee58cf673742-MXP
expires: Wed, 22 Mar 2023 14:19:53 GMT

GET
H2 200 e-202212.js Show response
stats.wp.com/ 9 KB
3 KB 26ms
7ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202212.js
Requested by: Host: happyeasterimages.org
URL: https://happyeasterimages.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-nc: HIT hhn
date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: br
server: nginx
etag: W/"6197c5cf-3508"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Sun, 12 Mar 2023 22:57:55 GMT

GET
H3 200 wp-emoji-release.min.js Show response
happyeasterimages.org/wp-includes/js/ 2 KB
1 KB 139ms
138ms Script
application/x-javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://happyeasterimages.org/wp-includes/js/wp-emoji-release.min.js?ver=5.5.9
Requested by: Host: happyeasterimages.org
URL: https://happyeasterimages.org/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11e9e9e6f868bea06f017d5157296d60b79f03bafa0c70ce57af01c893982486

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 02 Mar 2022 12:11:22 GMT
server: cloudflare
etag: W/"838-5d93b2e1047bd-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=soKW3bKChleEFfLYtm0iVI3TIHYnjDnkA1gaoscc6tp5jhcbi%2FKImGdxq0D0tsRjWSI8KdGPXMCeys5E1RjCga%2Fr6o1N7ZUcn9aitHv9RKrTiYuP7iBS6JHITTLrkUMK66obXhb787zrdno2qaKccV0jaNE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 6f12ee5a0f45f92f-MXP
expires: Wed, 22 Mar 2023 10:42:53 GMT

GET
H2 200 5cbc0e209eaba6001253ffd1.js Show response
buttons-config.sharethis.com/js/ 677 B
1 KB 472ms
400ms Script
text/javascript 2600:9000:224a:9800:c:abe:f440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://buttons-config.sharethis.com/js/5cbc0e209eaba6001253ffd1.js

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:224a:9800:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

de83a714df7e94eec77286f67f037de6cf698d6688ace46a0687cc1b05ec8794

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Thu, 24 Mar 2022 22:44:24 GMT
via: 1.1 8d4901eb4989773bb579fc1597e54ea8.cloudfront.net (CloudFront)
last-modified: Sun, 21 Apr 2019 06:32:15 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P1
etag: "00717df964f9318e4c62ca3ffdc68cb5"
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: RefreshHit from cloudfront
content-type: text/javascript
cache-control: max-age=60,public
accept-ranges: bytes
content-length: 677
x-amz-cf-id: SzZXpMD7orV4YgsMoHrYDJRkqDMeJ5J5_VEN2uqvuDKLXWbq3fDF0w==

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
408 B 50ms
8ms XHR
text/plain 3.123.86.254
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://l.sharethis.com/pview?event=pview&hostname=happyeasterimages.org&location=%2F&product=unknown&url=https%3A%2F%2Fhappyeasterimages.org%2F&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=Happy%20Easter%202020%20Images%2C%20Greetings%2C%20Quotes%2C%20Wishes%20-%20One%20Stop%20Solution%20For%20Happy%20Easter%20Images%202020%7C%20Easter%20Pictures%2C%20Easter%20Bunny%20Photos%2C%20Easter%20Egg%20Pictures%2C%20HD%20Wallpapers%20Free%20Download%20%7C%20Happy%20Easter%202020%20Images%20Pics%2C%20Happy%20Easter%20Quotes%2C%20Easter%20Wishes%2C%20Messages%2C%20Speeches%2C%20Greetings%2C%20Cards%2C%20Funny%20Easter%20Memes%2C%20Clipart%2C%20Coloring%20Pages%2C%20Good%20Friday%20Images%2C%20Passover%20Images%20For%20Friends%2C%20Family.&cms=unknown&publisher=5cbc0e209eaba6001253ffd1&sop=true&version=st_sop.js&lang=en&description=One%20Stop%20Solution%20For%20Happy%20Easter%20Images%202020%7C%20Easter%20Pictures%2C%20Easter%20Bunny%20Photos%2C%20Easter%20Egg%20Pictures%2C%20HD%20Wallpapers%20Free%20Download%20%7C%20Happy%20Easter%202020%20Images%20Pics%2C%20Happy%20Easter%20Quotes%2C%20Easter%20Wishes%2C%20Messages%2C%20Speeches%2C%20Greetings%2C%20Cards%2C%20Funny%20Easter%20Memes%2C%20Clipart%2C%20Coloring%20Pages%2C%20Good%20Friday%20Images%2C%20Passover%20Images%20For%20Friends%2C%20Family.

