a.rfihub.com Open in urlscan Pro
193.0.160.128 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://a.rfihub.com/adr.html?w=320&h=50&co=sej:false,optimize:false,serverId:sjc-218,newUser:false,scoreMicroClicks:...
Effective URL:
https://a.rfihub.com/sr/adr.html?w=320&h=50&co=sej:false,optimize:false,serverId:sjc-218,newUser:false,scoreMicroClic...
Submission: On September 28 via manual (September 28th 2022, 3:02:18 pm UTC) from IN — Scanned from DE

Summary HTTP 29 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 15 IPs in 4 countries across 11 domains to perform 29 HTTP transactions. The main IP is 193.0.160.128, located in United States and belongs to ROCKETFUEL, US. The main domain is a.rfihub.com. The Cisco Umbrella rank of the primary domain is 2859.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 24th 2022. Valid for: a year.

This is the only time a.rfihub.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 4	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
1	2600:9000:223... 2600:9000:223c:7a00:1:76cf:fe80:93a1	16509 (AMAZON-02) (AMAZON-02)
1	34.249.136.72 34.249.136.72	16509 (AMAZON-02) (AMAZON-02)
1	13.32.121.21 13.32.121.21	16509 (AMAZON-02) (AMAZON-02)
1	92.123.14.245 92.123.14.245	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a02:26f0:11a... 2a02:26f0:11a:49e::4469	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	213.254.244.106 213.254.244.106	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
3	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.186.134 142.250.186.134	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:400d:807::2002	15169 (GOOGLE) (GOOGLE)
2	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2006	15169 (GOOGLE) (GOOGLE)
4	184.24.12.191 184.24.12.191	16625 (AKAMAI-AS) (AKAMAI-AS)
1	34.197.148.110 34.197.148.110	14618 (AMAZON-AES) (AMAZON-AES)
29	15

4 193.0.160.128 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
20794017p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:7a00:1:76cf:fe80:93a1 (United States)

ASN16509 (AMAZON-02, US)

c1.rfihub.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.249.136.72 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-136-72.eu-west-1.compute.amazonaws.com

secure-us.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.121.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-21.fra60.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 92.123.14.245 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-14-245.deploy.static.akamaitechnologies.com

c.betrad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:11a:49e::4469 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

rtbcdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.254.244.106 (United States)

ASN3257 (GTT-BACKBONE GTT, US)

rtb0.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rtbc-frc.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.134 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400d:807::2002 (Ireland)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.74.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 184.24.12.191 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-24-12-191.deploy.static.akamaitechnologies.com

c.evidon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.197.148.110 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-197-148-110.compute-1.amazonaws.com

l.betrad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 tpc.googlesyndication.com — Cisco Umbrella Rank: 143	43 KB
4	evidon.com c.evidon.com — Cisco Umbrella Rank: 1186	14 KB
4	doubleverify.com rtbcdn.doubleverify.com — Cisco Umbrella Rank: 2848 rtb0.doubleverify.com — Cisco Umbrella Rank: 676 rtbc-frc.doubleverify.com — Cisco Umbrella Rank: 17804	16 KB
4	rfihub.com 1 redirects a.rfihub.com — Cisco Umbrella Rank: 2859 20794017p.rfihub.com — Cisco Umbrella Rank: 119449	8 KB
3	doubleclick.net ad.doubleclick.net — Cisco Umbrella Rank: 163 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 299	27 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 191	78 KB
2	betrad.com c.betrad.com — Cisco Umbrella Rank: 1588 l.betrad.com — Cisco Umbrella Rank: 1396	2 KB
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 268	12 KB
1	scorecardresearch.com sb.scorecardresearch.com — Cisco Umbrella Rank: 152	2 KB
1	imrworldwide.com secure-us.imrworldwide.com — Cisco Umbrella Rank: 1885	597 B
1	rfihub.net c1.rfihub.net — Cisco Umbrella Rank: 5872	6 KB
29	11

	Domain	Requested by
4	c.evidon.com	c.betrad.com a.rfihub.com c.evidon.com
4	pagead2.googlesyndication.com	ad.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
3	www.googletagservices.com	rtbcdn.doubleverify.com www.googletagservices.com ad.doubleclick.net
3	a.rfihub.com	1 redirects a.rfihub.com
2	tpc.googlesyndication.com	ad.doubleclick.net tpc.googlesyndication.com
2	googleads4.g.doubleclick.net	ad.doubleclick.net
2	rtbcdn.doubleverify.com	a.rfihub.com rtbcdn.doubleverify.com
1	l.betrad.com
1	s0.2mdn.net	a.rfihub.com
1	ad.doubleclick.net	www.googletagservices.com
1	20794017p.rfihub.com	a.rfihub.com
1	rtbc-frc.doubleverify.com	rtbcdn.doubleverify.com
1	rtb0.doubleverify.com	rtbcdn.doubleverify.com
1	c.betrad.com	a.rfihub.com
1	sb.scorecardresearch.com	a.rfihub.com
1	secure-us.imrworldwide.com	a.rfihub.com
1	c1.rfihub.net	a.rfihub.com
29	17

This site contains links to these domains. Also see Links.

