hiddenfolder.flowsoft7.com Open in urlscan Pro
58.121.85.143 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://hiddenfolder.flowsoft7.com/
Submission Tags: falconsandbox
Submission: On April 15 via api (April 15th 2021, 12:59:23 pm UTC) from US

Summary HTTP 77 Redirects Behaviour Indicators

Summary

This website contacted 15 IPs in 3 countries across 10 domains to perform 77 HTTP transactions. The main IP is 58.121.85.143, located in Seocho-gu, Korea, Republic Of and belongs to SKB-AS SK Broadband Co Ltd, KR. The main domain is hiddenfolder.flowsoft7.com.

This is the only time hiddenfolder.flowsoft7.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	58.121.85.143 58.121.85.143	9318 (SKB-AS SK...) (SKB-AS SK Broadband Co Ltd)
12	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
2	185.199.111.153 185.199.111.153	54113 (FASTLY) (FASTLY)
16	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::200d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
3 3	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
77	15

5 58.121.85.143 (Seocho-gu, Korea, Republic Of)

ASN9318 (SKB-AS SK Broadband Co Ltd, KR)

hiddenfolder.flowsoft7.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.199.111.153 (United States)

ASN54113 (FASTLY, US)
PTR: cdn-185-199-111-153.github.com

iblogbox.github.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.212.162 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f162.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	316 KB
14	doubleclick.net googleads.g.doubleclick.net	71 KB
11	google.com 3 redirects adservice.google.com apis.google.com accounts.google.com www.google.com	138 KB
10	gstatic.com ssl.gstatic.com www.gstatic.com fonts.gstatic.com	152 KB
5	flowsoft7.com hiddenfolder.flowsoft7.com	78 KB
4	googletagservices.com www.googletagservices.com	136 KB
2	googleapis.com fonts.googleapis.com	1 KB
2	google.de adservice.google.de	921 B
2	github.io iblogbox.github.io	4 KB
1	googleadservices.com partner.googleadservices.com	643 B
77	10

	Domain	Requested by
17	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
14	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
12	pagead2.googlesyndication.com	hiddenfolder.flowsoft7.com pagead2.googlesyndication.com googleads.g.doubleclick.net www.gstatic.com tpc.googlesyndication.com www.googletagservices.com
5	www.gstatic.com	googleads.g.doubleclick.net
5	hiddenfolder.flowsoft7.com	hiddenfolder.flowsoft7.com
4	fonts.gstatic.com	fonts.googleapis.com
4	apis.google.com	hiddenfolder.flowsoft7.com apis.google.com
4	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
3	www.google.com	3 redirects
2	fonts.googleapis.com	googleads.g.doubleclick.net
2	accounts.google.com	apis.google.com ssl.gstatic.com
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	iblogbox.github.io	hiddenfolder.flowsoft7.com
1	ssl.gstatic.com	accounts.google.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
77	16

This site contains no links.

Subject Issuer	Validity	Valid
*.g.doubleclick.net GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.googleadservices.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.google.de GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.apis.google.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
accounts.google.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh

This page contains 13 frames:

Primary Page: http://hiddenfolder.flowsoft7.com/
Frame ID: 44381A9123DFE600D476E82836BBBA8D
Requests: 24 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210413/r20190131/zrt_lookup.html
Frame ID: DC5426951FC5D2D8DEF296F1DBB24B77
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=911114306&adf=3059968214&pi=t.ma~as.5713445902&w=728&lmt=1618491544&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1618491544705&bpp=27&bdt=1150&idt=88&shv=r20210413&cbv=r20190131&ptt=5&saldr=sa&abxe=1&correlator=8677857370216&frm=20&pv=2&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=305&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=q7AC2tTqyO&p=http%3A//hiddenfolder.flowsoft7.com&dtd=107
Frame ID: 6FF31D0CAB8554172594D9149D3AFB6C
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1618491544&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1618491544750&bpp=6&bdt=1195&idt=69&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=4LgWGmU6Sb&p=http%3A//hiddenfolder.flowsoft7.com&dtd=73
Frame ID: 74AFC8D466624698AB52D862BECB27BA
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=280&slotname=5713445902&adk=3028893077&adf=3469080882&pi=t.ma~as.5713445902&w=802&fwrn=4&fwrnh=100&lmt=1618491544&rafmt=1&psa=0&format=802x280&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1618491544757&bpp=2&bdt=1202&idt=68&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&prev_slotnames=5713445902&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=399&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=URjPaEQRJd&p=http%3A//hiddenfolder.flowsoft7.com&dtd=73
Frame ID: 535B26A1D565B49C84D4999CB7B3ED3E
Requests: 10 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: 5F3F870F9B5EC128D7C581A0633AB386
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: BF32ECB11819B8BA5A253B490B501E60
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 35A7794E0EB6D2F70F19131A9BC2CC2A
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Qx3Q47ufVIXthwLbxHTZsoggz9VdVncx7lDJETLQzH4.js
Frame ID: 7A35E872845C0E1973D93B8A5138D0B7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 344E4FA23F13B72167C2F34F3781A3F9
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&adk=1812271804&adf=3025194257&lmt=1618491546&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&ea=0&flash=0&pra=7&wgl=1&dt=1618491546027&bpp=1&bdt=2472&idt=1&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1884121ca1b735f2-22acb7aa8da70059%3AT%3D1618491544%3ART%3D1618491544%3AS%3DALNI_MaQqE9HVgBYfKBWsm78Rmu7cwMU4g&prev_fmts=728x90%2C802x280&prev_slotnames=5713445902&nras=1&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&psts=AGkb-H8vS54nSjFPne0p2S9pDH2efeD5zfD9B9qUCTw0MJyzA0aW09wwq--th6Yg7EzFQrcrkr9TtMDhoumQWA%2CAGkb-H9aiyXcLcUei4jtiO6MJXVOcnGb7UVMmg8YATUIDvIIrC_kqJyxRfi7Lq2HMSZHRxc_Aj5XC1Bq5Oo%2CAGkb-H9EZf32l8SGHYv2Als5dRUCwBzTgbTt6KEpwR0JAfdErVWuGI7A-0zxC9-tKC9d8u-98rM4hTtE8lWF&pvsid=1118558057209134&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=23&ifi=4&uci=a!4&fsb=1&dtd=9
Frame ID: FB3E29B980BDF5EC624D8341EEBB2BB1
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Qx3Q47ufVIXthwLbxHTZsoggz9VdVncx7lDJETLQzH4.js
Frame ID: 2AC5CC0B4D43138A406C8BECECC90ED9
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: DD1DA94A9B4E186BCE0507A56431343E
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /php\/?([\d.]+)?/i

UNIX (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Unix/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

77
Requests

88 %
HTTPS

80 %
IPv6

10
Domains

16
Subdomains

15
IPs

3
Countries

898 kB
Transfer

2204 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 35

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 53

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 67

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

77 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
hiddenfolder.flowsoft7.com/ 58 KB
59 KB 599ms
570ms Document
text/html 58.121.85.143
SKB-AS SK Broadba...

General

Check archive.org

Show headers Download Go to

Full URL: http://hiddenfolder.flowsoft7.com/
Protocol: HTTP/1.1
Server: 58.121.85.143 Seocho-gu, Korea, Republic Of, ASN9318 (SKB-AS SK Broadband Co Ltd, KR),
Reverse DNS
Software: Apache/1.3.37 (Unix) PHP/4.4.1 / PHP/4.4.1
Resource Hash: db8c2267fa122aa5af73439302ec7bbda209ab40277345e037fe84b5567be759

Request headers

Host: hiddenfolder.flowsoft7.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 15:44:33 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.1
X-Powered-By: PHP/4.4.1
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html

GET
H/1.1 200
OK common.js Show response
hiddenfolder.flowsoft7.com/js/ 14 KB
14 KB 598ms
564ms Script
application/x-javascript 58.121.85.143
SKB-AS SK Broadba...