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.123.86.254 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-86-254.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 24 Mar 2022 22:44:22 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Access-Control-Allow-Origin: https://happyeasterimages.org
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v19/ 13 KB
13 KB 34ms
9ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v19/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100i%2C200i%2C300i%2C400i%2C500i%2C600i%2C700i%2C800i%2C900i|Roboto+Condensed%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100i%2C200i%2C300i%2C400i%2C500i%2C600i%2C700i%2C800i%2C900i%26subset%3Dlatin

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://happyeasterimages.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 18:03:30 GMT
x-content-type-options: nosniff
age: 103252
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13036
x-xss-protection: 0
last-modified: Wed, 23 Feb 2022 17:39:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Mar 2023 18:03:30 GMT

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v19/ 13 KB
13 KB 32ms
8ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v19/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://happyeasterimages.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 18:04:09 GMT
x-content-type-options: nosniff
age: 103213
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13052
x-xss-protection: 0
last-modified: Wed, 23 Feb 2022 17:37:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Mar 2023 18:04:09 GMT

GET
H3 200 fontawesome-webfont.woff2
happyeasterimages.org/wp-content/themes/bam/assets/fonts/ 75 KB
76 KB 134ms
134ms Font
application/font-woff2 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://happyeasterimages.org/wp-content/themes/bam/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: happyeasterimages.org
URL: https://happyeasterimages.org/wp-content/themes/bam/assets/css/font-awesome.min.css?ver=4.7.0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://happyeasterimages.org/wp-content/themes/bam/assets/css/font-awesome.min.css?ver=4.7.0
Origin: https://happyeasterimages.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
referrer-policy: no-referrer-when-downgrade
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"12d68-5a2d5274c7f82-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EcI0itTKxomMSiLl7%2B0y8nyz%2BWaBSupm%2BUdWdvieozhkCqWGxV1pCG3pPbRakaCck3RxJTAv7tGIYkq%2F%2B6cWOAtHvC5R1FCJDRAkRcOun3yK07RG8s%2FWBsuwFJ9mgU3TQjvUFs86nY8PXgYs4R5N%2FNA23Gw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff2
cache-control: max-age=31536000
cf-ray: 6f12ee5a1f4af92f-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Fri, 24 Mar 2023 19:57:12 GMT

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
fonts.gstatic.com/s/robotocondensed/v24/ 15 KB
15 KB 23ms
7ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v24/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://happyeasterimages.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 19:30:27 GMT
x-content-type-options: nosniff
age: 98035
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15700
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:13:59 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 23 Mar 2023 19:30:27 GMT

GET
H3 200 ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
fonts.gstatic.com/s/robotocondensed/v24/ 15 KB
15 KB 10ms
10ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v24/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://happyeasterimages.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 19:30:27 GMT
x-content-type-options: nosniff
age: 98035
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15660
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:19:40 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 23 Mar 2023 19:30:27 GMT

GET
H3 200 6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v19/ 13 KB
13 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v19/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://happyeasterimages.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 18:04:09 GMT
x-content-type-options: nosniff
age: 103213
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12924
x-xss-protection: 0
last-modified: Wed, 23 Feb 2022 17:39:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Mar 2023 18:04:09 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/ 297 KB
107 KB 49ms
35ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2525651058144004&plah=happyeasterimages.org