Domain
adclick.g.doubleclick.net

Subject Issuer	Validity	Valid
*.rfihub.com Sectigo RSA Domain Validation Secure Server CA	`2022-05-24` - `2023-05-24`	a year	crt.sh
*.rfihub.net Amazon	`2021-12-29` - `2023-01-27`	a year	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-04` - `2023-02-03`	a year	crt.sh
*.scorecardresearch.com Amazon	`2022-01-29` - `2023-02-27`	a year	crt.sh
*.betrad.com DigiCert TLS RSA SHA256 2020 CA1	`2022-05-28` - `2023-05-31`	a year	crt.sh
*.doubleverify.com DigiCert SHA2 Secure Server CA	`2021-12-23` - `2022-12-23`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
*.evidon.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-12` - `2023-04-12`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://a.rfihub.com/sr/adr.html?w=320&h=50&co=sej:false,optimize:false,serverId:sjc-218,newUser:false,scoreMicroClicks:3899,scoreMicroConversions:0,uV:963312,uG:0,uE:0,uD:0,url:sjc-218.sjc-rtb1.rfihub.com,bB:true,bt:1664371991885,mt:1,did:tid_1481760|med_regular,exId:7762830295348553514,rdi:E1423B1C-228E-44BA-A1B5-A7D29D98ACCE,shadi:8d94c98dda8d42d3e53bd9539c42a3810eb81873,diPlat:4,uuid:3476113424838708470,diSrc:1,ip:12.249.160.38,dvct:26,fcc:3@13,fd:5,faf:3,tagid:24326946,sid:12501,p39:8,ge:&ep=${AUCTION_PRICE}&ri=763a105e7078b1d8e6283e06eda446b8&rs=apps.apple.com/us/app/block-puzzle-jewel-gem-legend/id1561719761?uo=4&ai=4990998&rt=1481760&re=36199&ug=&pv=0&ra=3719980460.17020623591942574&rb=345&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre3719980453020&pb=&pc=&pd=&pg=&ct=1664371998046&di=sjZTJjdqNQtPlO9lTnEKjgQ64GHM&app=1&pe=about:blank&pf=&sig=2147483391,805503465&loc...
Frame ID: 74097E2D7B2BE628B3DFB1F8DB8C4B8B
Requests: 26 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: E6FDF42E69E100B74927DAD9BEA7AC2F
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://a.rfihub.com/adr.html?w=320&h=50&co=sej:false,optimize:false,serverId:sjc-218,newUser:fal... HTTP 302
https://a.rfihub.com/sr/adr.html?w=320&h=50&co=sej:false,optimize:false,serverId:sjc-218,newUser:... Page URL

Detected technologies

Crownpeak (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

c\.evidon\.com

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

Page Statistics

29
Requests

100 %
HTTPS

40 %
IPv6

11
Domains

17
Subdomains

15
IPs

4
Countries

207 kB
Transfer

523 kB
Size

5
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://adclick.g.doubleclick.net/pcs/click?xai=AKAOjsvqeLTtGfGljdhyROyEsES3JI-KArs5jYjz-4Fptnr_Xztp9eWSTCf8uDSRPao55uUWUcfTXKy6x5buLvcl-aTiI9MHZXby3Y566xXLfqIkA39-mn70fp_3XDCrbv_q44IYVdICkQNX&sig=Cg0ArKJSzHucCJO6Wjin&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=https://a.rfihub.com/acs/b/c3Q9aHRtbCZhYT00OTkwOTk4LDEyMTM3NDg2NiwyMjkxMTE3LDIwMzQ5Mzg4NSwxODE1MDIsMTQ4MTc2MCw3NjNhMTA1ZTcwNzhiMWQ4ZTYyODNlMDZlZGE0NDZiOCxwLDQ1MTAyLDU0ODI4MCw2MTc1NzA3Myw0NzY2MDIsMTI0MDY2NyZtdD0xJnJiPTM0NSZyZT0zNjE5OSZoY2k9JnV1aWQ9MzQ3NjExMzQyNDgzODcwODQ3MCZkaT1zalpUSmpkcU5RdFBsTzlsVG5FS2pnUTY0R0hNJmRjPTImZGlzcmM9MSZiaXA9MjE3LjExNC4yMTguMjYmZGlkPXRpZF8xNDgxNzYwfG1lZF9yZWd1bGFyJmxpbXA9MQ../n/https://www.thinkinghuts.org/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://a.rfihub.com/adr.html?w=320&h=50&co=sej:false,optimize:false,serverId:sjc-218,newUser:false,scoreMicroClicks:3899,scoreMicroConversions:0,uV:963312,uG:0,uE:0,uD:0,url:sjc-218.sjc-rtb1.rfihub.com,bB:true,bt:1664371991885,mt:1,did:tid_1481760|med_regular,exId:7762830295348553514,rdi:E1423B1C-228E-44BA-A1B5-A7D29D98ACCE,shadi:8d94c98dda8d42d3e53bd9539c42a3810eb81873,diPlat:4,uuid:3476113424838708470,diSrc:1,ip:12.249.160.38,dvct:26,fcc:3@13,fd:5,faf:3,tagid:24326946,sid:12501,p39:8,ge:&ep=${AUCTION_PRICE}&ri=763a105e7078b1d8e6283e06eda446b8&rs=apps.apple.com/us/app/block-puzzle-jewel-gem-legend/id1561719761?uo=4&ai=4990998&rt=1481760&re=36199&ug=&pv=0&ra=3719980460.17020623591942574&rb=345&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre3719980453020&pb=&pc=&pd=&pg=&ct=1664371998046&di=sjZTJjdqNQtPlO9lTnEKjgQ64GHM&app=1&pe=about:blank&pf=&sig=2147483391,805503465&loc... HTTP 302
https://a.rfihub.com/sr/adr.html?w=320&h=50&co=sej:false,optimize:false,serverId:sjc-218,newUser:false,scoreMicroClicks:3899,scoreMicroConversions:0,uV:963312,uG:0,uE:0,uD:0,url:sjc-218.sjc-rtb1.rfihub.com,bB:true,bt:1664371991885,mt:1,did:tid_1481760|med_regular,exId:7762830295348553514,rdi:E1423B1C-228E-44BA-A1B5-A7D29D98ACCE,shadi:8d94c98dda8d42d3e53bd9539c42a3810eb81873,diPlat:4,uuid:3476113424838708470,diSrc:1,ip:12.249.160.38,dvct:26,fcc:3@13,fd:5,faf:3,tagid:24326946,sid:12501,p39:8,ge:&ep=${AUCTION_PRICE}&ri=763a105e7078b1d8e6283e06eda446b8&rs=apps.apple.com/us/app/block-puzzle-jewel-gem-legend/id1561719761?uo=4&ai=4990998&rt=1481760&re=36199&ug=&pv=0&ra=3719980460.17020623591942574&rb=345&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre3719980453020&pb=&pc=&pd=&pg=&ct=1664371998046&di=sjZTJjdqNQtPlO9lTnEKjgQ64GHM&app=1&pe=about:blank&pf=&sig=2147483391,805503465&loc... Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