General

Check archive.org

Show headers Download Go to

Full URL: http://hiddenfolder.flowsoft7.com/js/common.js
Requested by: Host: hiddenfolder.flowsoft7.com
URL: http://hiddenfolder.flowsoft7.com/
Protocol: HTTP/1.1
Server: 58.121.85.143 Seocho-gu, Korea, Republic Of, ASN9318 (SKB-AS SK Broadband Co Ltd, KR),
Reverse DNS
Software: Apache/1.3.37 (Unix) PHP/4.4.1 /
Resource Hash: 8fab9e6b651c9cf63589737f322eebabc8eb2c4025724aa8b78c7b83ad48a177

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: hiddenfolder.flowsoft7.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://hiddenfolder.flowsoft7.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://hiddenfolder.flowsoft7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 15:44:34 GMT
Last-Modified: Thu, 26 Jan 2017 03:00:01 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.1
ETag: "3868ca-38de-58896631"
Content-Type: application/x-javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 14558

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 134 KB
48 KB 43ms
22ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: hiddenfolder.flowsoft7.com
URL: http://hiddenfolder.flowsoft7.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca5c5368c6273b25608c7ba90b914072355b10df231585a4b2cd1e6408760f92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hiddenfolder.flowsoft7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 12:59:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48579
x-xss-protection: 0
server: cafe
etag: 39710060509122384
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 15 Apr 2021 12:59:03 GMT

GET
H/1.1 200
OK logo65.png
hiddenfolder.flowsoft7.com/img/ 3 KB
3 KB 583ms
554ms Image
image/png 58.121.85.143
SKB-AS SK Broadba...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hiddenfolder.flowsoft7.com/img/logo65.png
Requested by: Host: hiddenfolder.flowsoft7.com
URL: http://hiddenfolder.flowsoft7.com/
Protocol: HTTP/1.1
Server: 58.121.85.143 Seocho-gu, Korea, Republic Of, ASN9318 (SKB-AS SK Broadband Co Ltd, KR),
Reverse DNS
Software: Apache/1.3.37 (Unix) PHP/4.4.1 /
Resource Hash: 804cd89891dc0c2f6c60b7907739c28d9e8a1840fcb169e79e5859792d3bfc26

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: hiddenfolder.flowsoft7.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hiddenfolder.flowsoft7.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://hiddenfolder.flowsoft7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 15:44:34 GMT
X-Pad: avoid browser bug
Last-Modified: Sun, 13 Dec 2015 07:43:39 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.1
ETag: "3868c7-c10-566d21ab"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 3088

GET
H/1.1 200
OK show_ads.js Show response
pagead2.googlesyndication.com/pagead/ 91 KB
33 KB 28ms
23ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: hiddenfolder.flowsoft7.com
URL: http://hiddenfolder.flowsoft7.com/

Protocol

HTTP/1.1

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1da3331639b70bdb21d6c467fad10490f2a5d457b70c29e3c9f1b6f3ea8d9d88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hiddenfolder.flowsoft7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Timing-Allow-Origin: *
Date: Thu, 15 Apr 2021 12:59:04 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
ETag: 9902630890860777744
Vary: Accept-Encoding
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Content-Type: text/javascript; charset=UTF-8
Content-Length: 32881
X-XSS-Protection: 0
Expires: Thu, 15 Apr 2021 12:59:04 GMT

GET
H/1.1 200
OK product16.png
iblogbox.github.io/js/gdrive/ 2 KB
2 KB 99ms
70ms Image
image/png 185.199.111.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://iblogbox.github.io/js/gdrive/product16.png
Requested by: Host: hiddenfolder.flowsoft7.com
URL: http://hiddenfolder.flowsoft7.com/
Protocol: HTTP/1.1
Server: 185.199.111.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS: cdn-185-199-111-153.github.com
Software: GitHub.com /
Resource Hash: 0aed40d94486ed73e081efab4b6b3eff34c10324d50aabfd80ffa56cb9e5c3de

Request headers

Referer: http://hiddenfolder.flowsoft7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-Fastly-Request-ID: 0a75144809e5114af9e1f836102d3984875e5bc5
Date: Thu, 15 Apr 2021 12:59:04 GMT
Via: 1.1 varnish
Age: 188
X-Cache: HIT
Connection: keep-alive
Content-Length: 1551
X-Served-By: cache-hhn4046-HHN
Last-Modified: Sun, 04 Apr 2021 08:12:43 GMT
Server: GitHub.com
X-GitHub-Request-Id: 52E8:E80D:69AA71:6FB3C2:6069752F
X-Timer: S1618491545.518110,VS0,VE1
ETag: "606974fb-60f"
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: *
expires: Sun, 04 Apr 2021 08:23:20 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
x-origin-cache: HIT
x-proxy-cache: HIT
X-Cache-Hits: 1

GET
H/1.1 200
OK commit.png
hiddenfolder.flowsoft7.com/images/ 653 B
937 B 615ms
586ms Image
image/png 58.121.85.143
SKB-AS SK Broadba...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hiddenfolder.flowsoft7.com/images/commit.png
Requested by: Host: hiddenfolder.flowsoft7.com
URL: http://hiddenfolder.flowsoft7.com/
Protocol: HTTP/1.1
Server: 58.121.85.143 Seocho-gu, Korea, Republic Of, ASN9318 (SKB-AS SK Broadband Co Ltd, KR),
Reverse DNS
Software: Apache/1.3.37 (Unix) PHP/4.4.1 /
Resource Hash: c34b7397b94cb8078d8ca61e9140a32eb6b444df410a614e06d4849d8bd3a17b

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: hiddenfolder.flowsoft7.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hiddenfolder.flowsoft7.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://hiddenfolder.flowsoft7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 15:44:35 GMT
X-Pad: avoid browser bug
Last-Modified: Sun, 13 Dec 2015 07:43:39 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.1
ETag: "3868ae-28d-566d21ab"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 653

GET
H/1.1 200
OK close.png
hiddenfolder.flowsoft7.com/images/ 691 B
975 B 585ms
556ms Image
image/png 58.121.85.143
SKB-AS SK Broadba...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://hiddenfolder.flowsoft7.com/images/close.png
Requested by: Host: hiddenfolder.flowsoft7.com
URL: http://hiddenfolder.flowsoft7.com/
Protocol: HTTP/1.1
Server: 58.121.85.143 Seocho-gu, Korea, Republic Of, ASN9318 (SKB-AS SK Broadband Co Ltd, KR),
Reverse DNS
Software: Apache/1.3.37 (Unix) PHP/4.4.1 /
Resource Hash: 72397b50b0d93c1df9ba08e23ff88caf48a1664d7ec88876ea083e4d96ca4ed8

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: hiddenfolder.flowsoft7.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://hiddenfolder.flowsoft7.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://hiddenfolder.flowsoft7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 15:44:35 GMT
X-Pad: avoid browser bug
Last-Modified: Sun, 13 Dec 2015 07:43:39 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.1
ETag: "3868ac-2b3-566d21ab"
Content-Type: image/png
Connection: close
Accept-Ranges: bytes
Content-Length: 691

GET
H/1.1 200
OK adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 134 KB
48 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: hiddenfolder.flowsoft7.com
URL: http://hiddenfolder.flowsoft7.com/

Protocol

HTTP/1.1

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca5c5368c6273b25608c7ba90b914072355b10df231585a4b2cd1e6408760f92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hiddenfolder.flowsoft7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Timing-Allow-Origin: *
Date: Thu, 15 Apr 2021 12:59:04 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
ETag: 39710060509122384
Vary: Accept-Encoding, Origin
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Content-Type: text/javascript; charset=UTF-8
Content-Length: 48579
X-XSS-Protection: 0
Expires: Thu, 15 Apr 2021 12:59:04 GMT

GET
H/1.1 200
OK product20.png
iblogbox.github.io/js/gdrive/ 2 KB
2 KB 49ms
49ms Image
image/png 185.199.111.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://iblogbox.github.io/js/gdrive/product20.png
Requested by: Host: hiddenfolder.flowsoft7.com
URL: http://hiddenfolder.flowsoft7.com/
Protocol: HTTP/1.1
Server: 185.199.111.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS: cdn-185-199-111-153.github.com
Software: GitHub.com /
Resource Hash: 2a5bafe273098299e3f0185d6d4dddac56c7435d859fe7a745e098b6c9a214f7