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

719b27dfe323e678599d8cf5bebb2744095764a444f9b6bff461e312478a5dd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 109611
x-xss-protection: 0
server: cafe
etag: 2621655698442001611
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 24 Mar 2022 22:44:22 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220323/r20190131/ Frame 0006 10 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220323/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4502
x-xss-protection: 0
date: Thu, 24 Mar 2022 14:18:28 GMT
expires: Thu, 07 Apr 2022 14:18:28 GMT
cache-control: public, max-age=1209600
age: 30354
etag: 4044455266028820542
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK train.js
scripts.classicpartnerships.com/ 581 B
738 B 1121ms
575ms Script
text/plain 111.90.143.157
SHINJIRU-MY-AS-AP...

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.classicpartnerships.com/train.js
Requested by: Host: happyeasterimages.org
URL: https://happyeasterimages.org/wp-includes/js/wp-emoji-release.min.js?ver=5.5.9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.90.143.157 Kuala Lumpur, Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY),
Reverse DNS: server1.kamon.la
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Fri, 25 Mar 2022 06:44:30 GMT
Server: nginx
Connection: keep-alive
Content-Length: 581
Content-Type: text/plain; charset=utf-8

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 225 B
655 B 43ms
14ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=happyeasterimages.org&callback=_gfp_s_&client=ca-pub-2525651058144004

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2525651058144004&plah=happyeasterimages.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

b33d3c4797668506c29e882095a8c378494a5c9614a04f8f8f5ba2362bb6e19d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 211
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 44ms
15ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=happyeasterimages.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 46ms
16ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=happyeasterimages.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 24 Mar 2022 22:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D735 112 KB
40 KB 432ms
431ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2525651058144004&output=html&h=600&slotname=2178804305&adk=720124719&adf=1877256209&pi=t.ma~as.2178804305&w=300&lmt=1648159951&psa=0&format=300x600&url=https%3A%2F%2Fhappyeasterimages.org%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1648161862171&bpp=4&bdt=351&idt=95&shv=r20220323&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&correlator=8167437203989&frm=20&pv=2&ga_vid=1945497355.1648161862&ga_sid=1648161862&ga_hid=321912361&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1135&ady=230&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31065741%2C31063247&oid=2&pvsid=271489604791121&pem=182&tmod=256156460&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=qPOCMH41x4&p=https%3A//happyeasterimages.org&dtd=116

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

955081258a5ad0f89752704098029ed7dfcd49cc92acad4cec1edae199d4a5ea

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4832910516238442415/300x600/verti_300x600.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4832910516238442415/300x600/verti_300x600.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CP2ggLPp3_YCFa-H_QcdOdkBhg&gqi=RvQ8YtCdO7GR7_UPzLqkmAU&layout=/sadbundle/%24csp%253Der3%24/4832910516238442415/300x600/verti_300x600.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4832910516238442415/300x600/verti_300x600.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4832910516238442415/300x600/verti_300x600.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CP2ggLPp3_YCFa-H_QcdOdkBhg&gqi=RvQ8YtCdO7GR7_UPzLqkmAU&layout=/sadbundle/%24csp%253Der3%24/4832910516238442415/300x600/verti_300x600.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 24 Mar 2022 22:44:23 GMT
server: cafe
content-length: 41293
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 24 Mar 2022 22:44:23 GMT
cache-control: private

GET
H2 200 verti_300x600.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4832910516238442415/300x600/ Frame F9EC 3 KB
3 KB 31ms
8ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4832910516238442415/300x600/verti_300x600.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2525651058144004&output=html&h=600&slotname=2178804305&adk=720124719&adf=1877256209&pi=t.ma~as.2178804305&w=300&lmt=1648159951&psa=0&format=300x600&url=https%3A%2F%2Fhappyeasterimages.org%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1648161862171&bpp=4&bdt=351&idt=95&shv=r20220323&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&correlator=8167437203989&frm=20&pv=2&ga_vid=1945497355.1648161862&ga_sid=1648161862&ga_hid=321912361&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1135&ady=230&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31065741%2C31063247&oid=2&pvsid=271489604791121&pem=182&tmod=256156460&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=qPOCMH41x4&p=https%3A//happyeasterimages.org&dtd=116