29 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request adr.html Show response
a.rfihub.com/sr/
Redirect Chain

http://a.rfihub.com/adr.html?w=320&h=50&co=sej:false,optimize:false,serverId:sjc-218,newUser:false,scoreMicroClicks:3899,scoreMicroConversions:0,uV:963312,uG:0,uE:0,uD:0,url:sjc-218.sjc-rtb1.rfihub...
https://a.rfihub.com/sr/adr.html?w=320&h=50&co=sej:false,optimize:false,serverId:sjc-218,newUser:false,scoreMicroClicks:3899,scoreMicroConversions:0,uV:963312,uG:0,uE:0,uD:0,url:sjc-218.sjc-rtb1.rf...

5 KB
6 KB

123ms
29ms

Document
text/html

193.0.160.128
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://a.rfihub.com/sr/adr.html?w=320&h=50&co=sej:false,optimize:false,serverId:sjc-218,newUser:false,scoreMicroClicks:3899,scoreMicroConversions:0,uV:963312,uG:0,uE:0,uD:0,url:sjc-218.sjc-rtb1.rfihub.com,bB:true,bt:1664371991885,mt:1,did:tid_1481760|med_regular,exId:7762830295348553514,rdi:E1423B1C-228E-44BA-A1B5-A7D29D98ACCE,shadi:8d94c98dda8d42d3e53bd9539c42a3810eb81873,diPlat:4,uuid:3476113424838708470,diSrc:1,ip:12.249.160.38,dvct:26,fcc:3@13,fd:5,faf:3,tagid:24326946,sid:12501,p39:8,ge:&ep=${AUCTION_PRICE}&ri=763a105e7078b1d8e6283e06eda446b8&rs=apps.apple.com/us/app/block-puzzle-jewel-gem-legend/id1561719761?uo=4&ai=4990998&rt=1481760&re=36199&ug=&pv=0&ra=3719980460.17020623591942574&rb=345&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre3719980453020&pb=&pc=&pd=&pg=&ct=1664371998046&di=sjZTJjdqNQtPlO9lTnEKjgQ64GHM&app=1&pe=about:blank&pf=&sig=2147483391,805503465&loc...
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.128 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 836fb9a1816b80f0a3c3cf2c2c8ddaf51db3282c12ac8532686c34286dafc911

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache
Content-Length: 5158
Content-Type: text/html;charset=utf-8
Date: Wed, 28 Sep 2022 15:02:12 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Jetty(9.3.29.v20201019)

Redirect headers

Content-Length: 0
Date: Wed, 28 Sep 2022 15:02:12 GMT
Location: https://a.rfihub.com/sr/adr.html?w=320&h=50&co=sej:false,optimize:false,serverId:sjc-218,newUser:false,scoreMicroClicks:3899,scoreMicroConversions:0,uV:963312,uG:0,uE:0,uD:0,url:sjc-218.sjc-rtb1.rfihub.com,bB:true,bt:1664371991885,mt:1,did:tid_1481760|med_regular,exId:7762830295348553514,rdi:E1423B1C-228E-44BA-A1B5-A7D29D98ACCE,shadi:8d94c98dda8d42d3e53bd9539c42a3810eb81873,diPlat:4,uuid:3476113424838708470,diSrc:1,ip:12.249.160.38,dvct:26,fcc:3@13,fd:5,faf:3,tagid:24326946,sid:12501,p39:8,ge:&ep=${AUCTION_PRICE}&ri=763a105e7078b1d8e6283e06eda446b8&rs=apps.apple.com/us/app/block-puzzle-jewel-gem-legend/id1561719761?uo=4&ai=4990998&rt=1481760&re=36199&ug=&pv=0&ra=3719980460.17020623591942574&rb=345&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre3719980453020&pb=&pc=&pd=&pg=&ct=1664371998046&di=sjZTJjdqNQtPlO9lTnEKjgQ64GHM&app=1&pe=about:blank&pf=&sig=2147483391,805503465&loc...
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 bcS.js Show response
c1.rfihub.net/js/ 18 KB
6 KB 253ms
23ms Script
application/x-javascript 2600:9000:223c:7a00:1:76cf:fe80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/bcS.js
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sr/adr.html?w=320&h=50&co=sej:false,optimize:false,serverId:sjc-218,newUser:false,scoreMicroClicks:3899,scoreMicroConversions:0,uV:963312,uG:0,uE:0,uD:0,url:sjc-218.sjc-rtb1.rfihub.com,bB:true,bt:1664371991885,mt:1,did:tid_1481760|med_regular,exId:7762830295348553514,rdi:E1423B1C-228E-44BA-A1B5-A7D29D98ACCE,shadi:8d94c98dda8d42d3e53bd9539c42a3810eb81873,diPlat:4,uuid:3476113424838708470,diSrc:1,ip:12.249.160.38,dvct:26,fcc:3@13,fd:5,faf:3,tagid:24326946,sid:12501,p39:8,ge:&ep=${AUCTION_PRICE}&ri=763a105e7078b1d8e6283e06eda446b8&rs=apps.apple.com/us/app/block-puzzle-jewel-gem-legend/id1561719761?uo=4&ai=4990998&rt=1481760&re=36199&ug=&pv=0&ra=3719980460.17020623591942574&rb=345&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre3719980453020&pb=&pc=&pd=&pg=&ct=1664371998046&di=sjZTJjdqNQtPlO9lTnEKjgQ64GHM&app=1&pe=about:blank&pf=&sig=2147483391,805503465&loc...
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:7a00:1:76cf:fe80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: ef6c9aaf36bcf57fd7fd87c21ddfbff8bdaa6da3bfa9a35e1b2fc4e90bdfe756