Request headers

Referer: http://hiddenfolder.flowsoft7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-Fastly-Request-ID: 9e8e04b284986af7f39fb105a3526fb7c14d80cb
Date: Thu, 15 Apr 2021 12:59:04 GMT
Via: 1.1 varnish
Age: 167
X-Cache: HIT
Connection: keep-alive
Content-Length: 1736
X-Served-By: cache-hhn4046-HHN
Last-Modified: Sun, 04 Apr 2021 08:12:43 GMT
Server: GitHub.com
X-GitHub-Request-Id: 5B2C:C0C7:68B583:6EBBD7:6069752F
X-Timer: S1618491545.729587,VS0,VE1
ETag: "606974fb-6c8"
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: *
expires: Sun, 04 Apr 2021 08:23:21 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
x-origin-cache: HIT
x-proxy-cache: HIT
X-Cache-Hits: 1

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210413/r20190131/ 222 KB
83 KB 42ms
29ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210413/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1113541014872557&plah=hiddenfolder.flowsoft7.com&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

99fcd335db15dc4bc00ae60c1c2e70a332743edf8b7e36d39efb1f9a22fb65ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hiddenfolder.flowsoft7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 12:59:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84687
x-xss-protection: 0
server: cafe
etag: 14512549901555226033
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 15 Apr 2021 12:59:04 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210413/r20190131/ Frame DC54 10 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210413/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210413/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://hiddenfolder.flowsoft7.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://hiddenfolder.flowsoft7.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 14 Apr 2021 14:46:01 GMT
expires: Wed, 28 Apr 2021 14:46:01 GMT
content-type: text/html; charset=UTF-8
etag: 10446291943670460780
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4644
x-xss-protection: 0
age: 79983
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 203 B
643 B 165ms
58ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=hiddenfolder.flowsoft7.com&callback=_gfp_s_&client=ca-pub-1113541014872557

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210413/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1113541014872557&plah=hiddenfolder.flowsoft7.com&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

a1f5b7ff2a7f7e6373ec9c773825d9a940cad301694d7aa7e446086804c39df7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hiddenfolder.flowsoft7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 12:59:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 194
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
799 B 36ms
15ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=hiddenfolder.flowsoft7.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hiddenfolder.flowsoft7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 15 Apr 2021 12:59:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 36ms
15ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=hiddenfolder.flowsoft7.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hiddenfolder.flowsoft7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 15 Apr 2021 12:59:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6FF3 63 KB
17 KB 785ms
770ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=911114306&adf=3059968214&pi=t.ma~as.5713445902&w=728&lmt=1618491544&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1618491544705&bpp=27&bdt=1150&idt=88&shv=r20210413&cbv=r20190131&ptt=5&saldr=sa&abxe=1&correlator=8677857370216&frm=20&pv=2&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=305&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=q7AC2tTqyO&p=http%3A//hiddenfolder.flowsoft7.com&dtd=107

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dabc9a3a0f6ee17d5acd1827dc4b9c9291a68bc664162abe11a6576169de0215

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=911114306&adf=3059968214&pi=t.ma~as.5713445902&w=728&lmt=1618491544&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1618491544705&bpp=27&bdt=1150&idt=88&shv=r20210413&cbv=r20190131&ptt=5&saldr=sa&abxe=1&correlator=8677857370216&frm=20&pv=2&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=305&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=q7AC2tTqyO&p=http%3A//hiddenfolder.flowsoft7.com&dtd=107
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://hiddenfolder.flowsoft7.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://hiddenfolder.flowsoft7.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 15 Apr 2021 12:59:05 GMT
server: cafe
content-length: 17167
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 15-Apr-2021 13:14:04 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 15 Apr 2021 12:59:05 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 35ms
15ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74e1cf077493c33fe895c7ce5732cda76b195e2d357d928f094bc3367cc7a75f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hiddenfolder.flowsoft7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 12:59:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1618423639646658"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28266
x-xss-protection: 0
expires: Thu, 15 Apr 2021 12:59:04 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 74AF 76 KB
24 KB 997ms
993ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1618491544&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1618491544750&bpp=6&bdt=1195&idt=69&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=4LgWGmU6Sb&p=http%3A//hiddenfolder.flowsoft7.com&dtd=73

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e4e663dc3198327a5805dbb0c6ab42f84378bed7566265936086f5a06c28a724

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1618491544&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1618491544750&bpp=6&bdt=1195&idt=69&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=4LgWGmU6Sb&p=http%3A//hiddenfolder.flowsoft7.com&dtd=73
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://hiddenfolder.flowsoft7.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://hiddenfolder.flowsoft7.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 15 Apr 2021 12:59:05 GMT
server: cafe
content-length: 24100
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 15-Apr-2021 13:14:04 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 15 Apr 2021 12:59:05 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 535B 79 KB
25 KB 634ms
633ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=280&slotname=5713445902&adk=3028893077&adf=3469080882&pi=t.ma~as.5713445902&w=802&fwrn=4&fwrnh=100&lmt=1618491544&rafmt=1&psa=0&format=802x280&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1618491544757&bpp=2&bdt=1202&idt=68&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&prev_slotnames=5713445902&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=399&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=URjPaEQRJd&p=http%3A//hiddenfolder.flowsoft7.com&dtd=73

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9149ff5c835e2b33337e91bf4372af05d4fec27aa1f5834f17898884687d7c80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1113541014872557&output=html&h=280&slotname=5713445902&adk=3028893077&adf=3469080882&pi=t.ma~as.5713445902&w=802&fwrn=4&fwrnh=100&lmt=1618491544&rafmt=1&psa=0&format=802x280&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1618491544757&bpp=2&bdt=1202&idt=68&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&prev_slotnames=5713445902&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=399&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=URjPaEQRJd&p=http%3A//hiddenfolder.flowsoft7.com&dtd=73
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://hiddenfolder.flowsoft7.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://hiddenfolder.flowsoft7.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 15 Apr 2021 12:59:05 GMT
server: cafe
content-length: 25809
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 15-Apr-2021 13:14:04 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 15 Apr 2021 12:59:05 GMT
cache-control: private

GET
H2 200 client.js Show response
apis.google.com/js/ 12 KB
5 KB 44ms
24ms Script
application/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/client.js?onload=gd_clientload

Requested by

Host: hiddenfolder.flowsoft7.com
URL: http://hiddenfolder.flowsoft7.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

762977521ae325a21feba8ca2179167a51d2b167e41934d3641559567fdf99e8

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-m4x1c2Izo3b112aQvNQKAQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://hiddenfolder.flowsoft7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 12:59:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
x-frame-options: SAMEORIGIN
etag: "3da025c3307e9721994461758a23d80a"
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-m4x1c2Izo3b112aQvNQKAQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Thu, 15 Apr 2021 12:59:04 GMT

GET
H2 200 api.js Show response
apis.google.com/js/ 12 KB
6 KB 43ms
24ms Script
application/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/api.js?onload=gd_loadpicker

Requested by

Host: hiddenfolder.flowsoft7.com
URL: http://hiddenfolder.flowsoft7.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3a2a840445c182547bd0cbdc7d96dfb95907e7c08b932de3f9a93ce423bc32a0

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Pt9mEt31XQSyIafLRhLtPQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://hiddenfolder.flowsoft7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 12:59:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
x-frame-options: SAMEORIGIN
etag: "a5d12b94bee548f0687e16f98bb72361"
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-Pt9mEt31XQSyIafLRhLtPQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Thu, 15 Apr 2021 12:59:04 GMT

GET
H3-29 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.MWM3Xj_RD9s.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOUmnuCcTtedasW7L1tq37fs4eoIg/ 303 KB
104 KB 24ms
9ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.MWM3Xj_RD9s.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOUmnuCcTtedasW7L1tq37fs4eoIg/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/client.js?onload=gd_clientload

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1dfc56c75b1a9c8b7aad325b056581c994fc0761ae8f149bb9fbb7b4e3a98238

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hiddenfolder.flowsoft7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Apr 2021 14:38:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 30 Mar 2021 15:29:21 GMT
server: sffe
age: 598833
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 106455
x-xss-protection: 0
expires: Fri, 08 Apr 2022 14:38:31 GMT

GET
H3-29 200 cb=gapi.loaded_1 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.MWM3Xj_RD9s.O/m=picker/exm=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOUmnuCcTtedasW7L1tq37fs4eoIg/ 68 KB
21 KB 18ms
7ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.MWM3Xj_RD9s.O/m=picker/exm=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOUmnuCcTtedasW7L1tq37fs4eoIg/cb=gapi.loaded_1

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/api.js?onload=gd_loadpicker

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf04e005a3eb6c896cddac733379ae24c73f09ce356844716aa603b147afcaf5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hiddenfolder.flowsoft7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 23:40:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Apr 2021 18:53:53 GMT
server: sffe
age: 47944
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21895
x-xss-protection: 0
expires: Thu, 14 Apr 2022 23:40:00 GMT