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de0cde6ae0c98d3e94c298d4309b6d94c8f141b45a2c2d8cf0fd0b03d67d2761

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin: *
content-length: 1509
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Mon, 21 Mar 2022 10:01:19 GMT
expires: Tue, 21 Mar 2023 10:01:19 GMT
cache-control: public, max-age=31536000
age: 304984
last-modified: Mon, 14 Mar 2022 09:52:49 GMT
content-type: text/html
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame D735 0
0 50ms
50ms Fetch
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CjTpyRvQ8Yv3lO6-P9u8PubKHsAi2i9eDabKhwtjzD7Hd8MTLARABIJzu2CxgleKQgqAHoAGR7-L_AsgBCakCmlc-C7Vusj6oAwHIA0iqBPwBT9CmKW8oIs17XyvF8sHXnoq60tGOgjcszy09lywfMp9OX_G8kxvBMxWIJTDRukXUO8lQf_MfWE9DURciEPyYCo3JAnP6IseZSWYcH70hmcwE0S_CDsjWVbXHywL_AipeCPCDVpdjvLx4gzytgoxaCvqifOS_vU7W6wRmObonUfd6tBHFe6thMA8aj2ZiUG7DRZRig6ix13-yHbVEVhIzDSDPNhvHkWYpY0XzarXDtjY5sfQ6ZiSZMafAVMSFf1ZJ5Kao4VJ4yDQXl-BpHTtGa2C0TF54MeDmZsGTg27zzdFiu4JZ5ZdIGyiImyoV5UbDUZ_KdYGiqQGz-ASfwATFirz58gOSBQQIBBgBkgUECAUYBKAGLoAH15CdgAGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBCGxCHSCAkIgOGAcBABGB-ACgHICwHYEw3QFQGAFwGyFxwKGggAEhRwdWItMjUyNTY1MTA1ODE0NDAwNBgA&sigh=9buoyT7MYDM&uach_m=[UACH]&template_id=419

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2525651058144004&output=html&h=600&slotname=2178804305&adk=720124719&adf=1877256209&pi=t.ma~as.2178804305&w=300&lmt=1648159951&psa=0&format=300x600&url=https%3A%2F%2Fhappyeasterimages.org%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1648161862171&bpp=4&bdt=351&idt=95&shv=r20220323&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&correlator=8167437203989&frm=20&pv=2&ga_vid=1945497355.1648161862&ga_sid=1648161862&ga_hid=321912361&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1135&ady=230&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31065741%2C31063247&oid=2&pvsid=271489604791121&pem=182&tmod=256156460&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=qPOCMH41x4&p=https%3A//happyeasterimages.org&dtd=116
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 24 Mar 2022 22:44:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 24 Mar 2022 22:44:23 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220323/r20110914/ Frame D735 19 KB
8 KB 26ms
7ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220323/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:40:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 225
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7871
x-xss-protection: 0
server: cafe
etag: 7397949449432438406
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Apr 2022 22:40:38 GMT

GET location.php
brend.specialadves.com/ 0
0

GET
H2 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame F9EC 9 KB
3 KB 308ms
6ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4832910516238442415/300x600/verti_300x600.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 09:36:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 47289
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 25 Mar 2022 09:36:14 GMT

GET
H2 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame F9EC 26 KB
10 KB 308ms
7ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4832910516238442415/300x600/verti_300x600.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 16:13:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23444
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 25 Mar 2022 16:13:39 GMT

