URL: http://hiddenfolder.flowsoft7.com/
Submission Tags: falconsandbox
Submission: On June 03 via api from US

Summary

This website contacted 21 IPs in 3 countries across 10 domains to perform 76 HTTP transactions. The main IP is 58.121.85.143, located in Seocho-gu, Korea, Republic Of and belongs to SKB-AS SK Broadband Co Ltd, KR. The main domain is hiddenfolder.flowsoft7.com.
This is the only time hiddenfolder.flowsoft7.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
14 tpc.googlesyndication.com googleads.g.doubleclick.net
pagead2.googlesyndication.com
tpc.googlesyndication.com
14 googleads.g.doubleclick.net pagead2.googlesyndication.com
googleads.g.doubleclick.net
12 pagead2.googlesyndication.com hiddenfolder.flowsoft7.com
pagead2.googlesyndication.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
www.googletagservices.com
6 fonts.gstatic.com fonts.googleapis.com
5 hiddenfolder.flowsoft7.com hiddenfolder.flowsoft7.com
4 www.google.com 3 redirects tpc.googlesyndication.com
4 apis.google.com hiddenfolder.flowsoft7.com
apis.google.com
4 www.googletagservices.com pagead2.googlesyndication.com
googleads.g.doubleclick.net
3 www.gstatic.com googleads.g.doubleclick.net
3 fonts.googleapis.com googleads.g.doubleclick.net
2 accounts.google.com apis.google.com
ssl.gstatic.com
2 adservice.google.com pagead2.googlesyndication.com
2 adservice.google.de pagead2.googlesyndication.com
2 iblogbox.github.io hiddenfolder.flowsoft7.com
1 ssl.gstatic.com accounts.google.com
1 partner.googleadservices.com pagead2.googlesyndication.com
76 16

This site contains no links.

Subject Issuer Validity Valid
*.g.doubleclick.net
GTS CA 1C3
2021-05-03 -
2021-07-26
3 months crt.sh
*.googleadservices.com
GTS CA 1C3
2021-05-03 -
2021-07-26
3 months crt.sh
*.google.com
GTS CA 1O1
2021-05-10 -
2021-08-02
3 months crt.sh
accounts.google.com
GTS CA 1O1
2021-05-03 -
2021-07-26
3 months crt.sh
upload.video.google.com
GTS CA 1O1
2021-05-03 -
2021-07-26
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2021-05-03 -
2021-07-26
3 months crt.sh

This page contains 15 frames:

Primary Page: http://hiddenfolder.flowsoft7.com/
Frame ID: FEF4DEE81EFBDF645A4A559924E875A2
Requests: 24 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210525/r20190131/zrt_lookup.html
Frame ID: 4953787E3589A85EF040A6577D5651B1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=911114306&adf=3059968214&pi=t.ma~as.5713445902&w=728&lmt=1622726770&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770525&bpp=18&bdt=1104&idt=117&shv=r20210525&cbv=%2Fr20190131&ptt=5&saldr=sa&abxe=1&correlator=1373900275768&frm=20&pv=2&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=305&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=ZEExIXrFLq&p=http%3A//hiddenfolder.flowsoft7.com&dtd=134
Frame ID: 0E811E0180ABFA4C1C3E794C965CAE86
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1622726770&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770558&bpp=3&bdt=1136&idt=108&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=JGNsJ38PHC&p=http%3A//hiddenfolder.flowsoft7.com&dtd=110
Frame ID: DB90D0AB62D6733BD22933AFAB7D2545
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=280&slotname=5713445902&adk=3028893077&adf=3469080882&pi=t.ma~as.5713445902&w=802&fwrn=4&fwrnh=100&lmt=1622726770&rafmt=1&psa=0&format=802x280&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1622726770574&bpp=2&bdt=1152&idt=96&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=399&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=Px2EyLtu2k&p=http%3A//hiddenfolder.flowsoft7.com&dtd=99
Frame ID: 154C18A7C242D8AF853C5A04AE582FD2
Requests: 12 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: CCD4AB2897BD65D72C3306410A617595
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: F6B9222BD32DDED25DACE84929775FD7
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 7D25DBC8A43F9E932FDEF94370198246
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 9C112BECD00EFD996B55775AFA8A61D4
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/2jYUGrzVrWStLDq2CZ0zOcRL9FYonM4iQ_vCp8HlGuk.js
Frame ID: 13FB6689875CD02010440747CFB7405D
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/2jYUGrzVrWStLDq2CZ0zOcRL9FYonM4iQ_vCp8HlGuk.js
Frame ID: D66FD402F320E1FC430A463DB1E789DF
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/2jYUGrzVrWStLDq2CZ0zOcRL9FYonM4iQ_vCp8HlGuk.js
Frame ID: DEA538E4A56DE734AFCE47959EC4760D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&adk=1812271804&adf=3025194257&lmt=1622726771&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&ea=0&flash=0&pra=7&wgl=1&dt=1622726771861&bpp=1&bdt=2439&idt=1&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C802x280&prev_slotnames=5713445902&nras=1&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&psts=AGkb-H_2AnLxeRpWsfjWAFCcbe3dObKpfdEEJ6yu7Ggt779dvN0gn17NNHgKgBCbBIQgTceqtMgpRBi8dEo%2CAGkb-H_qAZfoXq3YIg9gCcWES0LAR4FkrUdrZXLCNRVAZohTdFmBw8Ote0nRsiOcRAWHSEEIs4kOYNH9Qz4%2CAGkb-H91Fu4lQYDJHFtA1sxY5jtPgXJKcfMqRouAeTwQwVgX0mrDiGShDBF-59r1-Dn3vy-ZC1jJROJrlQ&pvsid=1838754561342744&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=4&uci=a!4&fsb=1&dtd=5
Frame ID: B14AEE26D9E6AAF558382929CF3D2797
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 45A5425EF79A0ED41622A892DD5C68DD
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 19E6780B33EE080BFB5A14994A8BFF2F
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /php\/?([\d.]+)?/i

Overall confidence: 100%
Detected patterns
  • headers server /Unix/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Overall confidence: 100%
Detected patterns
  • script /googlesyndication\.com\//i

Page Statistics

76
Requests

88 %
HTTPS

85 %
IPv6

10
Domains

16
Subdomains

21
IPs

3
Countries

1008 kB
Transfer

2259 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 56
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si
Request Chain 63
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si
Request Chain 64
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si

76 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
hiddenfolder.flowsoft7.com/
58 KB
59 KB
Document
General
Full URL
http://hiddenfolder.flowsoft7.com/
Protocol
HTTP/1.1
Server
58.121.85.143 Seocho-gu, Korea, Republic Of, ASN9318 (SKB-AS SK Broadband Co Ltd, KR),
Reverse DNS
Software
Apache/1.3.37 (Unix) PHP/4.4.1 / PHP/4.4.1
Resource Hash
db8c2267fa122aa5af73439302ec7bbda209ab40277345e037fe84b5567be759

Request headers

Host
hiddenfolder.flowsoft7.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 03 Jun 2021 16:14:43 GMT
Server
Apache/1.3.37 (Unix) PHP/4.4.1
X-Powered-By
PHP/4.4.1
Connection
close
Transfer-Encoding
chunked
Content-Type
text/html
common.js
hiddenfolder.flowsoft7.com/js/
14 KB
14 KB
Script
General
Full URL
http://hiddenfolder.flowsoft7.com/js/common.js
Requested by
Host: hiddenfolder.flowsoft7.com
URL: http://hiddenfolder.flowsoft7.com/
Protocol
HTTP/1.1
Server
58.121.85.143 Seocho-gu, Korea, Republic Of, ASN9318 (SKB-AS SK Broadband Co Ltd, KR),
Reverse DNS
Software
Apache/1.3.37 (Unix) PHP/4.4.1 /
Resource Hash
8fab9e6b651c9cf63589737f322eebabc8eb2c4025724aa8b78c7b83ad48a177

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
hiddenfolder.flowsoft7.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
*/*
Referer
http://hiddenfolder.flowsoft7.com/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://hiddenfolder.flowsoft7.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 03 Jun 2021 16:14:44 GMT
Last-Modified
Thu, 26 Jan 2017 03:00:01 GMT
Server
Apache/1.3.37 (Unix) PHP/4.4.1
ETag
"3868ca-38de-58896631"
Content-Type
application/x-javascript
Connection
close
Accept-Ranges
bytes
Content-Length
14558
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
134 KB
47 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: hiddenfolder.flowsoft7.com
URL: http://hiddenfolder.flowsoft7.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
dd233c705ebb6129045b560c19e9bf225d7463f4c96236e2adbc162d4e53fec1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://hiddenfolder.flowsoft7.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 13:26:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
48423
x-xss-protection
0
server
cafe
etag
14961557847784475286
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 03 Jun 2021 13:26:09 GMT
logo65.png
hiddenfolder.flowsoft7.com/img/
3 KB
3 KB
Image
General
Full URL
http://hiddenfolder.flowsoft7.com/img/logo65.png
Requested by
Host: hiddenfolder.flowsoft7.com
URL: http://hiddenfolder.flowsoft7.com/
Protocol
HTTP/1.1
Server
58.121.85.143 Seocho-gu, Korea, Republic Of, ASN9318 (SKB-AS SK Broadband Co Ltd, KR),
Reverse DNS
Software
Apache/1.3.37 (Unix) PHP/4.4.1 /
Resource Hash
804cd89891dc0c2f6c60b7907739c28d9e8a1840fcb169e79e5859792d3bfc26