GET
H2 200 iframe Show response
accounts.google.com/o/oauth2/ Frame 5F3F 513 B
845 B 38ms
17ms Document
text/html 2a00:1450:4001:808::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/iframe

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.MWM3Xj_RD9s.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOUmnuCcTtedasW7L1tq37fs4eoIg/cb=gapi.loaded_0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f6c56408d033641926cfb4f0d31fa91c7832fcf787e459590e1fc203c6d9eac2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-q5CZuDm/zQEvLLjJkFYMTA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: accounts.google.com
:scheme: https
:path: /o/oauth2/iframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://hiddenfolder.flowsoft7.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=213=s9P1SYYLYF1EJFd5HwoXpIhFekllKlNE-X_h9FR4Nr1F2ltBpLvT_wga5FUXUuDM_xgeXkBWLgxnYMDFTgBjaJUYjacQQAoxpHc5nP4BgyOpIS3Al_tkFA45FswSyC6zmw7NOrs8JDqBw3Ml2dFwtWJht9n3bKTMXByKZKG2cKA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://hiddenfolder.flowsoft7.com/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 15 Apr 2021 12:59:05 GMT
content-language: en-US
content-security-policy: script-src 'report-sample' 'nonce-q5CZuDm/zQEvLLjJkFYMTA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 4071097310-idpiframe.js Show response
ssl.gstatic.com/accounts/o/ Frame 5F3F 112 KB
39 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.gstatic.com/accounts/o/4071097310-idpiframe.js

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/iframe

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a1943a600956d093b6bdbd157ffea2a0a738342a1a7a454a31364c3aa41325fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Apr 2021 11:24:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 20:31:08 GMT
server: sffe
age: 264848
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39191
x-xss-protection: 0
expires: Tue, 12 Apr 2022 11:24:57 GMT

GET
H3-29 200 iframerpc Show response
accounts.google.com/o/oauth2/ Frame 5F3F 14 B
58 B 34ms
19ms XHR
application/json 2a00:1450:4001:808::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=http%3A%2F%2Fhiddenfolder.flowsoft7.com&client_id=253648402749-njch9t3fvn1ja103doe0msrnonepldqe.apps.googleusercontent.com

Requested by

Host: ssl.gstatic.com
URL: https://ssl.gstatic.com/accounts/o/4071097310-idpiframe.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8daf09a6fc31937457dd77e9c25ce4b21349d605b561a8c5d557841bf964c9a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/o/oauth2/iframe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
X-Requested-With: XmlHttpRequest

Response headers

date: Thu, 15 Apr 2021 12:59:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
content-type: application/json; charset=utf-8
cache-control: public, max-age=3600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Thu, 15 Apr 2021 13:59:05 GMT

GET
H2 200 9217700862403725573
tpc.googlesyndication.com/simgad/ Frame 535B 12 KB
12 KB 33ms
13ms Image
image/png 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9217700862403725573?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4ql1GB42_igi0JpwcgxMWxkMbWFSQw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=280&slotname=5713445902&adk=3028893077&adf=3469080882&pi=t.ma~as.5713445902&w=802&fwrn=4&fwrnh=100&lmt=1618491544&rafmt=1&psa=0&format=802x280&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1618491544757&bpp=2&bdt=1202&idt=68&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&prev_slotnames=5713445902&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=399&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=URjPaEQRJd&p=http%3A//hiddenfolder.flowsoft7.com&dtd=73

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

64a09d35829fc5f94e946ea2ddb2a1bb956ec602024eba5f0f1ec710505ad4a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 11 Apr 2021 02:04:45 GMT
x-content-type-options: nosniff
last-modified: Thu, 15 Oct 2020 08:14:01 GMT
server: sffe
age: 384860
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12032
x-xss-protection: 0
expires: Mon, 11 Apr 2022 02:04:45 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210413/r20110914/ Frame 535B 17 KB
7 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210413/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a3f7218703989b2b5daf92319273724ea24f6948631c1376a936ba12bda72e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 12:58:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7114
x-xss-protection: 0
server: cafe
etag: 17366458733339412862
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Apr 2021 12:58:26 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/ Frame 535B 2 KB
1 KB 29ms
11ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 12:58:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Apr 2021 12:58:20 GMT

GET
H2 200 transparent.png
tpc.googlesyndication.com/pagead/images/ Frame 535B 67 B
196 B 30ms
12ms Image
image/png 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/transparent.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 14 Apr 2021 22:41:50 GMT
x-content-type-options: nosniff
server: cafe
age: 51435
etag: 2462972746714251406
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67
x-xss-protection: 0
expires: Thu, 15 Apr 2021 22:41:50 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 535B 118 KB
36 KB 28ms
14ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce2216da03d856edb71b34855ce2c67476f6053791b3e85da74477d9a37360a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 12:59:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1618423651533291"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36717
x-xss-protection: 0
expires: Thu, 15 Apr 2021 12:59:05 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/ Frame 535B 13 KB
6 KB 25ms
7ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

231064110361844d6320331a5c35979c2a492a546604d97181eb6cf7aa4ae1cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 12:58:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5602
x-xss-protection: 0
server: cafe
etag: 7525161794280374107
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Apr 2021 12:58:57 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 535B 0
0 46ms
46ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C2llFmDh4YKfRM5aV3wOJh4zoCYuk9qhiq8T7_a4NkIOFngsQASD3pbwNYJUCoAGXyo2aAsgBAqkCzBAyW8EatD6oAwHIA8kEqgTQAU_QzqT40E_fUq5xWdR0DwU95G1WTlT1KXUuZpZcFVeR0dxU0Px-vHj12Fi59LcWkn--2XCKcgy2ibsChxLvxoo-hoQGUrzo3mvIvAZiEfGcsDXI41ZwPywT7qOdIh3PYRwx7LBq8rNK6s0U5qoZPIV3QKC0CFzThhjk7O062zmhFQnClLZr5GjZOtVu3GdYOtDPutTet3hGsd-LQhbRHmv4I83KyOu22f8ZFhloMQaKULLkdvZdk8TsAYgnKORn_BPQzoZrOqQzLK5ecLDvbubABJOittqmA5IFBAgEGAGSBQQIBRgEoAYCgAfRtfLlAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBRCj57oD0ggJCIDhgHAQARgfgAoByAsB2BMM0BUBgBcBshcaChgIABIUcHViLTExMTM1NDEwMTQ4NzI1NTc&sigh=7maBqIFKBLc

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=280&slotname=5713445902&adk=3028893077&adf=3469080882&pi=t.ma~as.5713445902&w=802&fwrn=4&fwrnh=100&lmt=1618491544&rafmt=1&psa=0&format=802x280&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1618491544757&bpp=2&bdt=1202&idt=68&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&prev_slotnames=5713445902&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=399&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=URjPaEQRJd&p=http%3A//hiddenfolder.flowsoft7.com&dtd=73
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 15 Apr 2021 12:59:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 15 Apr 2021 12:59:05 GMT

GET
H2 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/ Frame 535B 25 KB
10 KB 27ms
12ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

95f66b0fd918f7a6d36f22a9ac49210439d74085bf0fedd1dec6061918f20c1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 10:53:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7557
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10490
x-xss-protection: 0
server: cafe
etag: 4192951226220979311
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Apr 2021 10:53:08 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame BF32 143 B
163 B 8ms
6ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=280&slotname=5713445902&adk=3028893077&adf=3469080882&pi=t.ma~as.5713445902&w=802&fwrn=4&fwrnh=100&lmt=1618491544&rafmt=1&psa=0&format=802x280&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1618491544757&bpp=2&bdt=1202&idt=68&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&prev_slotnames=5713445902&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=399&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=URjPaEQRJd&p=http%3A//hiddenfolder.flowsoft7.com&dtd=73
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=280&slotname=5713445902&adk=3028893077&adf=3469080882&pi=t.ma~as.5713445902&w=802&fwrn=4&fwrnh=100&lmt=1618491544&rafmt=1&psa=0&format=802x280&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1618491544757&bpp=2&bdt=1202&idt=68&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&prev_slotnames=5713445902&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=399&ady=1236&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=URjPaEQRJd&p=http%3A//hiddenfolder.flowsoft7.com&dtd=73