GET
H2 200 createjs_2019.11.15_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame F9EC 236 KB
63 KB 475ms
14ms Script
text/javascript 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4832910516238442415/300x600/verti_300x600.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 24 Mar 2022 22:44:23 GMT

GET
H2 200 verti_300x600.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4832910516238442415/300x600/ Frame F9EC 151 KB
35 KB 309ms
8ms Script
application/x-javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4832910516238442415/300x600/verti_300x600.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4832910516238442415/300x600/verti_300x600.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44d4d9d2b6d9e6888e5e57b1852ab207f724c4a104ab5ce532391788de12ffa4

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 201527
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35908
x-xss-protection: 0
last-modified: Mon, 14 Mar 2022 09:52:49 GMT
server: sffe
date: Tue, 22 Mar 2022 14:45:36 GMT
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 22 Mar 2023 14:45:36 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame BD65 143 B
163 B 8ms
7ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2525651058144004&output=html&h=600&slotname=2178804305&adk=720124719&adf=1877256209&pi=t.ma~as.2178804305&w=300&lmt=1648159951&psa=0&format=300x600&url=https%3A%2F%2Fhappyeasterimages.org%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1648161862171&bpp=4&bdt=351&idt=95&shv=r20220323&mjsv=m202203170101&ptt=9&saldr=aa&abxe=1&correlator=8167437203989&frm=20&pv=2&ga_vid=1945497355.1648161862&ga_sid=1648161862&ga_hid=321912361&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1135&ady=230&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31065741%2C31063247&oid=2&pvsid=271489604791121&pem=182&tmod=256156460&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=qPOCMH41x4&p=https%3A//happyeasterimages.org&dtd=116

Response headers

x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 145
x-xss-protection: 0
date: Thu, 24 Mar 2022 22:06:52 GMT
cache-control: public, max-age=3600
content-type: text/html; charset=UTF-8
age: 2251
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/ Frame D735 2 KB
1 KB 310ms
10ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:09:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2103
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Apr 2022 22:09:20 GMT

GET
H2 200 rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame D735 119 KB
37 KB 484ms
27ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:44:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648035241783118"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 24 Mar 2022 22:44:23 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame BD65
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

57ms
56ms

Document
text/html

2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 24 Mar 2022 22:44:24 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 24 Mar 2022 22:44:24 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 24 Mar 2022 22:44:23 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/ Frame D735 15 KB
6 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220323/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 22:33:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 640
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 07 Apr 2022 22:33:44 GMT

GET
H3 200 verti_300x600_atlas_P_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4832910516238442415/300x600/images/ Frame F9EC 52 KB
52 KB 10ms
10ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4832910516238442415/300x600/images/verti_300x600_atlas_P_1.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 304995
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53449
x-xss-protection: 0
last-modified: Mon, 14 Mar 2022 09:52:49 GMT
server: sffe
date: Mon, 21 Mar 2022 10:01:09 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 21 Mar 2023 10:01:09 GMT

GET location.php
brend.specialadves.com/ 0
0

GET
H/1.1

200
OK

go.php
brend.specialadves.com/
Redirect Chain

https://brend.specialadves.com/location.php?spec=2&p=578&get=348
https://brend.specialadves.com/go.php?id=098&sid=1663&pid=77432

854 B
616 B

169ms
168ms

Document
text/html

111.90.143.157
SHINJIRU-MY-AS-AP...

General

Check archive.org

Show headers Download Go to

Full URL: https://brend.specialadves.com/go.php?id=098&sid=1663&pid=77432
Requested by: Host: scripts.classicpartnerships.com
URL: https://scripts.classicpartnerships.com/train.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.90.143.157 Kuala Lumpur, Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY),
Reverse DNS: server1.kamon.la
Software: nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://happyeasterimages.org/

Response headers

Server: nginx
Date: Fri, 25 Mar 2022 06:44:30 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 413
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

Redirect headers

Server: nginx
Date: Fri, 25 Mar 2022 06:44:30 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Location: https://brend.specialadves.com/go.php?id=098&sid=1663&pid=77432