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
hiddenfolder.flowsoft7.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer
http://hiddenfolder.flowsoft7.com/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://hiddenfolder.flowsoft7.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 03 Jun 2021 16:14:44 GMT
X-Pad
avoid browser bug
Last-Modified
Sun, 13 Dec 2015 07:43:39 GMT
Server
Apache/1.3.37 (Unix) PHP/4.4.1
ETag
"3868c7-c10-566d21ab"
Content-Type
image/png
Connection
close
Accept-Ranges
bytes
Content-Length
3088
show_ads.js
pagead2.googlesyndication.com/pagead/
90 KB
33 KB
Script
General
Full URL
http://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: hiddenfolder.flowsoft7.com
URL: http://hiddenfolder.flowsoft7.com/
Protocol
HTTP/1.1
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5a41de748d1a4eb56759f0baaf6abed3ee21ec181db4c44f07d0b1253864cea8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://hiddenfolder.flowsoft7.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Timing-Allow-Origin
*
Date
Thu, 03 Jun 2021 13:26:10 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
cafe
ETag
9787620895297139316
Vary
Accept-Encoding
P3P
policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control
private, max-age=3600
Cross-Origin-Resource-Policy
cross-origin
Content-Disposition
attachment; filename="f.txt"
Content-Type
text/javascript; charset=UTF-8
Content-Length
33037
X-XSS-Protection
0
Expires
Thu, 03 Jun 2021 13:26:10 GMT
product16.png
iblogbox.github.io/js/gdrive/
2 KB
2 KB
Image
General
Full URL
http://iblogbox.github.io/js/gdrive/product16.png
Requested by
Host: hiddenfolder.flowsoft7.com
URL: http://hiddenfolder.flowsoft7.com/
Protocol
HTTP/1.1
Server
185.199.111.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-111-153.github.com
Software
GitHub.com /
Resource Hash
0aed40d94486ed73e081efab4b6b3eff34c10324d50aabfd80ffa56cb9e5c3de

Request headers

Referer
http://hiddenfolder.flowsoft7.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-Fastly-Request-ID
fa9202c1d8f5760aece239c42b055b2214bc2d5f
Date
Thu, 03 Jun 2021 13:26:10 GMT
Via
1.1 varnish
Age
557
X-Cache
HIT
Connection
keep-alive
Content-Length
1551
X-Served-By
cache-cdg20776-CDG
Last-Modified
Sun, 04 Apr 2021 08:12:43 GMT
Server
GitHub.com
X-GitHub-Request-Id
16FA:8818:14049B9:14A470F:60B4388A
X-Timer
S1622726770.319289,VS0,VE1
ETag
"606974fb-60f"
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
expires
Mon, 31 May 2021 01:24:50 GMT
Cache-Control
max-age=600
permissions-policy
interest-cohort=()
Accept-Ranges
bytes
x-proxy-cache
MISS
X-Cache-Hits
1
commit.png
hiddenfolder.flowsoft7.com/images/
653 B
937 B
Image
General
Full URL
http://hiddenfolder.flowsoft7.com/images/commit.png
Requested by
Host: hiddenfolder.flowsoft7.com
URL: http://hiddenfolder.flowsoft7.com/
Protocol
HTTP/1.1
Server
58.121.85.143 Seocho-gu, Korea, Republic Of, ASN9318 (SKB-AS SK Broadband Co Ltd, KR),
Reverse DNS
Software
Apache/1.3.37 (Unix) PHP/4.4.1 /
Resource Hash
c34b7397b94cb8078d8ca61e9140a32eb6b444df410a614e06d4849d8bd3a17b

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
hiddenfolder.flowsoft7.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer
http://hiddenfolder.flowsoft7.com/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://hiddenfolder.flowsoft7.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 03 Jun 2021 16:14:45 GMT
X-Pad
avoid browser bug
Last-Modified
Sun, 13 Dec 2015 07:43:39 GMT
Server
Apache/1.3.37 (Unix) PHP/4.4.1
ETag
"3868ae-28d-566d21ab"
Content-Type
image/png
Connection
close
Accept-Ranges
bytes
Content-Length
653
close.png
hiddenfolder.flowsoft7.com/images/
691 B
975 B
Image
General
Full URL
http://hiddenfolder.flowsoft7.com/images/close.png
Requested by
Host: hiddenfolder.flowsoft7.com
URL: http://hiddenfolder.flowsoft7.com/
Protocol
HTTP/1.1
Server
58.121.85.143 Seocho-gu, Korea, Republic Of, ASN9318 (SKB-AS SK Broadband Co Ltd, KR),
Reverse DNS
Software
Apache/1.3.37 (Unix) PHP/4.4.1 /
Resource Hash
72397b50b0d93c1df9ba08e23ff88caf48a1664d7ec88876ea083e4d96ca4ed8

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
hiddenfolder.flowsoft7.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer
http://hiddenfolder.flowsoft7.com/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://hiddenfolder.flowsoft7.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 03 Jun 2021 16:14:45 GMT
X-Pad
avoid browser bug
Last-Modified
Sun, 13 Dec 2015 07:43:39 GMT
Server
Apache/1.3.37 (Unix) PHP/4.4.1
ETag
"3868ac-2b3-566d21ab"
Content-Type
image/png
Connection
close
Accept-Ranges
bytes
Content-Length
691
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
134 KB
48 KB
Script
General
Full URL
http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: hiddenfolder.flowsoft7.com
URL: http://hiddenfolder.flowsoft7.com/
Protocol
HTTP/1.1
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
dd233c705ebb6129045b560c19e9bf225d7463f4c96236e2adbc162d4e53fec1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://hiddenfolder.flowsoft7.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Timing-Allow-Origin
*
Date
Thu, 03 Jun 2021 13:26:10 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
cafe
ETag
14961557847784475286
Vary
Accept-Encoding, Origin
P3P
policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control
private, max-age=3600
Cross-Origin-Resource-Policy
cross-origin
Content-Disposition
attachment; filename="f.txt"
Content-Type
text/javascript; charset=UTF-8
Content-Length
48423
X-XSS-Protection
0
Expires
Thu, 03 Jun 2021 13:26:10 GMT
product20.png
iblogbox.github.io/js/gdrive/
2 KB
2 KB
Image
General
Full URL
http://iblogbox.github.io/js/gdrive/product20.png
Requested by
Host: hiddenfolder.flowsoft7.com
URL: http://hiddenfolder.flowsoft7.com/
Protocol
HTTP/1.1
Server
185.199.111.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-111-153.github.com
Software
GitHub.com /
Resource Hash
2a5bafe273098299e3f0185d6d4dddac56c7435d859fe7a745e098b6c9a214f7