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 14:38:35 GMT
content-encoding: gzip
via: 1.1 3f52d342c56014599dee37446f6c9f2e.cloudfront.net (CloudFront)
last-modified: Wed, 28 Sep 2022 14:38:25 GMT
server: Jetty(9.3.29.v20201019)
x-amz-cf-pop: FRA56-P2
age: 1417
x-cache: Hit from cloudfront
content-type: application/x-javascript
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: public, max-age=3600
content-length: 5618
x-amz-cf-id: Kz6kJscxR24w7VvjSoxXd76CqWy9-OmzjTmYQK_oZE5VeUp6i-LUiw==
expires: Wed, 28 Sep 2022 15:38:35 GMT

GET
H2 200 m
secure-us.imrworldwide.com/cgi-bin/ 44 B
597 B 278ms
45ms Image
image/gif 34.249.136.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-rocketfuel&cg=3476113424838708470&cc=1
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sr/adr.html?w=320&h=50&co=sej:false,optimize:false,serverId:sjc-218,newUser:false,scoreMicroClicks:3899,scoreMicroConversions:0,uV:963312,uG:0,uE:0,uD:0,url:sjc-218.sjc-rtb1.rfihub.com,bB:true,bt:1664371991885,mt:1,did:tid_1481760|med_regular,exId:7762830295348553514,rdi:E1423B1C-228E-44BA-A1B5-A7D29D98ACCE,shadi:8d94c98dda8d42d3e53bd9539c42a3810eb81873,diPlat:4,uuid:3476113424838708470,diSrc:1,ip:12.249.160.38,dvct:26,fcc:3@13,fd:5,faf:3,tagid:24326946,sid:12501,p39:8,ge:&ep=${AUCTION_PRICE}&ri=763a105e7078b1d8e6283e06eda446b8&rs=apps.apple.com/us/app/block-puzzle-jewel-gem-legend/id1561719761?uo=4&ai=4990998&rt=1481760&re=36199&ug=&pv=0&ra=3719980460.17020623591942574&rb=345&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre3719980453020&pb=&pc=&pd=&pg=&ct=1664371998046&di=sjZTJjdqNQtPlO9lTnEKjgQ64GHM&app=1&pe=about:blank&pf=&sig=2147483391,805503465&loc...
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.136.72 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-136-72.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Sep 2022 15:02:12 GMT
server: nginx
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-us.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
content-length: 44
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 4 KB
2 KB 239ms
22ms Script
application/javascript 13.32.121.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js?c1=8&c2=6820648&c3=1&c4=&c5=&c6=
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sr/adr.html?w=320&h=50&co=sej:false,optimize:false,serverId:sjc-218,newUser:false,scoreMicroClicks:3899,scoreMicroConversions:0,uV:963312,uG:0,uE:0,uD:0,url:sjc-218.sjc-rtb1.rfihub.com,bB:true,bt:1664371991885,mt:1,did:tid_1481760|med_regular,exId:7762830295348553514,rdi:E1423B1C-228E-44BA-A1B5-A7D29D98ACCE,shadi:8d94c98dda8d42d3e53bd9539c42a3810eb81873,diPlat:4,uuid:3476113424838708470,diSrc:1,ip:12.249.160.38,dvct:26,fcc:3@13,fd:5,faf:3,tagid:24326946,sid:12501,p39:8,ge:&ep=${AUCTION_PRICE}&ri=763a105e7078b1d8e6283e06eda446b8&rs=apps.apple.com/us/app/block-puzzle-jewel-gem-legend/id1561719761?uo=4&ai=4990998&rt=1481760&re=36199&ug=&pv=0&ra=3719980460.17020623591942574&rb=345&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre3719980453020&pb=&pc=&pd=&pg=&ct=1664371998046&di=sjZTJjdqNQtPlO9lTnEKjgQ64GHM&app=1&pe=about:blank&pf=&sig=2147483391,805503465&loc...
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-21.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 07:03:56 GMT
content-encoding: gzip
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
last-modified: Tue, 28 Jun 2022 13:19:23 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 34464
x-amz-server-side-encryption: AES256
etag: W/"eaf85c1c6758e84acfe134efd70e9373"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400
x-amz-cf-id: vRrwDOgI-u6obPf5XD9fB_tpMkRNGP8CUqc90nP5v_rscu6j5Jg_ug==

GET
H2 200 durly.js Show response
c.betrad.com/ 4 KB
2 KB 249ms
32ms Script
application/x-javascript 92.123.14.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.betrad.com/durly.js?;ad_w=320;ad_h=50;coid=141;nid=15456;ecaid=181502
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sr/adr.html?w=320&h=50&co=sej:false,optimize:false,serverId:sjc-218,newUser:false,scoreMicroClicks:3899,scoreMicroConversions:0,uV:963312,uG:0,uE:0,uD:0,url:sjc-218.sjc-rtb1.rfihub.com,bB:true,bt:1664371991885,mt:1,did:tid_1481760|med_regular,exId:7762830295348553514,rdi:E1423B1C-228E-44BA-A1B5-A7D29D98ACCE,shadi:8d94c98dda8d42d3e53bd9539c42a3810eb81873,diPlat:4,uuid:3476113424838708470,diSrc:1,ip:12.249.160.38,dvct:26,fcc:3@13,fd:5,faf:3,tagid:24326946,sid:12501,p39:8,ge:&ep=${AUCTION_PRICE}&ri=763a105e7078b1d8e6283e06eda446b8&rs=apps.apple.com/us/app/block-puzzle-jewel-gem-legend/id1561719761?uo=4&ai=4990998&rt=1481760&re=36199&ug=&pv=0&ra=3719980460.17020623591942574&rb=345&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre3719980453020&pb=&pc=&pd=&pg=&ct=1664371998046&di=sjZTJjdqNQtPlO9lTnEKjgQ64GHM&app=1&pe=about:blank&pf=&sig=2147483391,805503465&loc...
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.123.14.245 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-14-245.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 376cf178a2dd1070127638d689a0ab3fd0275087cfcab0f0d104a6a74c33f3f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 15:02:12 GMT
content-encoding: gzip
last-modified: Wed, 07 Sep 2022 19:50:56 GMT
server: AkamaiNetStorage
etag: "766adc27c6dbf8ec9d0a8e7fb9085137:1662580256.033955"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: application/x-javascript
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
accept-ranges: bytes
access-control-allow-headers: *
content-length: 1605