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 15 Apr 2021 12:23:25 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2140
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 535B 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 81a79bcfe84377ec7a4ce830647a93d02a2a4284dae4b24456039c24f4a151f7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame BF32
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

42ms
42ms

Document
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm9LVR6kDkdSZyQOMwJMQbi0uoLhYvD-0hByUGtXS_HMh1z0lBGe-3SVAwyEhM; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 15 Apr 2021 12:59:05 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Thu, 15-Apr-2021 13:59:05 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 15 Apr 2021 12:59:05 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 15 Apr 2021 12:59:05 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 31b4ea2bd2a51d39610fc8aa214e4119.js Show response
www.gstatic.com/mysidia/ Frame 6FF3 6 KB
3 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/31b4ea2bd2a51d39610fc8aa214e4119.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=911114306&adf=3059968214&pi=t.ma~as.5713445902&w=728&lmt=1618491544&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1618491544705&bpp=27&bdt=1150&idt=88&shv=r20210413&cbv=r20190131&ptt=5&saldr=sa&abxe=1&correlator=8677857370216&frm=20&pv=2&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=305&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=q7AC2tTqyO&p=http%3A//hiddenfolder.flowsoft7.com&dtd=107

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1152be785978aa809034ab61de86ce4d03c5a301c95e96995e336d2462832a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 02:11:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 01:23:38 GMT
server: sffe
age: 557247
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2779
x-xss-protection: 0
expires: Thu, 08 Jul 2021 02:11:38 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 6FF3 3 KB
674 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 15 Apr 2021 11:12:30 GMT
server: ESF
date: Thu, 15 Apr 2021 12:59:05 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 15 Apr 2021 12:59:05 GMT

GET
H2 200 e91d763233dfa13a1924fbe91cfd4845.js Show response
www.gstatic.com/mysidia/ Frame 6FF3 8 KB
4 KB 24ms
7ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e91d763233dfa13a1924fbe91cfd4845.js?tag=pingback

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bedddb3e8da114412602440e01aa8122a149527f3f30859c276f5efa31ecb7e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 06:51:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Apr 2021 02:07:20 GMT
server: sffe
age: 22045
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3798
x-xss-protection: 0
expires: Wed, 14 Jul 2021 06:51:40 GMT

GET
H3-29 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/ Frame 6FF3 1 KB
909 B 6ms
6ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 12:56:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 137
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Apr 2021 12:56:48 GMT

GET
H2 200 0107d4d65a69ef1d3370745262ab87c7.js Show response
www.gstatic.com/mysidia/ Frame 6FF3 3 KB
1 KB 25ms
7ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/0107d4d65a69ef1d3370745262ab87c7.js?tag=analytics_pingback_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aeef6f2fa6044cadada5782a968531ac7b2a0207e741d67671e441b1fc5a656d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 09:11:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 01:23:38 GMT
server: sffe
age: 13662
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1307
x-xss-protection: 0
expires: Wed, 14 Jul 2021 09:11:23 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210413/r20110914/ Frame 6FF3 17 KB
7 KB 23ms
8ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210413/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a3f7218703989b2b5daf92319273724ea24f6948631c1376a936ba12bda72e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 12:58:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7114
x-xss-protection: 0
server: cafe
etag: 17366458733339412862
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Apr 2021 12:58:26 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/ Frame 6FF3 2 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 12:58:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Apr 2021 12:58:20 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6FF3 118 KB
36 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce2216da03d856edb71b34855ce2c67476f6053791b3e85da74477d9a37360a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 12:59:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1618423651533291"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36717
x-xss-protection: 0
expires: Thu, 15 Apr 2021 12:59:05 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/ Frame 6FF3 13 KB
5 KB 22ms
7ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

231064110361844d6320331a5c35979c2a492a546604d97181eb6cf7aa4ae1cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 12:59:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5602
x-xss-protection: 0
server: cafe
etag: 7525161794280374107
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Apr 2021 12:59:04 GMT

GET
H3-29 200 a0b5068ca1fc7f6ff765c7833258ec42.js Show response
www.gstatic.com/mysidia/ Frame 6FF3 25 KB
10 KB 20ms
6ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a0b5068ca1fc7f6ff765c7833258ec42.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

789a93f4315357995e96053e32ee793d6b12f592fad617bb04f795c750f0c3bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 09:54:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Apr 2021 02:07:20 GMT
server: sffe
age: 97504
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10491
x-xss-protection: 0
expires: Tue, 13 Jul 2021 09:54:01 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/2233912367713030725/ Frame 6FF3 3 KB
3 KB 7ms
7ms Image
image/png 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2233912367713030725/downsize_200k_v1?w=100&h=100

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48a1cd6d68391c16811490bd78f720de99ce0e67e50b37eb41a38c30bcb9147e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 02:07:43 GMT
x-content-type-options: nosniff
age: 39082
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3008
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 21:22:04 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Apr 2022 02:07:43 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 6FF3 0
0 45ms
45ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cavf-mDh4YKG9M4GIrATk7IWwD9u9-YJht4D6pPgMqODwwK8gEAEg96W8DWCVAqAB_9uKyAPIAQGoAwGqBMIBT9CaZEUlOVvxPJsVQGI6SB2BQR_TVUifmSSK1ifINfCLuFK6OxcD_OvgZyQCuVtXbqGb_uw4NSl61CK_nYACjfpEA4z794mfmQvWSI1TuakgwmxHm9gTjV-jYgYXDL5qkKVsj4BK-1llxQGduP24ssTI55RtldPoCadBT1I6hTMQYC3PMUoYbzbdtnPQx4uljOg6fdq88OuNdZSKf1SviIOT6kTbMlGzYRIqOvV9ve5mtIY_9R0IAYO0cwqrifVeMcfABLvJgvjCA5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBgAfw7qyiAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBRCDis8L0ggJCIDhgHAQARgfgAoByAsB2BMMiBQB0BUBgBcBshcaChgIABIUcHViLTExMTM1NDEwMTQ4NzI1NTc&sigh=rUNMVq8lmb8&template_id=5001

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=911114306&adf=3059968214&pi=t.ma~as.5713445902&w=728&lmt=1618491544&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1618491544705&bpp=27&bdt=1150&idt=88&shv=r20210413&cbv=r20190131&ptt=5&saldr=sa&abxe=1&correlator=8677857370216&frm=20&pv=2&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=305&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=q7AC2tTqyO&p=http%3A//hiddenfolder.flowsoft7.com&dtd=107
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 15 Apr 2021 12:59:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 35A7 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=911114306&adf=3059968214&pi=t.ma~as.5713445902&w=728&lmt=1618491544&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1618491544705&bpp=27&bdt=1150&idt=88&shv=r20210413&cbv=r20190131&ptt=5&saldr=sa&abxe=1&correlator=8677857370216&frm=20&pv=2&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=305&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=q7AC2tTqyO&p=http%3A//hiddenfolder.flowsoft7.com&dtd=107
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm9LVR6kDkdSZyQOMwJMQbi0uoLhYvD-0hByUGtXS_HMh1z0lBGe-3SVAwyEhM; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=911114306&adf=3059968214&pi=t.ma~as.5713445902&w=728&lmt=1618491544&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1618491544705&bpp=27&bdt=1150&idt=88&shv=r20210413&cbv=r20190131&ptt=5&saldr=sa&abxe=1&correlator=8677857370216&frm=20&pv=2&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=305&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7Ce%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=q7AC2tTqyO&p=http%3A//hiddenfolder.flowsoft7.com&dtd=107

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 15 Apr 2021 12:23:25 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2140
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 6FF3 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7916520ede1d66c6b854ce857a1f4e41c42d1fde9ec63b5890daa63564310304

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 6FF3 21 KB
21 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 11 Apr 2021 10:03:38 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:21 GMT
server: sffe
age: 356127
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21716
x-xss-protection: 0
expires: Mon, 11 Apr 2022 10:03:38 GMT

GET
H2 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 6FF3 21 KB
21 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 02:03:02 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 39363
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Fri, 15 Apr 2022 02:03:02 GMT

GET
H3-29 200 Qx3Q47ufVIXthwLbxHTZsoggz9VdVncx7lDJETLQzH4.js Show response
pagead2.googlesyndication.com/bg/ Frame 7A35 14 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Qx3Q47ufVIXthwLbxHTZsoggz9VdVncx7lDJETLQzH4.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