Request headers

Referer
http://hiddenfolder.flowsoft7.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-Fastly-Request-ID
49944476016ee4ce8137b1b3dd86b82de396c0f5
Date
Thu, 03 Jun 2021 13:26:10 GMT
Via
1.1 varnish
Age
153
X-Cache
HIT
Connection
keep-alive
Content-Length
1736
X-Served-By
cache-cdg20776-CDG
Last-Modified
Sun, 04 Apr 2021 08:12:43 GMT
Server
GitHub.com
X-GitHub-Request-Id
A03A:DFA4:1EC4C59:1FBF280:60B58661
X-Timer
S1622726771.529530,VS0,VE1
ETag
"606974fb-6c8"
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
expires
Tue, 01 Jun 2021 00:36:49 GMT
Cache-Control
max-age=600
permissions-policy
interest-cohort=()
Accept-Ranges
bytes
x-origin-cache
HIT
x-proxy-cache
HIT
X-Cache-Hits
1
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20210525/r20190131/
233 KB
86 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210525/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1113541014872557&plah=hiddenfolder.flowsoft7.com&amaexp=1
Requested by
Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
53c1737bf97ae4d686956bf2c7caff015329c9aa554ed0ebfc24893dfbe2fddf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://hiddenfolder.flowsoft7.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 13:26:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
87751
x-xss-protection
0
server
cafe
etag
1549945764410104263
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Thu, 03 Jun 2021 13:26:10 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20210525/r20190131/ Frame 4953
10 KB
4 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20210525/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1dad6cb9a0903898a8f82f89c0d10ee6e94f8459228530fa5df3078100c9f650
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20210525/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
http://hiddenfolder.flowsoft7.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://hiddenfolder.flowsoft7.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Thu, 03 Jun 2021 01:47:40 GMT
expires
Thu, 17 Jun 2021 01:47:40 GMT
content-type
text/html; charset=UTF-8
etag
15349191498103243965
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4506
x-xss-protection
0
age
41910
cache-control
public, max-age=1209600
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cookie.js
partner.googleadservices.com/gampad/
203 B
260 B
Script
General
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=hiddenfolder.flowsoft7.com&callback=_gfp_s_&client=ca-pub-1113541014872557
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210525/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1113541014872557&plah=hiddenfolder.flowsoft7.com&amaexp=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
151795a1fd1f2dbdb3b91f5371f6f781743e929548fa6cf052376664f6b0c8be
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://hiddenfolder.flowsoft7.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 13:26:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
192
x-xss-protection
0
integrator.js
adservice.google.de/adsid/
107 B
165 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=hiddenfolder.flowsoft7.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210525/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1113541014872557&plah=hiddenfolder.flowsoft7.com&amaexp=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://hiddenfolder.flowsoft7.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 03 Jun 2021 13:26:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
165 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=hiddenfolder.flowsoft7.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210525/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1113541014872557&plah=hiddenfolder.flowsoft7.com&amaexp=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://hiddenfolder.flowsoft7.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 03 Jun 2021 13:26:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 0E81
75 KB
23 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=911114306&adf=3059968214&pi=t.ma~as.5713445902&w=728&lmt=1622726770&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770525&bpp=18&bdt=1104&idt=117&shv=r20210525&cbv=%2Fr20190131&ptt=5&saldr=sa&abxe=1&correlator=1373900275768&frm=20&pv=2&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=305&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=ZEExIXrFLq&p=http%3A//hiddenfolder.flowsoft7.com&dtd=134
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210525/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1113541014872557&plah=hiddenfolder.flowsoft7.com&amaexp=1
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1c5a059eafed17657c9f6b45a33590f4ac5fb63cb2e325d7ec3f745fec293806
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=911114306&adf=3059968214&pi=t.ma~as.5713445902&w=728&lmt=1622726770&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770525&bpp=18&bdt=1104&idt=117&shv=r20210525&cbv=%2Fr20190131&ptt=5&saldr=sa&abxe=1&correlator=1373900275768&frm=20&pv=2&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=305&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=ZEExIXrFLq&p=http%3A//hiddenfolder.flowsoft7.com&dtd=134
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
http://hiddenfolder.flowsoft7.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://hiddenfolder.flowsoft7.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Thu, 03 Jun 2021 13:26:11 GMT
server
cafe
content-length
23886
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Thu, 03-Jun-2021 13:41:10 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 03 Jun 2021 13:26:11 GMT
cache-control
private
osd.js
www.googletagservices.com/activeview/js/current/
73 KB
28 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210525/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1113541014872557&plah=hiddenfolder.flowsoft7.com&amaexp=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
11d71fc112df3977b9562151e6c75ce860c42779dddcc79af1d0a07366cd44d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://hiddenfolder.flowsoft7.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 13:26:10 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1622656037121142"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28114
x-xss-protection
0
expires
Thu, 03 Jun 2021 13:26:10 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame DB90
75 KB
23 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1622726770&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770558&bpp=3&bdt=1136&idt=108&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=JGNsJ38PHC&p=http%3A//hiddenfolder.flowsoft7.com&dtd=110
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210525/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1113541014872557&plah=hiddenfolder.flowsoft7.com&amaexp=1
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28a127fc45f24ec48c005b11ebc8087b1b328ecf1099097ba04c0c67a418fa4e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1622726770&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770558&bpp=3&bdt=1136&idt=108&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=JGNsJ38PHC&p=http%3A//hiddenfolder.flowsoft7.com&dtd=110
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
http://hiddenfolder.flowsoft7.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://hiddenfolder.flowsoft7.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Thu, 03 Jun 2021 13:26:11 GMT
server
cafe
content-length
23992
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Thu, 03-Jun-2021 13:41:10 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 03 Jun 2021 13:26:11 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame 154C
67 KB
23 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=280&slotname=5713445902&adk=3028893077&adf=3469080882&pi=t.ma~as.5713445902&w=802&fwrn=4&fwrnh=100&lmt=1622726770&rafmt=1&psa=0&format=802x280&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1622726770574&bpp=2&bdt=1152&idt=96&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=399&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=Px2EyLtu2k&p=http%3A//hiddenfolder.flowsoft7.com&dtd=99
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210525/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1113541014872557&plah=hiddenfolder.flowsoft7.com&amaexp=1
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36e506ab077a64ef69b3846228350eca66f871b9b71a638db0ad30a3e272f06a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-1113541014872557&output=html&h=280&slotname=5713445902&adk=3028893077&adf=3469080882&pi=t.ma~as.5713445902&w=802&fwrn=4&fwrnh=100&lmt=1622726770&rafmt=1&psa=0&format=802x280&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1622726770574&bpp=2&bdt=1152&idt=96&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=399&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=Px2EyLtu2k&p=http%3A//hiddenfolder.flowsoft7.com&dtd=99
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
http://hiddenfolder.flowsoft7.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://hiddenfolder.flowsoft7.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Thu, 03 Jun 2021 13:26:11 GMT
server
cafe
content-length
23227
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Thu, 03-Jun-2021 13:41:10 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 03 Jun 2021 13:26:11 GMT
cache-control
private
client.js
apis.google.com/js/
12 KB
5 KB
Script
General
Full URL
https://apis.google.com/js/client.js?onload=gd_clientload
Requested by
Host: hiddenfolder.flowsoft7.com
URL: http://hiddenfolder.flowsoft7.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
611c882ff32e96752a621cdbd84d045bd6f0b37ee5dbbb5587531e89153f3b7e
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-J05iFk3jvMmtdCjR04R4Gg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://hiddenfolder.flowsoft7.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 13:26:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
x-ua-compatible
IE=edge, chrome=1
server
ESF
x-frame-options
SAMEORIGIN
etag
"24fff9698843468dc407f60ad60dec10"
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
content-security-policy
script-src 'report-sample' 'nonce-J05iFk3jvMmtdCjR04R4Gg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin
*
expires
Thu, 03 Jun 2021 13:26:11 GMT
api.js
apis.google.com/js/
12 KB
5 KB
Script
General
Full URL
https://apis.google.com/js/api.js?onload=gd_loadpicker
Requested by
Host: hiddenfolder.flowsoft7.com
URL: http://hiddenfolder.flowsoft7.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a5ca2dec0c159dc829bd7fa6cb2033f3c45f84def363bdb861fccb00b1db46a4
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-kaYsJGR7X0fagiw5u+u3SQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://hiddenfolder.flowsoft7.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 13:26:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
x-ua-compatible
IE=edge, chrome=1
server
ESF
x-frame-options
SAMEORIGIN
etag
"0e9732277818a43f7ae74048cdff31f6"
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
content-security-policy
script-src 'report-sample' 'nonce-kaYsJGR7X0fagiw5u+u3SQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin
*
expires
Thu, 03 Jun 2021 13:26:11 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/
304 KB
104 KB
Script
General
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/client.js?onload=gd_clientload
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7bef45a2d66e62100d6a4dad1b713dde1def59a7b963618e1d96c56593be00ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://hiddenfolder.flowsoft7.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 19:54:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 19 May 2021 15:07:34 GMT
server
sffe
age
149501
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
106903
x-xss-protection
0
expires
Wed, 01 Jun 2022 19:54:30 GMT
cb=gapi.loaded_1
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=picker/exm=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/
69 KB
22 KB
Script
General
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=picker/exm=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/cb=gapi.loaded_1
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/api.js?onload=gd_loadpicker
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d3172c5eb7bf5fd5337f53dcbb156932f6f4c6e8eb3ec2aaa3f6c2b5ad87c1c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://hiddenfolder.flowsoft7.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 06:13:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 19 May 2021 15:07:34 GMT
server
sffe
age
198756
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22231
x-xss-protection
0
expires
Wed, 01 Jun 2022 06:13:35 GMT
iframe
accounts.google.com/o/oauth2/ Frame CCD4
513 B
546 B
Document
General
Full URL
https://accounts.google.com/o/oauth2/iframe
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/cb=gapi.loaded_0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5123e4abd542b224ae01e557d94ca404871ceb1753658aca98e12ac2202acafe
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-IVyBd4GWNYpbY3cFxmYPOg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
accounts.google.com
:scheme
https
:path
/o/oauth2/iframe
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
http://hiddenfolder.flowsoft7.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
NID=216=obfFUPzp5yOLVNtRAhm2NbW3fRd9VANCmwgnfyB4EIWvxFWGkcMPbLRRu13XHcgqTijjBOQBbLrw_KbdQPzCHH877AYNCpR4hZxRLyLTxB44YS3iRzLtRSbQCdEG74hFnSukdQGRT2cjsZoUcvZ3kF_E7Y_g_mQLgEJn_2slKEQ
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://hiddenfolder.flowsoft7.com/

Response headers

content-type
text/html; charset=utf-8
cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Thu, 03 Jun 2021 13:26:11 GMT
content-language
en-US
content-security-policy
script-src 'report-sample' 'nonce-IVyBd4GWNYpbY3cFxmYPOg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding
gzip
server
ESF
x-xss-protection
0
x-content-type-options
nosniff
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
3415758833-idpiframe.js
ssl.gstatic.com/accounts/o/ Frame CCD4
114 KB
114 KB
Script
General
Full URL
https://ssl.gstatic.com/accounts/o/3415758833-idpiframe.js
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/iframe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cbd0e12b1246f6280d9cd402284261eb3e81a9b5c6e179ae5d1a20b7731a4fa7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 12:49:54 GMT
vary
Accept-Encoding
last-modified
Fri, 21 May 2021 04:38:18 GMT
server
sffe
x-content-type-options
nosniff
age
2177
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
116599
x-xss-protection
0
expires
Fri, 03 Jun 2022 12:49:54 GMT
iframerpc
accounts.google.com/o/oauth2/ Frame CCD4
14 B
58 B
XHR
General
Full URL
https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=http%3A%2F%2Fhiddenfolder.flowsoft7.com&client_id=253648402749-njch9t3fvn1ja103doe0msrnonepldqe.apps.googleusercontent.com
Requested by
Host: ssl.gstatic.com
URL: https://ssl.gstatic.com/accounts/o/3415758833-idpiframe.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8daf09a6fc31937457dd77e9c25ce4b21349d605b561a8c5d557841bf964c9a0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://accounts.google.com/o/oauth2/iframe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
X-Requested-With
XmlHttpRequest