GET
H/1.1 200
OK bsredirect5.js Show response
rtbcdn.doubleverify.com/ 1 KB
1 KB 245ms
32ms Script
application/javascript 2a02:26f0:11a:49e::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://rtbcdn.doubleverify.com/bsredirect5.js?callback=__dvredirect_callback_16965743448
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sr/adr.html?w=320&h=50&co=sej:false,optimize:false,serverId:sjc-218,newUser:false,scoreMicroClicks:3899,scoreMicroConversions:0,uV:963312,uG:0,uE:0,uD:0,url:sjc-218.sjc-rtb1.rfihub.com,bB:true,bt:1664371991885,mt:1,did:tid_1481760|med_regular,exId:7762830295348553514,rdi:E1423B1C-228E-44BA-A1B5-A7D29D98ACCE,shadi:8d94c98dda8d42d3e53bd9539c42a3810eb81873,diPlat:4,uuid:3476113424838708470,diSrc:1,ip:12.249.160.38,dvct:26,fcc:3@13,fd:5,faf:3,tagid:24326946,sid:12501,p39:8,ge:&ep=${AUCTION_PRICE}&ri=763a105e7078b1d8e6283e06eda446b8&rs=apps.apple.com/us/app/block-puzzle-jewel-gem-legend/id1561719761?uo=4&ai=4990998&rt=1481760&re=36199&ug=&pv=0&ra=3719980460.17020623591942574&rb=345&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre3719980453020&pb=&pc=&pd=&pg=&ct=1664371998046&di=sjZTJjdqNQtPlO9lTnEKjgQ64GHM&app=1&pe=about:blank&pf=&sig=2147483391,805503465&loc...
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a:49e::4469 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 5885a54db7d6039ea505d57f5642e5e8ac558befd30a24422bc3933e0e103aaa

Request headers

Referer: https://a.rfihub.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Wed, 28 Sep 2022 15:02:12 GMT
Content-Encoding: gzip
Last-Modified: Mon, 29 Aug 2022 11:08:56 GMT
Server: Microsoft-IIS/10.0
ETag: "c9b648bb97bbd81:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 843

GET
H/1.1 200
OK bsredirect5_internal78.js Show response
rtbcdn.doubleverify.com/ 42 KB
13 KB 38ms
38ms Script
application/javascript 2a02:26f0:11a:49e::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://rtbcdn.doubleverify.com/bsredirect5_internal78.js
Requested by: Host: rtbcdn.doubleverify.com
URL: https://rtbcdn.doubleverify.com/bsredirect5.js?callback=__dvredirect_callback_16965743448
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a:49e::4469 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: f02a298299ee39eeaa176665bbf5960d01638638b01cbebfd59429e3e320c159

Request headers

Referer: https://a.rfihub.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Wed, 28 Sep 2022 15:02:13 GMT
Content-Encoding: gzip
Last-Modified: Mon, 29 Aug 2022 11:09:25 GMT
Server: Microsoft-IIS/10.0
ETag: "80e054cc97bbd81:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13172

GET
H/1.1 200
OK verifyc.js Show response
rtb0.doubleverify.com/ 2 KB
1 KB 131ms
24ms Script
text/javascript 213.254.244.106
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb0.doubleverify.com/verifyc.js?ctx=10761597&cmp=27560475&plc=333040013&sid=4652140&num=5&srcurlD=0&callback=__verify_callback_16965743448&jsTagObjCallback=__tagObject_callback_16965743448&ssl=1&refD=0&htmlmsging=1&guid=1664377333042444&nav_pltfrm=Win32&brid=3&brver=106&bridua=3&m1=13&fcifrms=0&brh=2&fwc=0&fcl=259&flt=0&fec=8&vavbkt=&lvvn=28&dvp_idcerr=undefined&eparams=5G0FC%3Dl9EEADTbpTauTau2%5DC7%3A9F3%5D4%40%3ETauDCTau25C%5D9E%3E%3DTbuHTbsba_Tae9Tbsd_Tae4%40TbsD6%3BTbp72%3DD6Tar%40AE%3A%3E%3AK6Tbp72%3DD6TarD6CG6Cx5TbpD%3B4%5Ca%60gTar%3F6H%26D6CTbp72%3DD6TarD4%40C6%7C%3A4C%40r%3D%3A4%3CDTbpbghhTarD4%40C6%7C%3A4C%40r%40%3FG6CD%3A%40%3FDTbp_TarF%27Tbphebb%60aTarFvTbp_TarFtTbp_TarFsTbp_TarFC%3DTbpD%3B4%5Ca%60g%5DD%3B4%5CCE3%60%5DC7%3A9F3%5D4%40%3ETar3qTbpECF6Tar3ETbp%60eecbf%60hh%60ggdTar%3EETbp%60Tar5%3A5TbpE%3A50%60cg%60fe_Tfr%3E650C68F%3D2CTar6Ix5Tbpffeagb_ahdbcgddbd%60cTarC5%3ATbpt%60cabq%60r%5Caagt%5Cccqp%5Cp%60qd%5CpfsahshgprrtTarD925%3ATbpg5hc4hg552g5ca5b6db35hdbh4ca2bg%60_63g%60gfbTar5%3A!%3D2ETbpcTarFF%3A5Tbpbcfe%60%60bcacgbgf_gcf_Tar5%3A%24C4Tbp%60Tar%3AATbp%60a%5Dach%5D%60e_%5DbgTar5G4ETbpaeTar744TbpbTc_%60bTar75TbpdTar727TbpbTarE28%3A5TbpacbaehceTarD%3A5Tbp%60ad_%60TarAbhTbpgTar86TbpTae6ATbsTacTfqp%26r%25x~%7D0!%23xrtTfsTaeC%3ATbsfeb2%60_d6f_fg3%605g6eagb6_e652cce3gTaeCDTbs2AAD%5D2AA%3D6%5D4%40%3ETauFDTau2AATau3%3D%404%3C%5CAFKK%3D6%5C%3B6H6%3D%5C86%3E%5C%3D686%3F5Tau%3A5%60de%60f%60hfe%60TbuF%40TbscTae2%3ATbschh_hhgTaeCETbs%60cg%60fe_TaeC6Tbsbe%60hhTaeF8TbsTaeAGTbs_TaeC2Tbsbf%60hhg_ce_%5D%60f_a_eabdh%60hcadfcTaeC3TbsbcdTae42TbsTaeC4TbsTaeC5TbsTaeF2TbsTaeF3TbsTaeF4TbsTaeF5TbsTaeF6TbsTaeA2TbsAAC6bf%60hhg_cdb_a_TaeA3TbsTaeA4TbsTaeA5TbsTaeA8TbsTae4ETbs%60eecbf%60hhg_ceTae5%3ATbsD%3B%2B%25y%3B5B%7D%22E!%3D~h%3D%25%3Ftz%3B8%22ecvw%7CTae2AATbs%60TaeA6Tbs23%40FETbp3%3D2%3F%3CTaeA7TbsTaeD%3A8Tbsa%60cfcgbbh%60Targ_dd_bcedTae%3D%404%5D%5D%5D&ver=106&dvp_exetime=5.60
Requested by: Host: rtbcdn.doubleverify.com
URL: https://rtbcdn.doubleverify.com/bsredirect5_internal78.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.106 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e410094afdf2d36c0894660a4101dcbd0664c7a7e491afe30066dee6f76ccf3f