431dd0e3bb9f5485ed8702dbc474d9b28820cfd55d567731ee50c91132d0cc7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 11:05:35 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Tue, 30 Mar 2021 13:08:00 GMT
server: sffe
age: 6810
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5721
x-xss-protection: 0
expires: Fri, 15 Apr 2022 11:05:35 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 35A7
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

44ms
44ms

Document
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm9LVR6kDkdSZyQOMwJMQbi0uoLhYvD-0hByUGtXS_HMh1z0lBGe-3SVAwyEhM; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 15 Apr 2021 12:59:05 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Thu, 15-Apr-2021 13:59:05 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 15 Apr 2021 12:59:05 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 15 Apr 2021 12:59:05 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6FF3 0
20 B 42ms
42ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=Cg8IASoLYmFubmVyLWxvZ28KCggCKgZzZXJ2ZXIKJwgEKiNpbmZyYV9jb250cm9sXzEwcCxteXNpZGlhX2FuYWx5dGljcwoNEAMhAAAgo3ABi0AwBAoNEAohAAAAoHoUAkAwBAoNEA0hAAAAADy5jj8wBAoMEB4qBjcyOHg5MDAECgwQGSoGNzI4eDkwMAQKDRAOIQAAAAC2mZk_MAQKDRAQIQAAAABAytBAMAQKDRARIQAAAAAA8chAMAQKDRASIQAAAAAAABRAMAQKDRATIQAAAAAAAAhAMAQKDRAEIQAAtIPrG4tAMAQKDRAPIQAAAAAqe5Q_MAQKDRAUIQAAAAAAQspAMAQKDRAVIQAAAAAAABxAMAQKDRAWIQAAAAAAABBAMAQKDRAFIQAAFB-FHYtAMAQKDRAXIQAAkK5HF4xAMAQKDRAYIQAAaG89S41AMAQSGkNLSHA2T3ltZ1BBQ0ZRRUVpd29kWkhZQjlnIgp0ZXh0L21hY2F3KAM=

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/e91d763233dfa13a1924fbe91cfd4845.js?tag=pingback

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 12:59:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame 74AF 3 KB
578 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1618491544&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1618491544750&bpp=6&bdt=1195&idt=69&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=4LgWGmU6Sb&p=http%3A//hiddenfolder.flowsoft7.com&dtd=73

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 15 Apr 2021 11:17:52 GMT
server: ESF
date: Thu, 15 Apr 2021 12:59:05 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 15 Apr 2021 12:59:05 GMT

GET
H3-29 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/ Frame 74AF 1 KB
909 B 9ms
8ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1618491544&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1618491544750&bpp=6&bdt=1195&idt=69&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=4LgWGmU6Sb&p=http%3A//hiddenfolder.flowsoft7.com&dtd=73

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 12:56:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 137
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Apr 2021 12:56:48 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210413/r20110914/ Frame 74AF 17 KB
7 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210413/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1618491544&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1618491544750&bpp=6&bdt=1195&idt=69&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=4LgWGmU6Sb&p=http%3A//hiddenfolder.flowsoft7.com&dtd=73

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a3f7218703989b2b5daf92319273724ea24f6948631c1376a936ba12bda72e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 12:58:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7114
x-xss-protection: 0
server: cafe
etag: 17366458733339412862
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Apr 2021 12:58:26 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/ Frame 74AF 2 KB
1 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1618491544&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1618491544750&bpp=6&bdt=1195&idt=69&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=4LgWGmU6Sb&p=http%3A//hiddenfolder.flowsoft7.com&dtd=73

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 12:58:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Apr 2021 12:58:20 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 74AF 118 KB
36 KB 18ms
16ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1618491544&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1618491544750&bpp=6&bdt=1195&idt=69&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=4LgWGmU6Sb&p=http%3A//hiddenfolder.flowsoft7.com&dtd=73

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce2216da03d856edb71b34855ce2c67476f6053791b3e85da74477d9a37360a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 12:59:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1618423651533291"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36717
x-xss-protection: 0
expires: Thu, 15 Apr 2021 12:59:05 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/ Frame 74AF 13 KB
5 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210413/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1618491544&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1618491544750&bpp=6&bdt=1195&idt=69&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=4LgWGmU6Sb&p=http%3A//hiddenfolder.flowsoft7.com&dtd=73

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

231064110361844d6320331a5c35979c2a492a546604d97181eb6cf7aa4ae1cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 12:59:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5602
x-xss-protection: 0
server: cafe
etag: 7525161794280374107
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Apr 2021 12:59:04 GMT

GET
H3-29 200 a0b5068ca1fc7f6ff765c7833258ec42.js Show response
www.gstatic.com/mysidia/ Frame 74AF 25 KB
10 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a0b5068ca1fc7f6ff765c7833258ec42.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1618491544&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1618491544750&bpp=6&bdt=1195&idt=69&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=4LgWGmU6Sb&p=http%3A//hiddenfolder.flowsoft7.com&dtd=73

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

789a93f4315357995e96053e32ee793d6b12f592fad617bb04f795c750f0c3bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Apr 2021 09:54:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Apr 2021 02:07:20 GMT
server: sffe
age: 97504
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10491
x-xss-protection: 0
expires: Tue, 13 Jul 2021 09:54:01 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 74AF 0
0 50ms
49ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Chk5nmDh4YKy3M7aMjuwPneuMsAuE19foXre49qHwDMCNtwEQASD3pbwNYJUCoAHqnbO6AsgBAagDAcgDwwSqBNQBT9C0xpe9wRM3sYN3OwT2D6dx_jRy9TXQshYYt_ZGGpO4XyIICH2PQ_ueAyu9xJUoOJwVxN-5xyJ6rAasikK8OUPlBcUZ8SPNwFmrBBk9JNBHwUa7aBXtQamXAQoFpekvNu9RO68Tr3_Yr9g1LkC7ga6Ns1GY-94eqwd6zhSVX1zRFin1w4EPEEqbLvOKgQGF_dhKTLyrBxO4EDOLHtMQUe1ExrLREsBBkIYNSQ-7G7q_69ZuZZSMmNAXKz-GHVFBogyIbrVkY2VuVYGQo562AM0Mow7ABO6gj7yLA5IFBAgEGAGSBQQIBRgEoAZRgAf-4czFAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBRDe3JYE0ggJCIDhgHAQARgfgAoByAsB2BMKshcaChgIABIUcHViLTExMTM1NDEwMTQ4NzI1NTc&sigh=-1tL4fxN3bw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1618491544&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1618491544750&bpp=6&bdt=1195&idt=69&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=4LgWGmU6Sb&p=http%3A//hiddenfolder.flowsoft7.com&dtd=73

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1618491544&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1618491544750&bpp=6&bdt=1195&idt=69&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=4LgWGmU6Sb&p=http%3A//hiddenfolder.flowsoft7.com&dtd=73
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 15 Apr 2021 12:59:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 344E 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1618491544&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1618491544750&bpp=6&bdt=1195&idt=69&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=4LgWGmU6Sb&p=http%3A//hiddenfolder.flowsoft7.com&dtd=73

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1618491544&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1618491544750&bpp=6&bdt=1195&idt=69&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=4LgWGmU6Sb&p=http%3A//hiddenfolder.flowsoft7.com&dtd=73
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm9LVR6kDkdSZyQOMwJMQbi0uoLhYvD-0hByUGtXS_HMh1z0lBGe-3SVAwyEhM; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1618491544&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1618491544750&bpp=6&bdt=1195&idt=69&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=4LgWGmU6Sb&p=http%3A//hiddenfolder.flowsoft7.com&dtd=73

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 15 Apr 2021 12:23:25 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2140
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 74AF 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dd0554ad5e71014e093b3de7c803bce22cedc49a1bee582dbcefd5670af61ec4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 74AF 21 KB
21 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 11 Apr 2021 10:03:38 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:21 GMT
server: sffe
age: 356127
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21716
x-xss-protection: 0
expires: Mon, 11 Apr 2022 10:03:38 GMT

GET
H3-29 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 74AF 21 KB
21 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 02:03:02 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 39363
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Fri, 15 Apr 2022 02:03:02 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 344E
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

42ms
42ms

Document
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1618491544&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1618491544750&bpp=6&bdt=1195&idt=69&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=4LgWGmU6Sb&p=http%3A//hiddenfolder.flowsoft7.com&dtd=73