Response headers

date
Thu, 03 Jun 2021 13:26:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
content-type
application/json; charset=utf-8
cache-control
public, max-age=3600
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Thu, 03 Jun 2021 14:26:11 GMT
css
fonts.googleapis.com/ Frame 0E81
3 KB
674 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=911114306&adf=3059968214&pi=t.ma~as.5713445902&w=728&lmt=1622726770&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770525&bpp=18&bdt=1104&idt=117&shv=r20210525&cbv=%2Fr20190131&ptt=5&saldr=sa&abxe=1&correlator=1373900275768&frm=20&pv=2&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=305&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=ZEExIXrFLq&p=http%3A//hiddenfolder.flowsoft7.com&dtd=134
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 03 Jun 2021 11:28:03 GMT
server
ESF
date
Thu, 03 Jun 2021 13:26:11 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 03 Jun 2021 13:26:11 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210525/r20110914/client/ Frame 0E81
1 KB
946 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210525/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=911114306&adf=3059968214&pi=t.ma~as.5713445902&w=728&lmt=1622726770&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770525&bpp=18&bdt=1104&idt=117&shv=r20210525&cbv=%2Fr20190131&ptt=5&saldr=sa&abxe=1&correlator=1373900275768&frm=20&pv=2&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=305&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=ZEExIXrFLq&p=http%3A//hiddenfolder.flowsoft7.com&dtd=134
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 13:23:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
170
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
882
x-xss-protection
0
server
cafe
etag
11243716317595354070
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 17 Jun 2021 13:23:21 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210525/r20110914/ Frame 0E81
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210525/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=911114306&adf=3059968214&pi=t.ma~as.5713445902&w=728&lmt=1622726770&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770525&bpp=18&bdt=1104&idt=117&shv=r20210525&cbv=%2Fr20190131&ptt=5&saldr=sa&abxe=1&correlator=1373900275768&frm=20&pv=2&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=305&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=ZEExIXrFLq&p=http%3A//hiddenfolder.flowsoft7.com&dtd=134
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
57a32821aa342bff22571bea1158676b4665fc8de5cb468a043be716e40edee6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 13:25:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
24
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7025
x-xss-protection
0
server
cafe
etag
13581262519725736155
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 17 Jun 2021 13:25:47 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210525/r20110914/client/ Frame 0E81
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210525/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=911114306&adf=3059968214&pi=t.ma~as.5713445902&w=728&lmt=1622726770&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770525&bpp=18&bdt=1104&idt=117&shv=r20210525&cbv=%2Fr20190131&ptt=5&saldr=sa&abxe=1&correlator=1373900275768&frm=20&pv=2&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=305&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=ZEExIXrFLq&p=http%3A//hiddenfolder.flowsoft7.com&dtd=134
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 13:23:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
145
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1303
x-xss-protection
0
server
cafe
etag
14729628269804859526
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 17 Jun 2021 13:23:46 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 0E81
121 KB
37 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=911114306&adf=3059968214&pi=t.ma~as.5713445902&w=728&lmt=1622726770&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770525&bpp=18&bdt=1104&idt=117&shv=r20210525&cbv=%2Fr20190131&ptt=5&saldr=sa&abxe=1&correlator=1373900275768&frm=20&pv=2&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=305&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=ZEExIXrFLq&p=http%3A//hiddenfolder.flowsoft7.com&dtd=134
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
85e1be533dbdd83a22910cbee29a4d1f49d3e8d201f5f480517ecfd6bd282965
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 13:26:11 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1622656031336809"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37735
x-xss-protection
0
expires
Thu, 03 Jun 2021 13:26:11 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210525/r20110914/client/ Frame 0E81
13 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210525/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=911114306&adf=3059968214&pi=t.ma~as.5713445902&w=728&lmt=1622726770&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770525&bpp=18&bdt=1104&idt=117&shv=r20210525&cbv=%2Fr20190131&ptt=5&saldr=sa&abxe=1&correlator=1373900275768&frm=20&pv=2&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=305&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=ZEExIXrFLq&p=http%3A//hiddenfolder.flowsoft7.com&dtd=134
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
684722f2ec67f3a1b4aad3b445dd37b60d048d66701dfff1f5c40b3bad4fae8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 13:21:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
301
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5635
x-xss-protection
0
server
cafe
etag
1319581658596578636
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 17 Jun 2021 13:21:10 GMT
3b821d177d35ff0343c5a517c12ac1c9.js
www.gstatic.com/mysidia/ Frame 0E81
25 KB
10 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/3b821d177d35ff0343c5a517c12ac1c9.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=911114306&adf=3059968214&pi=t.ma~as.5713445902&w=728&lmt=1622726770&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770525&bpp=18&bdt=1104&idt=117&shv=r20210525&cbv=%2Fr20190131&ptt=5&saldr=sa&abxe=1&correlator=1373900275768&frm=20&pv=2&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=305&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=ZEExIXrFLq&p=http%3A//hiddenfolder.flowsoft7.com&dtd=134
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d7bc2e5c2959435469986ff3eb98d158edf428ed8eeccb0e8ffe31d3336c9ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 13:12:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
845
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10549
x-xss-protection
0
last-modified
Wed, 02 Jun 2021 00:10:36 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Wed, 01 Sep 2021 13:12:06 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 0E81
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CxMttcti4YNXPKYyQtwfiuqboCd7fkOpi6suUgPkHmJL4h7MCEAEg96W8DWCVAqABw9Cs0QPIAQGpAgMANKBib7Q-qAMByAPDBKoE4gFP0APz3km4RCZEkVscnQuKjfi-MbxzBNwutQVzP824Tr2zw8JigY3ZEACwPzV2Q3UHanpLOVqCEC95AkbewQSSKc4amVfS7rusrfexo6lsPHvreMV5SVw3mDXr6I6yBODxFtx0mflQiSnzhp48ZB4ENOGMp4eq0mRD92Y-ItrBvDCBjKHj_N0ibsCABIeq2ZL2x4BjiR0PkfjwUwSWY9F971AYjGO_ALlZwqFM6oL8eUVxbeQX0WbJET4dh6n1j65PsBa0o2kg5SAhxh-rfOH6swb6GkAUZtco07R4-siiv-GOwATF592uzAGSBQQIBBgBkgUECAUYBKAGUYAHpa_TLqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBRDcwNkF0ggJCIDhgHAQARgfgAoByAsB2BMM0BUBgBcBshcaChgIABIUcHViLTExMTM1NDEwMTQ4NzI1NTc&sigh=OfszCfFQbI8
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=911114306&adf=3059968214&pi=t.ma~as.5713445902&w=728&lmt=1622726770&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770525&bpp=18&bdt=1104&idt=117&shv=r20210525&cbv=%2Fr20190131&ptt=5&saldr=sa&abxe=1&correlator=1373900275768&frm=20&pv=2&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=305&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=ZEExIXrFLq&p=http%3A//hiddenfolder.flowsoft7.com&dtd=134
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=911114306&adf=3059968214&pi=t.ma~as.5713445902&w=728&lmt=1622726770&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770525&bpp=18&bdt=1104&idt=117&shv=r20210525&cbv=%2Fr20190131&ptt=5&saldr=sa&abxe=1&correlator=1373900275768&frm=20&pv=2&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=305&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=ZEExIXrFLq&p=http%3A//hiddenfolder.flowsoft7.com&dtd=134
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Thu, 03 Jun 2021 13:26:11 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Thu, 03 Jun 2021 13:26:11 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame F6B9
143 B
163 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=911114306&adf=3059968214&pi=t.ma~as.5713445902&w=728&lmt=1622726770&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770525&bpp=18&bdt=1104&idt=117&shv=r20210525&cbv=%2Fr20190131&ptt=5&saldr=sa&abxe=1&correlator=1373900275768&frm=20&pv=2&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=305&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=ZEExIXrFLq&p=http%3A//hiddenfolder.flowsoft7.com&dtd=134
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
safe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/s?v=r20120211
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=911114306&adf=3059968214&pi=t.ma~as.5713445902&w=728&lmt=1622726770&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770525&bpp=18&bdt=1104&idt=117&shv=r20210525&cbv=%2Fr20190131&ptt=5&saldr=sa&abxe=1&correlator=1373900275768&frm=20&pv=2&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=305&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=ZEExIXrFLq&p=http%3A//hiddenfolder.flowsoft7.com&dtd=134
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUlK0M5i_O_EmpUut4ANdHlaNahgQS9ZIhALUmn13B6IG_UU37lVR1jVzU5hf2k
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=911114306&adf=3059968214&pi=t.ma~as.5713445902&w=728&lmt=1622726770&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770525&bpp=18&bdt=1104&idt=117&shv=r20210525&cbv=%2Fr20190131&ptt=5&saldr=sa&abxe=1&correlator=1373900275768&frm=20&pv=2&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=305&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=ZEExIXrFLq&p=http%3A//hiddenfolder.flowsoft7.com&dtd=134

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Thu, 03 Jun 2021 12:36:58 GMT
server
safe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
2953
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
css
fonts.googleapis.com/ Frame 154C
3 KB
578 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=280&slotname=5713445902&adk=3028893077&adf=3469080882&pi=t.ma~as.5713445902&w=802&fwrn=4&fwrnh=100&lmt=1622726770&rafmt=1&psa=0&format=802x280&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1622726770574&bpp=2&bdt=1152&idt=96&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=399&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=Px2EyLtu2k&p=http%3A//hiddenfolder.flowsoft7.com&dtd=99
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 03 Jun 2021 11:27:04 GMT
server
ESF
date
Thu, 03 Jun 2021 13:26:11 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 03 Jun 2021 13:26:11 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210525/r20110914/client/ Frame 154C
1 KB
909 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210525/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=280&slotname=5713445902&adk=3028893077&adf=3469080882&pi=t.ma~as.5713445902&w=802&fwrn=4&fwrnh=100&lmt=1622726770&rafmt=1&psa=0&format=802x280&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1622726770574&bpp=2&bdt=1152&idt=96&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=399&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=Px2EyLtu2k&p=http%3A//hiddenfolder.flowsoft7.com&dtd=99
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 13:23:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
170
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
882
x-xss-protection
0
server
cafe
etag
11243716317595354070
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 17 Jun 2021 13:23:21 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210525/r20110914/ Frame 154C
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210525/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=280&slotname=5713445902&adk=3028893077&adf=3469080882&pi=t.ma~as.5713445902&w=802&fwrn=4&fwrnh=100&lmt=1622726770&rafmt=1&psa=0&format=802x280&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1622726770574&bpp=2&bdt=1152&idt=96&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=399&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=Px2EyLtu2k&p=http%3A//hiddenfolder.flowsoft7.com&dtd=99
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
57a32821aa342bff22571bea1158676b4665fc8de5cb468a043be716e40edee6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 13:25:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
24
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7025
x-xss-protection
0
server
cafe
etag
13581262519725736155
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 17 Jun 2021 13:25:47 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210525/r20110914/client/ Frame 154C
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210525/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=280&slotname=5713445902&adk=3028893077&adf=3469080882&pi=t.ma~as.5713445902&w=802&fwrn=4&fwrnh=100&lmt=1622726770&rafmt=1&psa=0&format=802x280&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1622726770574&bpp=2&bdt=1152&idt=96&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=399&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=Px2EyLtu2k&p=http%3A//hiddenfolder.flowsoft7.com&dtd=99
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 13:23:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
145
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1303
x-xss-protection
0
server
cafe
etag
14729628269804859526
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 17 Jun 2021 13:23:46 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 154C
121 KB
37 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=280&slotname=5713445902&adk=3028893077&adf=3469080882&pi=t.ma~as.5713445902&w=802&fwrn=4&fwrnh=100&lmt=1622726770&rafmt=1&psa=0&format=802x280&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1622726770574&bpp=2&bdt=1152&idt=96&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=399&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=Px2EyLtu2k&p=http%3A//hiddenfolder.flowsoft7.com&dtd=99
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
85e1be533dbdd83a22910cbee29a4d1f49d3e8d201f5f480517ecfd6bd282965
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 13:26:11 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1622656031336809"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37735
x-xss-protection
0
expires
Thu, 03 Jun 2021 13:26:11 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210525/r20110914/client/ Frame 154C
13 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210525/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=280&slotname=5713445902&adk=3028893077&adf=3469080882&pi=t.ma~as.5713445902&w=802&fwrn=4&fwrnh=100&lmt=1622726770&rafmt=1&psa=0&format=802x280&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1622726770574&bpp=2&bdt=1152&idt=96&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=399&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=Px2EyLtu2k&p=http%3A//hiddenfolder.flowsoft7.com&dtd=99
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
684722f2ec67f3a1b4aad3b445dd37b60d048d66701dfff1f5c40b3bad4fae8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 13:21:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
301
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5635
x-xss-protection
0
server
cafe
etag
1319581658596578636
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 17 Jun 2021 13:21:10 GMT
3b821d177d35ff0343c5a517c12ac1c9.js
www.gstatic.com/mysidia/ Frame 154C
25 KB
10 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/3b821d177d35ff0343c5a517c12ac1c9.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=280&slotname=5713445902&adk=3028893077&adf=3469080882&pi=t.ma~as.5713445902&w=802&fwrn=4&fwrnh=100&lmt=1622726770&rafmt=1&psa=0&format=802x280&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1622726770574&bpp=2&bdt=1152&idt=96&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=399&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=Px2EyLtu2k&p=http%3A//hiddenfolder.flowsoft7.com&dtd=99
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d7bc2e5c2959435469986ff3eb98d158edf428ed8eeccb0e8ffe31d3336c9ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 13:12:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
845
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10549
x-xss-protection
0
last-modified
Wed, 02 Jun 2021 00:10:36 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Wed, 01 Sep 2021 13:12:06 GMT
truncated
/ Frame 0E81
215 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f29039337427b1be73332509f735832bc1a19dd4b4c2eb1a745dd3821e350747