Request headers

Referer: https://a.rfihub.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Wed, 28 Sep 2022 15:02:12 GMT
Content-Encoding: br
X-DV-Response: 1
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Expires: 09/27/2022 15:02:13

POST
H/1.1 204
No Content bsevent.gif
rtbc-frc.doubleverify.com/ 0
210 B 83ms
29ms Ping
text/plain 213.254.244.106
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://rtbc-frc.doubleverify.com/bsevent.gif?impid=703c18baf5e04c73a1a0a97822f2ca4b&vfdur=132&cbust=1664377333182257
Requested by: Host: rtbcdn.doubleverify.com
URL: https://rtbcdn.doubleverify.com/bsredirect5_internal78.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.106 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Pragma: no-cache
Date: Wed, 28 Sep 2022 15:02:11 GMT
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Expires: 09/27/2022 15:02:13

GET
H2 200 dcmads.js Show response
www.googletagservices.com/dcm/ 28 KB
11 KB 83ms
26ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: rtbcdn.doubleverify.com
URL: https://rtbcdn.doubleverify.com/bsredirect5_internal78.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

250686eb4f9e94b0bd0812e4e65b239b3355af85e21aff1dfaf3914f8b99f8f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a.rfihub.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Wed, 28 Sep 2022 14:32:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1792
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10831
x-xss-protection: 0
last-modified: Wed, 21 Sep 2022 13:41:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Wed, 28 Sep 2022 15:32:21 GMT

GET
H/1.1 200
OK ca.gif
20794017p.rfihub.com/ 42 B
750 B 193ms
32ms Image
image/gif 193.0.160.128
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://20794017p.rfihub.com/ca.gif?rb=824&ca=20794017&ra=&dvp_impid=703c18baf5e04c73a1a0a97822f2ca4b&cbust=1664377333183343
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sr/adr.html?w=320&h=50&co=sej:false,optimize:false,serverId:sjc-218,newUser:false,scoreMicroClicks:3899,scoreMicroConversions:0,uV:963312,uG:0,uE:0,uD:0,url:sjc-218.sjc-rtb1.rfihub.com,bB:true,bt:1664371991885,mt:1,did:tid_1481760|med_regular,exId:7762830295348553514,rdi:E1423B1C-228E-44BA-A1B5-A7D29D98ACCE,shadi:8d94c98dda8d42d3e53bd9539c42a3810eb81873,diPlat:4,uuid:3476113424838708470,diSrc:1,ip:12.249.160.38,dvct:26,fcc:3@13,fd:5,faf:3,tagid:24326946,sid:12501,p39:8,ge:&ep=${AUCTION_PRICE}&ri=763a105e7078b1d8e6283e06eda446b8&rs=apps.apple.com/us/app/block-puzzle-jewel-gem-legend/id1561719761?uo=4&ai=4990998&rt=1481760&re=36199&ug=&pv=0&ra=3719980460.17020623591942574&rb=345&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre3719980453020&pb=&pc=&pd=&pg=&ct=1664371998046&di=sjZTJjdqNQtPlO9lTnEKjgQ64GHM&app=1&pe=about:blank&pf=&sig=2147483391,805503465&loc...
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.128 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: image/gif
Date: Wed, 28 Sep 2022 15:02:13 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 impl_v91.js Show response
www.googletagservices.com/dcm/ 61 KB
23 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v91.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bfcf80bfb2d17562d38d3f50db9274d902ec50021beb3cc46ca61de7d2410a2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a.rfihub.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Mon, 26 Sep 2022 14:39:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 174175
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23646
x-xss-protection: 0
last-modified: Mon, 19 Sep 2022 14:32:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 26 Sep 2023 14:39:18 GMT