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm9LVR6kDkdSZyQOMwJMQbi0uoLhYvD-0hByUGtXS_HMh1z0lBGe-3SVAwyEhM; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 15 Apr 2021 12:59:05 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Thu, 15-Apr-2021 13:59:05 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 15 Apr 2021 12:59:05 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 15 Apr 2021 12:59:05 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 31ms
16ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=hiddenfolder.flowsoft7.com

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hiddenfolder.flowsoft7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 15 Apr 2021 12:59:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 30ms
15ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=hiddenfolder.flowsoft7.com

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hiddenfolder.flowsoft7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 15 Apr 2021 12:59:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FB3E 0
19 B 15ms
15ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&adk=1812271804&adf=3025194257&lmt=1618491546&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&ea=0&flash=0&pra=7&wgl=1&dt=1618491546027&bpp=1&bdt=2472&idt=1&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1884121ca1b735f2-22acb7aa8da70059%3AT%3D1618491544%3ART%3D1618491544%3AS%3DALNI_MaQqE9HVgBYfKBWsm78Rmu7cwMU4g&prev_fmts=728x90%2C802x280&prev_slotnames=5713445902&nras=1&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&psts=AGkb-H8vS54nSjFPne0p2S9pDH2efeD5zfD9B9qUCTw0MJyzA0aW09wwq--th6Yg7EzFQrcrkr9TtMDhoumQWA%2CAGkb-H9aiyXcLcUei4jtiO6MJXVOcnGb7UVMmg8YATUIDvIIrC_kqJyxRfi7Lq2HMSZHRxc_Aj5XC1Bq5Oo%2CAGkb-H9EZf32l8SGHYv2Als5dRUCwBzTgbTt6KEpwR0JAfdErVWuGI7A-0zxC9-tKC9d8u-98rM4hTtE8lWF&pvsid=1118558057209134&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=23&ifi=4&uci=a!4&fsb=1&dtd=9

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1113541014872557&output=html&adk=1812271804&adf=3025194257&lmt=1618491546&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&ea=0&flash=0&pra=7&wgl=1&dt=1618491546027&bpp=1&bdt=2472&idt=1&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1884121ca1b735f2-22acb7aa8da70059%3AT%3D1618491544%3ART%3D1618491544%3AS%3DALNI_MaQqE9HVgBYfKBWsm78Rmu7cwMU4g&prev_fmts=728x90%2C802x280&prev_slotnames=5713445902&nras=1&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&psts=AGkb-H8vS54nSjFPne0p2S9pDH2efeD5zfD9B9qUCTw0MJyzA0aW09wwq--th6Yg7EzFQrcrkr9TtMDhoumQWA%2CAGkb-H9aiyXcLcUei4jtiO6MJXVOcnGb7UVMmg8YATUIDvIIrC_kqJyxRfi7Lq2HMSZHRxc_Aj5XC1Bq5Oo%2CAGkb-H9EZf32l8SGHYv2Als5dRUCwBzTgbTt6KEpwR0JAfdErVWuGI7A-0zxC9-tKC9d8u-98rM4hTtE8lWF&pvsid=1118558057209134&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=23&ifi=4&uci=a!4&fsb=1&dtd=9
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://hiddenfolder.flowsoft7.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm9LVR6kDkdSZyQOMwJMQbi0uoLhYvD-0hByUGtXS_HMh1z0lBGe-3SVAwyEhM; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://hiddenfolder.flowsoft7.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 15 Apr 2021 12:59:06 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 15 Apr 2021 12:59:06 GMT
cache-control: private

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 9 KB
7 KB 31ms
18ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210413&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a149118f4b8e10c36c60f6e129f2b8551b192d182e151f774856861811faeebe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hiddenfolder.flowsoft7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 15 Apr 2021 12:59:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6659
x-xss-protection: 0

GET
H3-29 200 Qx3Q47ufVIXthwLbxHTZsoggz9VdVncx7lDJETLQzH4.js Show response
pagead2.googlesyndication.com/bg/ Frame 2AC5 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Qx3Q47ufVIXthwLbxHTZsoggz9VdVncx7lDJETLQzH4.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1113541014872557&output=html&h=90&slotname=5713445902&adk=4204724703&adf=3333712924&pi=t.ma~as.5713445902&w=728&lmt=1618491544&psa=0&format=728x90&url=http%3A%2F%2Fhiddenfolder.flowsoft7.com%2F&flash=0&wgl=1&dt=1618491544750&bpp=6&bdt=1195&idt=69&shv=r20210413&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=5713445902&correlator=8677857370216&frm=20&pv=1&ga_vid=419125128.1618491545&ga_sid=1618491545&ga_hid=1534168503&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=33&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44735932%2C44740079&oid=3&pvsid=1118558057209134&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&fsb=1&xpc=4LgWGmU6Sb&p=http%3A//hiddenfolder.flowsoft7.com&dtd=73

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

431dd0e3bb9f5485ed8702dbc474d9b28820cfd55d567731ee50c91132d0cc7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 11:05:35 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Tue, 30 Mar 2021 13:08:00 GMT
server: sffe
age: 6811
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5721
x-xss-protection: 0
expires: Fri, 15 Apr 2022 11:05:35 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hiddenfolder.flowsoft7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 12:59:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Thu, 15 Apr 2021 12:59:06 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame DD1D 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://hiddenfolder.flowsoft7.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://hiddenfolder.flowsoft7.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Thu, 15 Apr 2021 12:46:07 GMT
expires: Fri, 15 Apr 2022 12:46:07 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 779
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Qx3Q47ufVIXthwLbxHTZsoggz9VdVncx7lDJETLQzH4.js Show response
pagead2.googlesyndication.com/bg/ Frame DD1D 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Qx3Q47ufVIXthwLbxHTZsoggz9VdVncx7lDJETLQzH4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

431dd0e3bb9f5485ed8702dbc474d9b28820cfd55d567731ee50c91132d0cc7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Apr 2021 11:05:35 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Tue, 30 Mar 2021 13:08:00 GMT
server: sffe
age: 6811
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5721
x-xss-protection: 0
expires: Fri, 15 Apr 2022 11:05:35 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 45ms
45ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210413&jk=1118558057209134&bg=!2Nul25_NAAb2K53n9is7ACkAdvg8WpYm0UhUtmezm8pHRYAC_PfEl-nBQPxjU3_coy3SsBvL1IZfdAIAAABiUgAAAAtoAQcKAIZ70vY6j-HsJOUcjWy556g2I2Orh2LRCZgL6yhA7Omnobbyf8ZPPVm9q6PHMTNUOnsEVQso68J16_xqhKOXAEvUeaeqqvcy5yS71cLFMIS5l0GMsqATItuMtuadxRJngByz8C_UNUwD0JWucR8vnEFxc9I7bU-Zs6KET-cvyTyrbUi6jijKjJkB22PaKe3VLonE6GMnLM-janLSWXwV1dghq6IyxTEmIM6M1RTEd5ycc8rZHKKiTCsCmBCmxmV7zUyI0BtVSUVWlX9E0DpcnQS-S5apKhwHMBjitwOrjgTFGEpI0wPPiugGYTkEKwC48Mvm4s-xgoimQk8orQ5KGsbli-WlGPn9iuay1_AZnw0CyMFxWqa1QJnKuY6RZjCE-wgUe-yFQt4zUqxOZtrY1tM2QdE7h0K1xBUv7_vz5W2ZOdPX13nXnWGMGyIBYtbTMPbPUX3N6_5ePRniWPf2D6XGu75RlaI1VOapjz5wmb1mn_oLVtGJWc5EEFyEUIPeiA4Uk5Zu60w5o_PFWjignei-IC7r7ehLiHCU0gPm4CC6TPaY1lF-6994cU1_lV1zBl7u2jEKgVvmtLkzh_XRN2uynIwFX7Kjy5aNsK2xkUsxfkoIHjjHkcdQfPLscBQWvl_M8YVzVCqvRWW773iwaVt61dQ1_g3aqOoVTsecznXYi92I5WHj3mNj293lJpRw_iWug7HCq7cEgno56zzWUj3Tbo7gxRnDqNiKFoLeY3tlpGP2ZH4inLlCq7IktWysFxKetRtgqjfgFUCDC3LdmeR-dqqIGV3YS1i0PiezKF37vAOyGEw