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
adview
googleads.g.doubleclick.net/pagead/ Frame 154C
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C0HDccti4YKXJKryHwuIPsJqooAfe35DqYurLlID5B5iS-IezAhABIPelvA1glQKgAcPQrNEDyAEBqQJjF3Zm5HK0PqgDAcgDwwSqBOYBT9APAo5LTL--MXcXzcB7fZEEnOAiMuVtdXi9Ox8obf1KQVNWOJT7EHN3aHY7yVO1rBhx4T2KA3XiBWOPBkypams-eJ4YRIfPnZKyvvhLDPRYccZ3IXm9t5WTNjwvJifcipOVb1xYH-RsOs4gyMp42eq5uVdWWfG3UQLEinNOceEm0JK4-LhKbtLXkHaIAVMIecjVUA8Nrb7GyE1KbAz4gn2pk2I_12BwJX3nyw6r-loAWJtJNAAEJo38fAzFQ1_FaH33pADbd4JqMhKNUk24lF02Vbpp5kSBvee7jJIB6MFzoHNPWl_ABMXn3a7MAZIFBAgEGAGSBQQIBRgEoAZRgAelr9MuqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcFEOukoAHSCAkIgOGAcBABGB-ACgHICwHYEwzQFQGAFwGyFxoKGAgAEhRwdWItMTExMzU0MTAxNDg3MjU1Nw&sigh=hP0XfK9QWQ4
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=280&slotname=5713445902&adk=3028893077&adf=3469080882&pi=t.ma~as.5713445902&w=802&fwrn=4&fwrnh=100&lmt=1622726770&rafmt=1&psa=0&format=802x280&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1622726770574&bpp=2&bdt=1152&idt=96&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=399&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=Px2EyLtu2k&p=http%3A//hiddenfolder.flowsoft7.com&dtd=99
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=280&slotname=5713445902&adk=3028893077&adf=3469080882&pi=t.ma~as.5713445902&w=802&fwrn=4&fwrnh=100&lmt=1622726770&rafmt=1&psa=0&format=802x280&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1622726770574&bpp=2&bdt=1152&idt=96&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=399&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=Px2EyLtu2k&p=http%3A//hiddenfolder.flowsoft7.com&dtd=99
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Thu, 03 Jun 2021 13:26:11 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
css
fonts.googleapis.com/ Frame DB90
3 KB
578 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1622726770&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770558&bpp=3&bdt=1136&idt=108&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=JGNsJ38PHC&p=http%3A//hiddenfolder.flowsoft7.com&dtd=110
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 03 Jun 2021 13:08:18 GMT
server
ESF
date
Thu, 03 Jun 2021 13:26:11 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 03 Jun 2021 13:26:11 GMT
4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 0E81
21 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://googleads.g.doubleclick.net
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 06:30:43 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 Nov 2020 20:26:21 GMT
server
sffe
age
197728
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21716
x-xss-protection
0
expires
Wed, 01 Jun 2022 06:30:43 GMT
4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 0E81
21 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://googleads.g.doubleclick.net
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 22:10:26 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 Nov 2020 20:26:16 GMT
server
sffe
age
141345
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21552
x-xss-protection
0
expires
Wed, 01 Jun 2022 22:10:26 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210525/r20110914/client/ Frame DB90
1 KB
909 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210525/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1622726770&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770558&bpp=3&bdt=1136&idt=108&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=JGNsJ38PHC&p=http%3A//hiddenfolder.flowsoft7.com&dtd=110
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 13:23:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
170
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
882
x-xss-protection
0
server
cafe
etag
11243716317595354070
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 17 Jun 2021 13:23:21 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210525/r20110914/ Frame DB90
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210525/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1622726770&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770558&bpp=3&bdt=1136&idt=108&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=JGNsJ38PHC&p=http%3A//hiddenfolder.flowsoft7.com&dtd=110
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
57a32821aa342bff22571bea1158676b4665fc8de5cb468a043be716e40edee6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 13:25:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
24
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7025
x-xss-protection
0
server
cafe
etag
13581262519725736155
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 17 Jun 2021 13:25:47 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210525/r20110914/client/ Frame DB90
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210525/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1622726770&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770558&bpp=3&bdt=1136&idt=108&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=JGNsJ38PHC&p=http%3A//hiddenfolder.flowsoft7.com&dtd=110
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 13:23:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
145
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1303
x-xss-protection
0
server
cafe
etag
14729628269804859526
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 17 Jun 2021 13:23:46 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame DB90
121 KB
37 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1622726770&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770558&bpp=3&bdt=1136&idt=108&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=JGNsJ38PHC&p=http%3A//hiddenfolder.flowsoft7.com&dtd=110
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
85e1be533dbdd83a22910cbee29a4d1f49d3e8d201f5f480517ecfd6bd282965
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 13:26:11 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1622656031336809"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37735
x-xss-protection
0
expires
Thu, 03 Jun 2021 13:26:11 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20210525/r20110914/client/ Frame DB90
13 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20210525/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1622726770&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770558&bpp=3&bdt=1136&idt=108&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=JGNsJ38PHC&p=http%3A//hiddenfolder.flowsoft7.com&dtd=110
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
684722f2ec67f3a1b4aad3b445dd37b60d048d66701dfff1f5c40b3bad4fae8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 13:21:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
301
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5635
x-xss-protection
0
server
cafe
etag
1319581658596578636
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 17 Jun 2021 13:21:10 GMT
3b821d177d35ff0343c5a517c12ac1c9.js
www.gstatic.com/mysidia/ Frame DB90
25 KB
10 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/3b821d177d35ff0343c5a517c12ac1c9.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1622726770&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770558&bpp=3&bdt=1136&idt=108&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=JGNsJ38PHC&p=http%3A//hiddenfolder.flowsoft7.com&dtd=110
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d7bc2e5c2959435469986ff3eb98d158edf428ed8eeccb0e8ffe31d3336c9ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 13:12:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
845
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10549
x-xss-protection
0
last-modified
Wed, 02 Jun 2021 00:10:36 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Wed, 01 Sep 2021 13:12:06 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame 7D25
143 B
163 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=280&slotname=5713445902&adk=3028893077&adf=3469080882&pi=t.ma~as.5713445902&w=802&fwrn=4&fwrnh=100&lmt=1622726770&rafmt=1&psa=0&format=802x280&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1622726770574&bpp=2&bdt=1152&idt=96&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=399&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=Px2EyLtu2k&p=http%3A//hiddenfolder.flowsoft7.com&dtd=99
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
safe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/s?v=r20120211
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=280&slotname=5713445902&adk=3028893077&adf=3469080882&pi=t.ma~as.5713445902&w=802&fwrn=4&fwrnh=100&lmt=1622726770&rafmt=1&psa=0&format=802x280&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1622726770574&bpp=2&bdt=1152&idt=96&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=399&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=Px2EyLtu2k&p=http%3A//hiddenfolder.flowsoft7.com&dtd=99
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUlK0M5i_O_EmpUut4ANdHlaNahgQS9ZIhALUmn13B6IG_UU37lVR1jVzU5hf2k; test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=280&slotname=5713445902&adk=3028893077&adf=3469080882&pi=t.ma~as.5713445902&w=802&fwrn=4&fwrnh=100&lmt=1622726770&rafmt=1&psa=0&format=802x280&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1622726770574&bpp=2&bdt=1152&idt=96&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=399&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=Px2EyLtu2k&p=http%3A//hiddenfolder.flowsoft7.com&dtd=99