GET
H3 200 XFpjqGQyXlGhrIMtqUZEtOx9ZrcGJnYAFO97-LZexEg.js
pagead2.googlesyndication.com/bg/ Frame F9EC 35 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/XFpjqGQyXlGhrIMtqUZEtOx9ZrcGJnYAFO97-LZexEg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 20:00:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 182622
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13744
x-xss-protection: 0
last-modified: Tue, 22 Mar 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 22 Mar 2023 20:00:42 GMT

GET
DATA 200
OK truncated
/ Frame D735 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET activeview
pagead2.googlesyndication.com/pcs/ Frame D735 0
0

GET gqyggylcgu5dkmryga
bluetopperer.online/go/ 0
0

GET
H2 200 gqyggylcgu5dkmryga Show response
bluetopperer.online/go/ 52 KB
52 KB 439ms
35ms Document
text/html 104.248.199.158
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://bluetopperer.online/go/gqyggylcgu5dkmryga?sub1=onlinewatch&sub2=gather

Requested by

Host: brend.specialadves.com
URL: https://brend.specialadves.com/go.php?id=098&sid=1663&pid=77432

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.248.199.158 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

b8f72ea4e8c18375eeba08af9b371941e36460dba20b787772aa99cba72c3102

Security Headers

Name	Value
Content-Security-Policy	img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://brend.specialadves.com/

Response headers

server: nginx
date: Thu, 24 Mar 2022 22:44:25 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests

GET
DATA 200
OK truncated
/ 7 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6600e628d105299a9954bb85edc818356f1ec6136ba5d503dc39b2b3de8526c7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET b71698fd2.js
bluetopperer.online/ Frame 0
0

GET
H2 200 Primary Request index.php Show response
0.bluetopperer.online/ 50 KB
51 KB 600ms
36ms Document
text/html 104.248.199.158
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://0.bluetopperer.online/index.php?p=gqyggylcgu5dkmryga&sub1=onlinewatch&sub2=gather

Requested by

Host: happyeasterimages.org
URL: https://happyeasterimages.org/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.248.199.158 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

2c1fa72378d93658dfd723d429e62da1fbcd628fc414c883a65455568b94b894

Security Headers

Name	Value
Content-Security-Policy	img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://bluetopperer.online/

Response headers

server: nginx
date: Thu, 24 Mar 2022 22:44:25 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests

GET b71698fd2.js
0.bluetopperer.online/ Frame 0
0

GET
DATA 200
OK truncated
/ 24 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6cbf5ff9c2945171c3f93c38e9c67d4b98fb5354a3c95cf4910259780c1fb9b0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a72fd7760f623c9fd5fee0bd98df809a347471902fc479bcdae38681c1a071d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ca7a07233506b5529a951fd2c4580757f5606d874b8a2b0a153d14a418b201ef

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 / Show response
se18.biz/ 0
265 B 244ms
183ms Document
text/html 188.166.135.13
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://se18.biz/?auf=gu3wgzlbgu5dcnrqgixtkmrygaxtqlzsmvstim3fmmyc6mruf4ytmnbyge3dcobwgu&p=b&sub1=onlinewatch&sub2=gather&sub3=&sub4=&cpc=0&cpm=0

Requested by

Host: happyeasterimages.org
URL: https://happyeasterimages.org/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

188.166.135.13 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://0.bluetopperer.online/

Response headers

server: nginx
date: Thu, 24 Mar 2022 22:44:26 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: brend.specialadves.com
URL: https://brend.specialadves.com/location.php?spec=2&p=578&get=348

Domain: brend.specialadves.com
URL: https://brend.specialadves.com/location.php?spec=2&p=578&get=348

Domain: brend.specialadves.com
URL: https://brend.specialadves.com/location.php?spec=2&p=578&get=348