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://hiddenfolder.flowsoft7.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 12:59:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6FF3 42 B
501 B 64ms
46ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvbYb_diO4FEjCsyNXIlsK8nEXEJVmWwwZI_vuI7W3-371KdLs3tEE4-4FKSosC4GXC21RBFEBkzyfU4YVoCpx1Qo1ju8NTpRPuBflOMWDOfCemzf-hb_3_G1e2gA&sai=AMfl-YTwYAUrkFalHBfILxERK95jx6xQSwxEo39DGNAdR_cY3yLJj6qpSIJ8r4xPlJ5oCNtdj1iLYmw46fOs&sig=Cg0ArKJSzBDOFGNb5GelEAE&id=lidar2&mcvt=1000&p=305,436,395,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210414&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=911114306&rs=2&met=mue&la=0&cr=0&osd=1&vs=4&rst=1618491544815&dlt=789&rpt=75&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 12:59:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 74AF 42 B
64 B 43ms
43ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstIYacUr1E-s8HtGOba0HYtM28O9qmHG6--ZLOgdm0aKyh70cnIBVzPpK_GZ8WF2BsjiAdm0oPT6cbkVjni6aHCmP-QfOMuQcTSvpROr5Ls6hclGjDtfIoo8DvmFw&sai=AMfl-YSHmN0j2SDCuA5Zdy9Sio7FXPGHv78izwrmaR7VjNYE9B9oqYtDHWN2RKhF4aEYrpyU4dcgCM3eVeM0&sig=Cg0ArKJSzAH5qTF0l9VMEAE&id=lidar2&mcvt=1000&p=33,438,123,1166&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210414&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=4204724703&rs=2&met=mue&la=0&cr=0&osd=1&vs=4&rst=1618491544824&dlt=1012&rpt=56&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 12:59:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

330 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 17:34:55	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-19 17:34:52	Name: test_cookie Value: CheckForPermission
.doubleclick.net/	1970-01-20 02:56:27	Name: IDE Value: AHWqTUm9LVR6kDkdSZyQOMwJMQbi0uoLhYvD-0hByUGtXS_HMh1z0lBGe-3SVAwyEhM
.google.com/	1970-01-19 21:58:22	Name: NID Value: 213=s9P1SYYLYF1EJFd5HwoXpIhFekllKlNE-X_h9FR4Nr1F2ltBpLvT_wga5FUXUuDM_xgeXkBWLgxnYMDFTgBjaJUYjacQQAoxpHc5nP4BgyOpIS3Al_tkFA45FswSyC6zmw7NOrs8JDqBw3Ml2dFwtWJht9n3bKTMXByKZKG2cKA
.hiddenfolder.flowsoft7.com/	1978-01-11 21:30:57	Name: G_ENABLED_IDPS Value: google
.flowsoft7.com/	1970-01-20 02:56:27	Name: __gads Value: ID=1884121ca1b735f2-22acb7aa8da70059:T=1618491544:RT=1618491544:S=ALNI_MaQqE9HVgBYfKBWsm78Rmu7cwMU4g

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
adservice.google.com
adservice.google.de
apis.google.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
hiddenfolder.flowsoft7.com
iblogbox.github.io
pagead2.googlesyndication.com
partner.googleadservices.com
ssl.gstatic.com
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
www.gstatic.com
185.199.111.153
216.58.212.162
2a00:1450:4001:800::2001
2a00:1450:4001:800::2002
2a00:1450:4001:801::200a
2a00:1450:4001:808::2002
2a00:1450:4001:808::2003
2a00:1450:4001:808::200d
2a00:1450:4001:80f::2002
2a00:1450:4001:810::200e
2a00:1450:4001:813::2003
2a00:1450:4001:827::2003
2a00:1450:4001:828::2002
2a00:1450:4001:828::2004
58.121.85.143
0aed40d94486ed73e081efab4b6b3eff34c10324d50aabfd80ffa56cb9e5c3de
1152be785978aa809034ab61de86ce4d03c5a301c95e96995e336d2462832a10
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27
1da3331639b70bdb21d6c467fad10490f2a5d457b70c29e3c9f1b6f3ea8d9d88
1dfc56c75b1a9c8b7aad325b056581c994fc0761ae8f149bb9fbb7b4e3a98238
231064110361844d6320331a5c35979c2a492a546604d97181eb6cf7aa4ae1cd
2a5bafe273098299e3f0185d6d4dddac56c7435d859fe7a745e098b6c9a214f7
3a2a840445c182547bd0cbdc7d96dfb95907e7c08b932de3f9a93ce423bc32a0
431dd0e3bb9f5485ed8702dbc474d9b28820cfd55d567731ee50c91132d0cc7e
48a1cd6d68391c16811490bd78f720de99ce0e67e50b37eb41a38c30bcb9147e
49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381
599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a
64a09d35829fc5f94e946ea2ddb2a1bb956ec602024eba5f0f1ec710505ad4a2
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
72397b50b0d93c1df9ba08e23ff88caf48a1664d7ec88876ea083e4d96ca4ed8
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
74e1cf077493c33fe895c7ce5732cda76b195e2d357d928f094bc3367cc7a75f
762977521ae325a21feba8ca2179167a51d2b167e41934d3641559567fdf99e8
789a93f4315357995e96053e32ee793d6b12f592fad617bb04f795c750f0c3bf
7916520ede1d66c6b854ce857a1f4e41c42d1fde9ec63b5890daa63564310304
7a3f7218703989b2b5daf92319273724ea24f6948631c1376a936ba12bda72e2
804cd89891dc0c2f6c60b7907739c28d9e8a1840fcb169e79e5859792d3bfc26
81a79bcfe84377ec7a4ce830647a93d02a2a4284dae4b24456039c24f4a151f7
8daf09a6fc31937457dd77e9c25ce4b21349d605b561a8c5d557841bf964c9a0
8fab9e6b651c9cf63589737f322eebabc8eb2c4025724aa8b78c7b83ad48a177
9149ff5c835e2b33337e91bf4372af05d4fec27aa1f5834f17898884687d7c80
95f66b0fd918f7a6d36f22a9ac49210439d74085bf0fedd1dec6061918f20c1c
99fcd335db15dc4bc00ae60c1c2e70a332743edf8b7e36d39efb1f9a22fb65ae
a149118f4b8e10c36c60f6e129f2b8551b192d182e151f774856861811faeebe
a1943a600956d093b6bdbd157ffea2a0a738342a1a7a454a31364c3aa41325fa
a1f5b7ff2a7f7e6373ec9c773825d9a940cad301694d7aa7e446086804c39df7
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a
aeef6f2fa6044cadada5782a968531ac7b2a0207e741d67671e441b1fc5a656d
bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66
bedddb3e8da114412602440e01aa8122a149527f3f30859c276f5efa31ecb7e6
c34b7397b94cb8078d8ca61e9140a32eb6b444df410a614e06d4849d8bd3a17b
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
ca5c5368c6273b25608c7ba90b914072355b10df231585a4b2cd1e6408760f92
ce2216da03d856edb71b34855ce2c67476f6053791b3e85da74477d9a37360a9
cf04e005a3eb6c896cddac733379ae24c73f09ce356844716aa603b147afcaf5
dabc9a3a0f6ee17d5acd1827dc4b9c9291a68bc664162abe11a6576169de0215
db8c2267fa122aa5af73439302ec7bbda209ab40277345e037fe84b5567be759
dd0554ad5e71014e093b3de7c803bce22cedc49a1bee582dbcefd5670af61ec4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4e663dc3198327a5805dbb0c6ab42f84378bed7566265936086f5a06c28a724
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7
f6c56408d033641926cfb4f0d31fa91c7832fcf787e459590e1fc203c6d9eac2

hiddenfolder.flowsoft7.com Open in urlscan Pro 58.121.85.143 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

77 Requests

88 %HTTPS

80 %IPv6

10 Domains

16 Subdomains

15 IPs

3 Countries

898 kBTransfer

2204 kBSize

6 Cookies

0 Outgoing links

Redirected requests

77 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

hiddenfolder.flowsoft7.com Open in urlscan Pro
58.121.85.143 Public Scan

Screenshot
Live screenshot

Full Image

77
Requests

88 %
HTTPS

80 %
IPv6

10
Domains

16
Subdomains

15
IPs

3
Countries

898 kB
Transfer

2204 kB
Size

6
Cookies

77 HTTP transactions
3 data transactions