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Thu, 03 Jun 2021 12:36:58 GMT
server
safe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
2953
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
adview
googleads.g.doubleclick.net/pagead/ Frame DB90
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=Cjnspcti4YLSZKteptwfC5bKAC8nrj-Bi7KbJnvQNwI23ARABIPelvA1glQKgAcWs-NMDyAEBqAMByAPDBKoE5QFP0DtpR3zZNz6BVaMWzxcYyIYzllVPNfduWcQjIuEyJPjbBecbiU3k88jkGTli1pfJcpgUNQQ42B-iAAOFk5_uOVTQwuaGuIxsd7xfHTry-Eutx9YrzMii3IcqkW0x0cucvb5RABwNhuBlbE2_mMUKACJccQLpn6YQEnMaycMsediGJgLvoct4aqVvDxONX37xFyOzNAb-8ijVnEaOJ5kPGxSgcRAJpwAGvbc-WxRt953NINItMnbqvIoPxi2Tbh7JQ7fOO6eK5s6rzXX7Jte5DTYtBEZmS-1VUVFUUBHdCszgfJxrwATntfzc0AOSBQQIBBgBkgUECAUYBKAGZoAHo9OHLKgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBRDqjqYC0ggJCIDhgHAQARgfgAoByAsB2BMK0BUBgBcBshcaChgIABIUcHViLTExMTM1NDEwMTQ4NzI1NTc&sigh=1Xc1OO6JyNo
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1622726770&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770558&bpp=3&bdt=1136&idt=108&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=JGNsJ38PHC&p=http%3A//hiddenfolder.flowsoft7.com&dtd=110
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1622726770&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770558&bpp=3&bdt=1136&idt=108&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=JGNsJ38PHC&p=http%3A//hiddenfolder.flowsoft7.com&dtd=110
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Thu, 03 Jun 2021 13:26:11 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
truncated
/ Frame 154C
218 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c2719264aac674caa14b92fa3dabbdd9e88880c7efdd5705d30a364f797fb9bb

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
s
googleads.g.doubleclick.net/pagead/drt/ Frame 9C11
143 B
163 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1622726770&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770558&bpp=3&bdt=1136&idt=108&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=JGNsJ38PHC&p=http%3A//hiddenfolder.flowsoft7.com&dtd=110
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
safe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/s?v=r20120211
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1622726770&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770558&bpp=3&bdt=1136&idt=108&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=JGNsJ38PHC&p=http%3A//hiddenfolder.flowsoft7.com&dtd=110
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUlK0M5i_O_EmpUut4ANdHlaNahgQS9ZIhALUmn13B6IG_UU37lVR1jVzU5hf2k; test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1622726770&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770558&bpp=3&bdt=1136&idt=108&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=JGNsJ38PHC&p=http%3A//hiddenfolder.flowsoft7.com&dtd=110

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Thu, 03 Jun 2021 12:36:58 GMT
server
safe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
2953
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
si
googleads.g.doubleclick.net/pagead/drt/ Frame F6B9
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si
0
16 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=911114306&adf=3059968214&pi=t.ma~as.5713445902&w=728&lmt=1622726770&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770525&bpp=18&bdt=1104&idt=117&shv=r20210525&cbv=%2Fr20190131&ptt=5&saldr=sa&abxe=1&correlator=1373900275768&frm=20&pv=2&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=305&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=ZEExIXrFLq&p=http%3A//hiddenfolder.flowsoft7.com&dtd=134
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
safe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/si
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUlK0M5i_O_EmpUut4ANdHlaNahgQS9ZIhALUmn13B6IG_UU37lVR1jVzU5hf2k; test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 03 Jun 2021 13:26:11 GMT
server
safe
content-length
0
x-xss-protection
0
set-cookie
DSID=NO_DATA; expires=Thu, 03-Jun-2021 14:26:11 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 03 Jun 2021 13:26:11 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 03 Jun 2021 13:26:11 GMT
server
safe
content-length
246
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame DB90
215 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e65708da39df0bf35d9993b7b555255287d2daf07d7545f5cc8b16289e008894

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
2jYUGrzVrWStLDq2CZ0zOcRL9FYonM4iQ_vCp8HlGuk.js
pagead2.googlesyndication.com/bg/ Frame 13FB
14 KB
6 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/2jYUGrzVrWStLDq2CZ0zOcRL9FYonM4iQ_vCp8HlGuk.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=911114306&adf=3059968214&pi=t.ma~as.5713445902&w=728&lmt=1622726770&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770525&bpp=18&bdt=1104&idt=117&shv=r20210525&cbv=%2Fr20190131&ptt=5&saldr=sa&abxe=1&correlator=1373900275768&frm=20&pv=2&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=305&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=ZEExIXrFLq&p=http%3A//hiddenfolder.flowsoft7.com&dtd=134
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
da36141abcd5ad64ad2c3ab6099d3339c44bf456289cce2243fbc2a7c1e51ae9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 06:35:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
24662
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5712
x-xss-protection
0
last-modified
Mon, 17 May 2021 11:28:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 03 Jun 2022 06:35:09 GMT
4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame DB90
21 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://googleads.g.doubleclick.net
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 06:30:43 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 Nov 2020 20:26:21 GMT
server
sffe
age
197728
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21716
x-xss-protection
0
expires
Wed, 01 Jun 2022 06:30:43 GMT
4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame DB90
21 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://googleads.g.doubleclick.net
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 22:10:26 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 Nov 2020 20:26:16 GMT
server
sffe
age
141345
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21552
x-xss-protection
0
expires
Wed, 01 Jun 2022 22:10:26 GMT
4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 154C
21 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://googleads.g.doubleclick.net
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 06:30:43 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 Nov 2020 20:26:21 GMT
server
sffe
age
197728
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21716
x-xss-protection
0
expires
Wed, 01 Jun 2022 06:30:43 GMT
4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 154C
21 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://googleads.g.doubleclick.net
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 01 Jun 2021 22:10:26 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 Nov 2020 20:26:16 GMT
server
sffe
age
141345
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21552
x-xss-protection
0
expires
Wed, 01 Jun 2022 22:10:26 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame 7D25
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si
0
16 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=280&slotname=5713445902&adk=3028893077&adf=3469080882&pi=t.ma~as.5713445902&w=802&fwrn=4&fwrnh=100&lmt=1622726770&rafmt=1&psa=0&format=802x280&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1622726770574&bpp=2&bdt=1152&idt=96&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=399&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=Px2EyLtu2k&p=http%3A//hiddenfolder.flowsoft7.com&dtd=99
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
safe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/si
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUlK0M5i_O_EmpUut4ANdHlaNahgQS9ZIhALUmn13B6IG_UU37lVR1jVzU5hf2k; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 03 Jun 2021 13:26:11 GMT
server
safe
content-length
0
x-xss-protection
0
set-cookie
DSID=NO_DATA; expires=Thu, 03-Jun-2021 14:26:11 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 03 Jun 2021 13:26:11 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 03 Jun 2021 13:26:11 GMT
server
safe
content-length
246
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
si
googleads.g.doubleclick.net/pagead/drt/ Frame 9C11
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si
0
16 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1622726770&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770558&bpp=3&bdt=1136&idt=108&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=JGNsJ38PHC&p=http%3A//hiddenfolder.flowsoft7.com&dtd=110
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
safe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/drt/si
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://googleads.g.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUlK0M5i_O_EmpUut4ANdHlaNahgQS9ZIhALUmn13B6IG_UU37lVR1jVzU5hf2k; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 03 Jun 2021 13:26:11 GMT
server
safe
content-length
0
x-xss-protection
0
set-cookie
DSID=NO_DATA; expires=Thu, 03-Jun-2021 14:26:11 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 03 Jun 2021 13:26:11 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 03 Jun 2021 13:26:11 GMT
server
safe
content-length
246
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
2jYUGrzVrWStLDq2CZ0zOcRL9FYonM4iQ_vCp8HlGuk.js
pagead2.googlesyndication.com/bg/ Frame D66F
14 KB
6 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/2jYUGrzVrWStLDq2CZ0zOcRL9FYonM4iQ_vCp8HlGuk.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1622726770&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1622726770558&bpp=3&bdt=1136&idt=108&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=JGNsJ38PHC&p=http%3A//hiddenfolder.flowsoft7.com&dtd=110
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
da36141abcd5ad64ad2c3ab6099d3339c44bf456289cce2243fbc2a7c1e51ae9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 02 Jun 2021 18:08:50 GMT
content-encoding
br
x-content-type-options
nosniff
age
69441
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5712
x-xss-protection
0
last-modified
Mon, 17 May 2021 11:28:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 02 Jun 2022 18:08:50 GMT
2jYUGrzVrWStLDq2CZ0zOcRL9FYonM4iQ_vCp8HlGuk.js
pagead2.googlesyndication.com/bg/ Frame DEA5
14 KB
6 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/2jYUGrzVrWStLDq2CZ0zOcRL9FYonM4iQ_vCp8HlGuk.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=280&slotname=5713445902&adk=3028893077&adf=3469080882&pi=t.ma~as.5713445902&w=802&fwrn=4&fwrnh=100&lmt=1622726770&rafmt=1&psa=0&format=802x280&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1622726770574&bpp=2&bdt=1152&idt=96&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&prev_slotnames=5713445902&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=399&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&pvsid=1838754561342744&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=Px2EyLtu2k&p=http%3A//hiddenfolder.flowsoft7.com&dtd=99
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
da36141abcd5ad64ad2c3ab6099d3339c44bf456289cce2243fbc2a7c1e51ae9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 02 Jun 2021 18:08:50 GMT
content-encoding
br
x-content-type-options
nosniff
age
69441
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5712
x-xss-protection
0
last-modified
Mon, 17 May 2021 11:28:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 02 Jun 2022 18:08:50 GMT
integrator.js
adservice.google.de/adsid/
107 B
165 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=hiddenfolder.flowsoft7.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210525/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1113541014872557&plah=hiddenfolder.flowsoft7.com&amaexp=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://hiddenfolder.flowsoft7.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 03 Jun 2021 13:26:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
165 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=hiddenfolder.flowsoft7.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210525/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1113541014872557&plah=hiddenfolder.flowsoft7.com&amaexp=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://hiddenfolder.flowsoft7.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 03 Jun 2021 13:26:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame B14A
0
19 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&adk=1812271804&adf=3025194257&lmt=1622726771&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&ea=0&flash=0&pra=7&wgl=1&dt=1622726771861&bpp=1&bdt=2439&idt=1&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C802x280&prev_slotnames=5713445902&nras=1&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&psts=AGkb-H_2AnLxeRpWsfjWAFCcbe3dObKpfdEEJ6yu7Ggt779dvN0gn17NNHgKgBCbBIQgTceqtMgpRBi8dEo%2CAGkb-H_qAZfoXq3YIg9gCcWES0LAR4FkrUdrZXLCNRVAZohTdFmBw8Ote0nRsiOcRAWHSEEIs4kOYNH9Qz4%2CAGkb-H91Fu4lQYDJHFtA1sxY5jtPgXJKcfMqRouAeTwQwVgX0mrDiGShDBF-59r1-Dn3vy-ZC1jJROJrlQ&pvsid=1838754561342744&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=4&uci=a!4&fsb=1&dtd=5
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210525/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1113541014872557&plah=hiddenfolder.flowsoft7.com&amaexp=1
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-1113541014872557&output=html&adk=1812271804&adf=3025194257&lmt=1622726771&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&ea=0&flash=0&pra=7&wgl=1&dt=1622726771861&bpp=1&bdt=2439&idt=1&shv=r20210525&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C802x280&prev_slotnames=5713445902&nras=1&correlator=1373900275768&frm=20&pv=1&ga_vid=488560615.1622726771&ga_sid=1622726771&ga_hid=174882966&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530672&oid=3&psts=AGkb-H_2AnLxeRpWsfjWAFCcbe3dObKpfdEEJ6yu7Ggt779dvN0gn17NNHgKgBCbBIQgTceqtMgpRBi8dEo%2CAGkb-H_qAZfoXq3YIg9gCcWES0LAR4FkrUdrZXLCNRVAZohTdFmBw8Ote0nRsiOcRAWHSEEIs4kOYNH9Qz4%2CAGkb-H91Fu4lQYDJHFtA1sxY5jtPgXJKcfMqRouAeTwQwVgX0mrDiGShDBF-59r1-Dn3vy-ZC1jJROJrlQ&pvsid=1838754561342744&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=4&uci=a!4&fsb=1&dtd=5
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
http://hiddenfolder.flowsoft7.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUlK0M5i_O_EmpUut4ANdHlaNahgQS9ZIhALUmn13B6IG_UU37lVR1jVzU5hf2k; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://hiddenfolder.flowsoft7.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Thu, 03 Jun 2021 13:26:11 GMT
server
cafe
content-length
0
x-xss-protection
0
set-cookie
test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Thu, 03 Jun 2021 13:26:11 GMT
cache-control
private
sodar
pagead2.googlesyndication.com/getconfig/
10 KB
8 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210525&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210525/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1113541014872557&plah=hiddenfolder.flowsoft7.com&amaexp=1
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
513d2b6aba2cf77c9dab1e22c46acd1587b08be3e058bfc8bbd9d1693a988d26
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://hiddenfolder.flowsoft7.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 03 Jun 2021 13:26:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7813
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210525/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1113541014872557&plah=hiddenfolder.flowsoft7.com&amaexp=1
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://hiddenfolder.flowsoft7.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 03 Jun 2021 13:26:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1616005470650935"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6437
x-xss-protection
0
expires
Thu, 03 Jun 2021 13:26:11 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 45A5
12 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/222/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
http://hiddenfolder.flowsoft7.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://hiddenfolder.flowsoft7.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
content-length
5022
date
Thu, 03 Jun 2021 13:15:28 GMT
expires
Fri, 03 Jun 2022 13:15:28 GMT
last-modified
Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
643
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 19E6
783 B
532 B
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
3a2e7a192ac390d8e2bffa36b9b702711cb39b50b0da17c50085c209df4a3ddf
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Uc59TTbGyLAoA0kJU5udjA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/aframe
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
http://hiddenfolder.flowsoft7.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://hiddenfolder.flowsoft7.com/