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssbvNYhosKYtgXk_NebHD9FCwI_GMSI3jEUYMmKl2DQdVM6TD3hxQD79-ts3Ui1WPE4yDhPZEk_OcV0WI9KSxUtRw9vmrcksPLc3RxYDgP_UHSQl-cJHA&sai=AMfl-YRcbCcNeYuNjrBIkV7U3rTWWiq3Oh55_bXM_VAjm0DoAv1Q4osC6Hz7o_KbTYa3u0-IdK0hD3D9FYlW&sig=Cg0ArKJSzFDVeIZnScxBEAE&id=lidartos&mcvt=654&p=0,0,600,300&mtos=654,654,654,654,654&tos=654,0,0,0,0&v=20220323&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=2&adk=720124719&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=3&r=b&rst=1648161862293&rpt=1050&ec=0&met=mue&wmsd=0

Domain: bluetopperer.online
URL: https://bluetopperer.online/go/gqyggylcgu5dkmryga?sub1=onlinewatch&sub2=gather

Domain: bluetopperer.online
URL: https://bluetopperer.online/b71698fd2.js

Domain: 0.bluetopperer.online
URL: https://0.bluetopperer.online/b71698fd2.js

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.happyeasterimages.org/	1970-01-20 11:10:57	Name: __gads Value: ID=89a642d93eba8ea2-2211b9c464cd005b:T=1648161862:RT=1648161862:S=ALNI_MYpwPNiMq_wk3MQBFTcyn3rrxfcQQ
.doubleclick.net/	1970-01-20 11:10:57	Name: IDE Value: AHWqTUl2JtbEcptE29bpBwNzgUMfy_Rdd8Zn8f_jIsTPF5w35ABNNyKMEBhQnp_aqvA
.doubleclick.net/	1970-01-20 01:49:25	Name: DSID Value: NO_DATA
.bluetopperer.online/	1970-01-20 02:32:33	Name: uuid Value: f9c0814f-7ce1-4701-b56a-77156bc3c6bd
.0.bluetopperer.online/	1970-01-20 02:32:33	Name: uuid Value: f9c0814f-7ce1-4701-b56a-77156bc3c6bd
se18.biz/	1970-01-20 02:32:33	Name: uuid Value: 67dd2b52-0712-4fb8-8d38-5b2197a9e225