GET
H2 200 B9689862.280621528;dc_ver=91.268;dc_eid=40004001;sz=320x50;u_sd=1;dc_adk=4082377020;ord=i8qv5l;click=https%3A%2F%2Fa.rfihub.com%2Facs%2Fb%2Fc3Q9aHRtbCZhYT00OTkwOTk4LDEyMTM3NDg2NiwyMjkxMTE3LDIwMzQ5M... Show response
ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/ 56 KB
26 KB 149ms
70ms Script
text/javascript 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B9689862.280621528;dc_ver=91.268;dc_eid=40004001;sz=320x50;u_sd=1;dc_adk=4082377020;ord=i8qv5l;click=https%3A%2F%2Fa.rfihub.com%2Facs%2Fb%2Fc3Q9aHRtbCZhYT00OTkwOTk4LDEyMTM3NDg2NiwyMjkxMTE3LDIwMzQ5Mzg4NSwxODE1MDIsMTQ4MTc2MCw3NjNhMTA1ZTcwNzhiMWQ4ZTYyODNlMDZlZGE0NDZiOCxwLDQ1MTAyLDU0ODI4MCw2MTc1NzA3Myw0NzY2MDIsMTI0MDY2NyZtdD0xJnJiPTM0NSZyZT0zNjE5OSZoY2k9JnV1aWQ9MzQ3NjExMzQyNDgzODcwODQ3MCZkaT1zalpUSmpkcU5RdFBsTzlsVG5FS2pnUTY0R0hNJmRjPTImZGlzcmM9MSZiaXA9MjE3LjExNC4yMTguMjYmZGlkPXRpZF8xNDgxNzYwfG1lZF9yZWd1bGFyJmxpbXA9MQ..%2Fn%2F;uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd;dc_rfl=0,https%3A%2F%2Fa.rfihub.com%2Fsr%2Fadr.html%3Fw%3D320%26h%3D50%26co%3Dsej%3Afalse%2Coptimize%3Afalse%2CserverId%3Asjc-218%2CnewUser%3Afalse%2CscoreMicroClicks%3A3899%2CscoreMicroConversions%3A0%2CuV%3A963312%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-218.sjc-rtb1.rfihub.com%2CbB%3Atrue%2Cbt%3A1664371991885%2Cmt%3A1%2Cdid%3Atid_1481760%7Cmed_regular%2CexId%3A7762830295348553514%2Crdi%3AE1423B1C-228E-44BA-A1B5-A7D29D98ACCE%2Cshadi%3A8d94c98dda8d42d3e53bd9539c42a3810eb81873%2CdiPlat%3A4%2Cuuid%3A3476113424838708470%2CdiSrc%3A1%2Cip%3A12.249.160.38%2Cdvct%3A26%2Cfcc%3A3%4013%2Cfd%3A5%2Cfaf%3A3%2Ctagid%3A24326946%2Csid%3A12501%2Cp39%3A8%2Cge%3A%26ep%3D%24%7BAUCTION_PRICE%7D%26ri%3D763a105e7078b1d8e6283e06eda446b8%26rs%3Dapps.apple.com%2Fus%2Fapp%2Fblock-puzzle-jewel-gem-legend%2Fid1561719761%3Fuo%3D4%26ai%3D4990998%26rt%3D1481760%26re%3D36199%26ug%3D%26pv%3D0%26ra%3D3719980460.17020623591942574%26rb%3D345%26ca%3D%26rc%3D%26rd%3D%26ua%3D%26ub%3D%26uc%3D%26ud%3D%26ue%3D%26pa%3Dppre3719980453020%26pb%3D%26pc%3D%26pd%3D%26pg%3D%26ct%3D1664371998046%26di%3DsjZTJjdqNQtPlO9lTnEKjgQ64GHM%26app%3D1%26pe%3Dabout%3Ablank%26pf%3D%26sig%3D2147483391%2C805503465%26loc...$0;xdt=0;crlt=39gXWZQ9ZO;stc=1;chaa=1;sttr=52;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v91.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

cafe /

Resource Hash

1b9f460002ba7b0d95f408794f4766d9722af6eee44fd6138fbb7ea9e890cccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a.rfihub.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

pragma: no-cache
date: Wed, 28 Sep 2022 15:02:13 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ 140 KB
44 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B9689862.280621528;dc_ver=91.268;dc_eid=40004001;sz=320x50;u_sd=1;dc_adk=4082377020;ord=i8qv5l;click=https%3A%2F%2Fa.rfihub.com%2Facs%2Fb%2Fc3Q9aHRtbCZhYT00OTkwOTk4LDEyMTM3NDg2NiwyMjkxMTE3LDIwMzQ5Mzg4NSwxODE1MDIsMTQ4MTc2MCw3NjNhMTA1ZTcwNzhiMWQ4ZTYyODNlMDZlZGE0NDZiOCxwLDQ1MTAyLDU0ODI4MCw2MTc1NzA3Myw0NzY2MDIsMTI0MDY2NyZtdD0xJnJiPTM0NSZyZT0zNjE5OSZoY2k9JnV1aWQ9MzQ3NjExMzQyNDgzODcwODQ3MCZkaT1zalpUSmpkcU5RdFBsTzlsVG5FS2pnUTY0R0hNJmRjPTImZGlzcmM9MSZiaXA9MjE3LjExNC4yMTguMjYmZGlkPXRpZF8xNDgxNzYwfG1lZF9yZWd1bGFyJmxpbXA9MQ..%2Fn%2F;uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd;dc_rfl=0,https%3A%2F%2Fa.rfihub.com%2Fsr%2Fadr.html%3Fw%3D320%26h%3D50%26co%3Dsej%3Afalse%2Coptimize%3Afalse%2CserverId%3Asjc-218%2CnewUser%3Afalse%2CscoreMicroClicks%3A3899%2CscoreMicroConversions%3A0%2CuV%3A963312%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-218.sjc-rtb1.rfihub.com%2CbB%3Atrue%2Cbt%3A1664371991885%2Cmt%3A1%2Cdid%3Atid_1481760%7Cmed_regular%2CexId%3A7762830295348553514%2Crdi%3AE1423B1C-228E-44BA-A1B5-A7D29D98ACCE%2Cshadi%3A8d94c98dda8d42d3e53bd9539c42a3810eb81873%2CdiPlat%3A4%2Cuuid%3A3476113424838708470%2CdiSrc%3A1%2Cip%3A12.249.160.38%2Cdvct%3A26%2Cfcc%3A3%4013%2Cfd%3A5%2Cfaf%3A3%2Ctagid%3A24326946%2Csid%3A12501%2Cp39%3A8%2Cge%3A%26ep%3D%24%7BAUCTION_PRICE%7D%26ri%3D763a105e7078b1d8e6283e06eda446b8%26rs%3Dapps.apple.com%2Fus%2Fapp%2Fblock-puzzle-jewel-gem-legend%2Fid1561719761%3Fuo%3D4%26ai%3D4990998%26rt%3D1481760%26re%3D36199%26ug%3D%26pv%3D0%26ra%3D3719980460.17020623591942574%26rb%3D345%26ca%3D%26rc%3D%26rd%3D%26ua%3D%26ub%3D%26uc%3D%26ud%3D%26ue%3D%26pa%3Dppre3719980453020%26pb%3D%26pc%3D%26pd%3D%26pg%3D%26ct%3D1664371998046%26di%3DsjZTJjdqNQtPlO9lTnEKjgQ64GHM%26app%3D1%26pe%3Dabout%3Ablank%26pf%3D%26sig%3D2147483391%2C805503465%26loc...$0;xdt=0;crlt=39gXWZQ9ZO;stc=1;chaa=1;sttr=52;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