Response headers

expires
Thu, 03 Jun 2021 13:26:11 GMT
date
Thu, 03 Jun 2021 13:26:11 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-Uc59TTbGyLAoA0kJU5udjA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
513
server
GSE
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
2jYUGrzVrWStLDq2CZ0zOcRL9FYonM4iQ_vCp8HlGuk.js
pagead2.googlesyndication.com/bg/ Frame 45A5
14 KB
6 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/2jYUGrzVrWStLDq2CZ0zOcRL9FYonM4iQ_vCp8HlGuk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
da36141abcd5ad64ad2c3ab6099d3339c44bf456289cce2243fbc2a7c1e51ae9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 02 Jun 2021 18:08:50 GMT
content-encoding
br
x-content-type-options
nosniff
age
69441
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5712
x-xss-protection
0
last-modified
Mon, 17 May 2021 11:28:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 02 Jun 2022 18:08:50 GMT
gen_204
pagead2.googlesyndication.com/pagead/
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210525&jk=1838754561342744&bg=!lZalltLNAAaMan2LjGo7ACkAdvg8WvSUL86nQApP-_BIQkalzNRFDh4MacZnUqJYnm3JwjxKvA00tgIAAABEUgAAAA1oAQcKAUEBGAk8kH8exCrQa3jDgP5m0EikMbq-VDkgjYI4G0bpnLpr4Lihxn81aXQpOftcMKsTN3GMU1KmH5b9e8Tfz_DKzlVEjNXrY7kKSgZEFlXoCvWLHjJ0yPqp3ONVy1PBWARc-OC9cSkNLXpejYQI-G5xCmZWzV9wP6NJY6wYprYeILoCyAPo7iy-39tjv4R2Q447r0oWr6TBGPpxtbg9_KSG0AnUdYzUA-9IT8TzrzV6n9u0Ua2sZQcD2YzGLw9MYLUivXFC742gqO5aEpfsJz-rPnUfkaaEvzdlgoViiV_n4DYjq74niZo9dcun0WKLHfrRklk6CUSeyPKwsQv4X3mRZ-oi3-prb0Pu4DDaISrKn0naD10QbFETExTRR58AlWhDbejtVSCfJmmZNylRT9O-tXqz3hf3taiEEngQs2oJ4XGZAlSPtQph4Y51pR_Wjbjiqd0amRFwkM8d13Oq_5uCOCx3iRSGVo9FLrczLplu7LTbHWwGioJJRXmgmjroSTF2U3pzmWG1M9f1HjDMaxGlObeOaWmrnYa9i-LK2c2lcRHXg92fRrm_cm4k1NkJA71JAncJNZjITVjFVlc38zAUurz3gdfjjrH7T76l34smpV7GAsZEFGulXNQ5d4YRRM_FtO2oU2YVZlf7hs_LX3EpBHiAjj4fbOdBVXqMA7y3RorbfN5SvUMshmB17bM6xBnmL0_KkzEoMV4EcHXSskSBS6Rh0QijhqCXI6bARem-Jc3PNsPQeDzSoIYIiALKP788YksaO9OQVipv3wo4P5FzHq1WlQ-L_fW0S_SyYmVk0YPZ6iffBzGSqQHKBQMPJmIu2NwyQeQYEeHZ-S3G9ZR6WuQy61tcn8KTcLNTmd23koY2MT3X3ya023It_bxJQmixscv4dwsWjx0pyualiUm6trRPrMbbrcfe_EVE7jHbl41ATZmpjS7rPYwjFQgx3jvSDO52KXmGp4LXRxA7HxgMk0-vfUA7Q2z2WnYuZ2C2rs1XscAITwpLUI4n6YfGsVyg3z1eqM1e0OctnDB29osqlcZ7G3tm_ABEqjGvUShboyb77MCbYXcChOXgtKYI_JjjYAqOqKZhPr1xmnxVFCuIi9Chcpj5jzmIWp4eoTT8bVxduQD0G5CNFhnubdjj0a0bNrRShQmHWBjnHNDEBI703mt7u9s3F4Hct-TpsMWGyu1dofk6EdOh5ECNKJuXkKrW8ecAq6axFQ
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://hiddenfolder.flowsoft7.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Jun 2021 13:26:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 0E81
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstj4JwDUsmlrPdeWaPw2jtERIxKrAbboS14ReE29WBjNYxvXH-syf_esdEb9b298jFVFVnhVImA-PCgMnayc_XrpveLqvjQhYzuOvt7Gg7fpGRR-u209wceI1rlCA&sai=AMfl-YQfLpItrgwvEgvivbmILDtBQ5BjolQUTlDAS-fKlLDB76zYeVKoNWZ8cjAZqQKhg4KXbpumJ5A4BkjF&sig=Cg0ArKJSzC-m_h0_Z1YQEAE&id=lidar2&mcvt=1000&p=305,436,395,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210602&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=911114306&rs=2&met=mue&la=0&cr=0&osd=1&vs=4&eosm=0&rst=1622726770662&dlt=833&rpt=65&isd=0&msd=0&r=v
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Jun 2021 13:26:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame DB90
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst2dY9nVVTJejDdj_3_VwsO9cHayTH-Ljdiw8b7zwKbh2qm01SzATwNsxUl-xbyPhSVff8VuPBbvw2uIv4MWPWNUX6t2UMm0XUpb9S07nnsecK4Tc0peh4kUd00eA&sai=AMfl-YTcTHF8TF0xNzFv4vabVfWEaeCJrJLKYSGUg--JYcevEOoDZXTEjO_pbjcvBaY7mpDXbp_Dbo37DJ_n&sig=Cg0ArKJSzKYD4jImXjcGEAE&id=lidar2&mcvt=1001&p=33,438,123,1166&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20210602&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=4204724703&rs=2&met=mue&la=0&cr=0&osd=1&vs=4&eosm=0&rst=1622726770670&dlt=876&rpt=49&isd=0&msd=0&r=v
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Jun 2021 13:26:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