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.bluetopperer.online
ads.specialadves.com
adservice.google.com
adservice.google.de
bluetopperer.online
brend.specialadves.com
buttons-config.sharethis.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
happyeasterimages.org
images.dmca.com
l.sharethis.com
pagead2.googlesyndication.com
partner.googleadservices.com
platform-api.sharethis.com
s0.2mdn.net
scripts.classicpartnerships.com
se18.biz
stats.wp.com
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
0.bluetopperer.online
bluetopperer.online
brend.specialadves.com
pagead2.googlesyndication.com
104.248.199.158
111.90.143.157
142.250.185.226
143.204.98.98
151.139.242.29
188.166.135.13
192.0.76.3
2600:9000:224a:9800:c:abe:f440:93a1
2a00:1450:4001:802::2004
2a00:1450:4001:803::2002
2a00:1450:4001:803::2003
2a00:1450:4001:803::2006
2a00:1450:4001:808::2002
2a00:1450:4001:80f::2001
2a00:1450:4001:813::200a
2a00:1450:4001:82b::2002
2a06:98c1:3120::7
3.123.86.254
003e361d0c0374b7d49d1e831c26c1895e0984d19b9a688f787e7d72e11838c1
0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c
11e9e9e6f868bea06f017d5157296d60b79f03bafa0c70ce57af01c893982486
143635d78dd0f4c56bb1c8515461ae8fdf06b273e71e76b46eec37d6fc59fa9c
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
194ebae85ff853319e8668f23a4c5bf371a7d9f5d550a40980ab53026ddaaa17
1b4f1024fa4887b47765e2ad4db9bc1f6ea96335f77fd44c62b8538d75e7190c
245e542efded75af621b3a93818490cd57df8a41da0333184f643e2071c9ea0e
27dd0deb3e6fd3b862d96f44cf43137139a8422ffb6ff30cd0dea8f7b1dff9fe
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2c1fa72378d93658dfd723d429e62da1fbcd628fc414c883a65455568b94b894
2e0e6eb298e68c7bdff99b6e6ea92dd7db3ca5337336a3a2011166077205537e
3e3aeb6a6be4f7615a2a32aeda64db2c9f6776a89d361cbd7446952827bd55be
405a5e4943b97243440d632a958bb6e79f1d1929666745000a22ebaa5fa2d819
414363cb8150c2f60382da1d5a33f260caad65a54d6933e6b28534763d388db8
44d4d9d2b6d9e6888e5e57b1852ab207f724c4a104ab5ce532391788de12ffa4
4b2467f4d0e26b9ca7d9694038a7edbadbbc17cb3afd5c3165495568d63f18ea
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
5b7081f13d8010daa9976c4b189fe646c0271542cbeb69f52f89e51b414ef666
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5d5575c28819cc80d5cf47729e998387ddc2d510a6adf37ce5a19b8f2127ee05
6600e628d105299a9954bb85edc818356f1ec6136ba5d503dc39b2b3de8526c7
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
6cbf5ff9c2945171c3f93c38e9c67d4b98fb5354a3c95cf4910259780c1fb9b0
719b27dfe323e678599d8cf5bebb2744095764a444f9b6bff461e312478a5dd2
7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af
8c7ee0238fa5cd80a02ef9870a7fff498ef52097181cb73edb9219dc022fd919
955081258a5ad0f89752704098029ed7dfcd49cc92acad4cec1edae199d4a5ea
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a62051bde20d0b3e343394fd3b165550db84693436d8dd1b865b8ed5662d756a
a72fd7760f623c9fd5fee0bd98df809a347471902fc479bcdae38681c1a071d1
b33d3c4797668506c29e882095a8c378494a5c9614a04f8f8f5ba2362bb6e19d
b40cbacf2398a9d80e985aa79a19604506636db1cd02b512e44bfa83b574847d
b8f72ea4e8c18375eeba08af9b371941e36460dba20b787772aa99cba72c3102
b91aab00697781a1fb184945cd6e7602db0d45458fa58a53156110945f2b71be
b96491bfd6ad562224719a3c45d0badb4538d044c0f745d4ed99d2ecc6e4ca9a
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
ca7a07233506b5529a951fd2c4580757f5606d874b8a2b0a153d14a418b201ef
d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
de0cde6ae0c98d3e94c298d4309b6d94c8f141b45a2c2d8cf0fd0b03d67d2761
de83a714df7e94eec77286f67f037de6cf698d6688ace46a0687cc1b05ec8794
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3f0c9fc4895c2194ee2a6717d10676003c0c62ce6d626a02ccc8ccca7b0ff50
e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516
e8021f1a9dad409f7e699457ac334653bf800464df69900237c4de1c29e275d0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3b9ef807d3988e8ce73d3012e2f19cab12503a411c79719959f42cb8728f566

0.bluetopperer.online Open in urlscan Pro 104.248.199.158 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

67 Requests

90 %HTTPS

56 %IPv6

17 Domains

23 Subdomains

18 IPs

4 Countries

852 kBTransfer

2175 kBSize

6 Cookies

0 Outgoing links

Page URL History

Redirected requests

67 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

0.bluetopperer.online Open in urlscan Pro
104.248.199.158 Public Scan

Screenshot
Live screenshot

Full Image

67
Requests

90 %
HTTPS

56 %
IPv6

17
Domains

23
Subdomains

18
IPs

4
Countries

852 kB
Transfer

2175 kB
Size

6
Cookies

67 HTTP transactions
6 data transactions