331 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| setCookie function| getCookie function| _getid function| trim function| html_entity_encode function| henc function| shortstring function| cutstringmiddle object| localStorage2 function| setstorage function| getstorage function| number_format function| getWindowWidth function| getWindowHeight function| getScrollLeft function| getScrollTop number| messagetimer function| show_message function| hide_message function| fillnumber function| datetimetostring number| g_logcount function| _log undefined| iserror function| proc_log function| proc_switchlog object| gformats function| getmimetype function| getsize function| getextension function| get_data function| proc_savetohistory function| proc_displayhistory function| proc_historychange function| proc_deletehistory function| proc_clearhistory function| proc_saveopt function| proc_loadopt function| proc_show boolean| gadb function| init object| adsbygoogle object| google_ad_client object| google_ad_slot object| google_ad_width object| google_ad_height object| google_js_reporting_queue number| google_srt object| google_logging_queue object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state boolean| google_onload_fired object| google_sa_queue object| google_sl_win function| google_process_slots number| google_unique_id object| google_ad_block object| google_ad_channel object| google_ad_format object| google_ad_host object| google_ad_host_channel object| google_ad_host_tier_id object| google_ad_layout object| google_ad_layout_key object| google_ad_output object| google_ad_region object| google_ad_section object| google_ad_type object| google_ad_unit_key object| google_ad_dom_fingerprint object| google_ad_semantic_area object| google_placement_id object| google_adtest object| google_allow_expandable_ads object| google_alternate_ad_url object| google_alternate_color object| google_apsail object| google_captcha_token object| google_city object| google_color_bg object| google_color_border object| google_color_line object| google_color_link object| google_color_text object| google_color_url object| google_container_id object| google_content_recommendation_ad_positions object| google_content_recommendation_columns_num object| google_content_recommendation_rows_num object| google_content_recommendation_ui_type object| google_content_recommendation_use_square_imgs object| google_contents object| google_country object| google_cpm object| google_ctr_threshold object| google_cust_age object| google_cust_ch object| google_cust_criteria object| google_cust_gender object| google_cust_id object| google_cust_interests object| google_cust_job object| google_cust_l object| google_cust_lh object| google_cust_u_url object| google_disable_video_autoplay object| google_enable_content_recommendations object| google_enable_ose object| google_encoding object| google_font_face object| google_font_size object| google_frame_id object| google_full_width_responsive_allowed object| efwr object| google_full_width_responsive object| gfwroh object| gfwrow object| gfwroml object| gfwromr object| gfwroz object| gfwrnh object| gfwrnwer object| gfwrnher object| google_gl object| google_hints object| google_image_size object| google_kw object| google_kw_type object| google_language object| google_loeid object| google_max_num_ads object| google_max_radlink_len object| google_max_responsive_height object| google_ml_rank object| google_mtl object| google_native_ad_template object| google_native_settings_key object| google_num_radlinks object| google_num_radlinks_per_unit object| google_override_format object| google_page_url object| google_pgb_reactive object| google_pucrd object| google_referrer_url object| google_region object| google_resizing_allowed object| google_resizing_height object| google_resizing_width object| rpe object| google_responsive_formats object| google_responsive_auto_format object| armr object| google_rl_dest_url object| google_rl_filtering object| google_rl_mode object| google_rt object| google_safe object| google_safe_for_responsive_override object| google_video_play_muted object| google_source_type object| google_tag_for_child_directed_treatment object| google_tag_for_under_age_of_consent object| google_tag_origin object| google_tag_partner object| google_targeting object| google_tfs object| google_video_doc_id object| google_video_product_type object| google_webgl_support object| google_package object| google_debug_params object| dash object| google_restrict_data_processing boolean| google_apltlad object| google_sv_map undefined| g_setting_loaded function| gd_opt_load boolean| _gfp_a_ function| google_spfd number| google_lpabyc boolean| ischrome function| init_load function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| google_sa_impl object| google_persistent_state_async object| __google_ad_urls number| google_global_correlator number| __google_ad_urls_id object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken object| google_prev_clients object| gaGlobal object| google_jobrunner object| ampInaboxIframes object| ampInaboxPendingMessages boolean| google_osd_loaded function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb string| CLIENT_ID string| gd_developerKey object| SCOPES string| gd_mimetype object| gd_export_extension string| gd_state undefined| gd_picker undefined| gd_picker2 boolean| gd_loaded boolean| gd_pickerloaded undefined| gd_lastprogress boolean| gd_issupported undefined| gd_isdownloading number| gd_load_timer undefined| gd_bloburl string| gd_state2 number| gd_loginexp object| gd_callback boolean| ismsie function| gd_btn_login2 function| gd_btn_login function| gd_login_close function| gd_login_manual function| gd_login function| gd_checklogin function| gd_logout function| gd_loadpicker function| gd_createpicker function| gd_pickercallback function| gd_count object| gd_files number| gd_files_count function| gd_loadfiles function| retrieveAllFiles function| getSupported function| getPrefered function| proc_logincheck function| attach_saveall function| attach_deleteall function| attach_saveall2 undefined| g_currentfolderid undefined| g_currentfolders undefined| g_accesstoken object| g_navfolders number| g_jobcount function| _folderlog function| proc_newfolder function| proc_displayfiles1 undefined| g_chklast function| chk_onclick function| proc_goparent function| proc_displayfiles function| tr_onmouseover function| tr_onmouseout undefined| gprogresstimer number| gmaxcount function| proc_complete function| proc_copyall function| proc_checkall function| proc_deleteall function| proc_delete2 function| proc_delete undefined| gbloburl2 boolean| issafari string| ua function| findresptyid function| proc_down function| proc_rename function| proc_loadimg function| attach_delete function| attach_clear object| gexportlist function| attachment_onchange function| gd_loadcheck function| gd_open_picker function| gd_open_state function| gd_clientload undefined| gd_open2 function| gd_open_state2 function| gd_loadscript function| gd_dblclick undefined| gd_userId undefined| gd_email function| gd_weburl function| gd_clickweburl function| gd_info function| gd_getparam function| gd_init function| _getfrmdoc boolean| showopt function| proc_gview function| proc_rssclose object| body object| gapi object| ___jsl object| osapi object| gapix object| gadgets object| iframer object| __gapi_jstiming__ object| shindig function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow object| googleapis object| google object| GoogleGcLKhOms object| google_image_requests

3 Cookies

Domain/Path Name / Value
.doubleclick.net/ Name: DSID
Value: NO_DATA
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.doubleclick.net/ Name: IDE
Value: AHWqTUlK0M5i_O_EmpUut4ANdHlaNahgQS9ZIhALUmn13B6IG_UU37lVR1jVzU5hf2k

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
adservice.google.com
adservice.google.de
apis.google.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
hiddenfolder.flowsoft7.com
iblogbox.github.io
pagead2.googlesyndication.com
partner.googleadservices.com
ssl.gstatic.com
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
www.gstatic.com
142.250.185.130
185.199.111.153
2a00:1450:4001:801::2002
2a00:1450:4001:802::200a
2a00:1450:4001:803::2002
2a00:1450:4001:809::2001
2a00:1450:4001:809::2002
2a00:1450:4001:809::2003
2a00:1450:4001:809::200e
2a00:1450:4001:80e::2002
2a00:1450:4001:811::2002
2a00:1450:4001:812::200e
2a00:1450:4001:813::2001
2a00:1450:4001:827::2004
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::200d
2a00:1450:4001:831::2002
2a00:1450:4001:831::2003
58.121.85.143
0aed40d94486ed73e081efab4b6b3eff34c10324d50aabfd80ffa56cb9e5c3de
11d71fc112df3977b9562151e6c75ce860c42779dddcc79af1d0a07366cd44d3
151795a1fd1f2dbdb3b91f5371f6f781743e929548fa6cf052376664f6b0c8be
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1c5a059eafed17657c9f6b45a33590f4ac5fb63cb2e325d7ec3f745fec293806
1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27
1dad6cb9a0903898a8f82f89c0d10ee6e94f8459228530fa5df3078100c9f650
28a127fc45f24ec48c005b11ebc8087b1b328ecf1099097ba04c0c67a418fa4e
2a5bafe273098299e3f0185d6d4dddac56c7435d859fe7a745e098b6c9a214f7
36e506ab077a64ef69b3846228350eca66f871b9b71a638db0ad30a3e272f06a
3a2e7a192ac390d8e2bffa36b9b702711cb39b50b0da17c50085c209df4a3ddf
49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381
4d7bc2e5c2959435469986ff3eb98d158edf428ed8eeccb0e8ffe31d3336c9ac
5123e4abd542b224ae01e557d94ca404871ceb1753658aca98e12ac2202acafe
513d2b6aba2cf77c9dab1e22c46acd1587b08be3e058bfc8bbd9d1693a988d26
53c1737bf97ae4d686956bf2c7caff015329c9aa554ed0ebfc24893dfbe2fddf
57a32821aa342bff22571bea1158676b4665fc8de5cb468a043be716e40edee6
599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a
5a41de748d1a4eb56759f0baaf6abed3ee21ec181db4c44f07d0b1253864cea8
611c882ff32e96752a621cdbd84d045bd6f0b37ee5dbbb5587531e89153f3b7e
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
684722f2ec67f3a1b4aad3b445dd37b60d048d66701dfff1f5c40b3bad4fae8a
72397b50b0d93c1df9ba08e23ff88caf48a1664d7ec88876ea083e4d96ca4ed8
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
7bef45a2d66e62100d6a4dad1b713dde1def59a7b963618e1d96c56593be00ec
804cd89891dc0c2f6c60b7907739c28d9e8a1840fcb169e79e5859792d3bfc26
85e1be533dbdd83a22910cbee29a4d1f49d3e8d201f5f480517ecfd6bd282965
8daf09a6fc31937457dd77e9c25ce4b21349d605b561a8c5d557841bf964c9a0
8fab9e6b651c9cf63589737f322eebabc8eb2c4025724aa8b78c7b83ad48a177
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ca2dec0c159dc829bd7fa6cb2033f3c45f84def363bdb861fccb00b1db46a4
c2719264aac674caa14b92fa3dabbdd9e88880c7efdd5705d30a364f797fb9bb
c34b7397b94cb8078d8ca61e9140a32eb6b444df410a614e06d4849d8bd3a17b
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
cbd0e12b1246f6280d9cd402284261eb3e81a9b5c6e179ae5d1a20b7731a4fa7
d3172c5eb7bf5fd5337f53dcbb156932f6f4c6e8eb3ec2aaa3f6c2b5ad87c1c3
da36141abcd5ad64ad2c3ab6099d3339c44bf456289cce2243fbc2a7c1e51ae9
db8c2267fa122aa5af73439302ec7bbda209ab40277345e037fe84b5567be759
dd233c705ebb6129045b560c19e9bf225d7463f4c96236e2adbc162d4e53fec1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e65708da39df0bf35d9993b7b555255287d2daf07d7545f5cc8b16289e008894
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f29039337427b1be73332509f735832bc1a19dd4b4c2eb1a745dd3821e350747
f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7