111ac61e627008261e23043c5e6b486035f0b123b1963e2fa8671e188eb33829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 15:02:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44528
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664191987193040"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 28 Sep 2022 15:02:13 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220922/r20110914/elements/html/ 8 KB
4 KB 144ms
35ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220922/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 14:38:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1427
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3181
x-xss-protection: 0
server: cafe
etag: 10699485926258732851
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 12 Oct 2022 14:38:26 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ 0
575 B 122ms
57ms Ping
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvqeLTtGfGljdhyROyEsES3JI-KArs5jYjz-4Fptnr_Xztp9eWSTCf8uDSRPao55uUWUcfTXKy6x5buLvcl-aTiI9MHZXby3Y566xXLfqIkA39-mn70fp_3XDCrbv_q44IYVdICkQNX&sig=Cg0ArKJSzBeV_j19bW97EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20220922.05877&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 15:02:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ 41 KB
15 KB 84ms
20ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 11:09:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13943
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Sep 2023 11:09:50 GMT

GET
H2 200 9287848050834790879
s0.2mdn.net/simgad/ 12 KB
12 KB 99ms
21ms Image
image/jpeg 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/9287848050834790879

Requested by

Host: a.rfihub.com
URL: https://a.rfihub.com/sr/adr.html?w=320&h=50&co=sej:false,optimize:false,serverId:sjc-218,newUser:false,scoreMicroClicks:3899,scoreMicroConversions:0,uV:963312,uG:0,uE:0,uD:0,url:sjc-218.sjc-rtb1.rfihub.com,bB:true,bt:1664371991885,mt:1,did:tid_1481760|med_regular,exId:7762830295348553514,rdi:E1423B1C-228E-44BA-A1B5-A7D29D98ACCE,shadi:8d94c98dda8d42d3e53bd9539c42a3810eb81873,diPlat:4,uuid:3476113424838708470,diSrc:1,ip:12.249.160.38,dvct:26,fcc:3@13,fd:5,faf:3,tagid:24326946,sid:12501,p39:8,ge:&ep=${AUCTION_PRICE}&ri=763a105e7078b1d8e6283e06eda446b8&rs=apps.apple.com/us/app/block-puzzle-jewel-gem-legend/id1561719761?uo=4&ai=4990998&rt=1481760&re=36199&ug=&pv=0&ra=3719980460.17020623591942574&rb=345&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre3719980453020&pb=&pc=&pd=&pg=&ct=1664371998046&di=sjZTJjdqNQtPlO9lTnEKjgQ64GHM&app=1&pe=about:blank&pf=&sig=2147483391,805503465&loc...

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

622a220da2b97c4d242c6197b9973b4e7387d8c532e321ba54c2f603de4f4b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 17:00:01 GMT
x-content-type-options: nosniff
age: 165732
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12192
x-xss-protection: 0
last-modified: Thu, 26 May 2022 20:28:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 26 Sep 2023 17:00:01 GMT

GET
H/1.1 200
OK tk.gif
a.rfihub.com/ 42 B
264 B 30ms
30ms Image
image/gif 193.0.160.128
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.rfihub.com/tk.gif?rb=345&re=36199&aa=4990998,121374866,2291117,203493885,181502,1481760,763a105e7078b1d8e6283e06eda446b8,https%3A%2F%2Fwww.zoetispetcare.com%2Fproducts%2Fapoquel,45102,548280,61757073,476602,1240667&pa=ppre3719980453020&id=&mt=1&dc=2&di=sjZTJjdqNQtPlO9lTnEKjgQ64GHM&hci=&uuid=3476113424838708470&disrc=1&ra=3773334950.9907166658331228&ct=1664377333495
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sr/adr.html?w=320&h=50&co=sej:false,optimize:false,serverId:sjc-218,newUser:false,scoreMicroClicks:3899,scoreMicroConversions:0,uV:963312,uG:0,uE:0,uD:0,url:sjc-218.sjc-rtb1.rfihub.com,bB:true,bt:1664371991885,mt:1,did:tid_1481760|med_regular,exId:7762830295348553514,rdi:E1423B1C-228E-44BA-A1B5-A7D29D98ACCE,shadi:8d94c98dda8d42d3e53bd9539c42a3810eb81873,diPlat:4,uuid:3476113424838708470,diSrc:1,ip:12.249.160.38,dvct:26,fcc:3@13,fd:5,faf:3,tagid:24326946,sid:12501,p39:8,ge:&ep=${AUCTION_PRICE}&ri=763a105e7078b1d8e6283e06eda446b8&rs=apps.apple.com/us/app/block-puzzle-jewel-gem-legend/id1561719761?uo=4&ai=4990998&rt=1481760&re=36199&ug=&pv=0&ra=3719980460.17020623591942574&rb=345&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre3719980453020&pb=&pc=&pd=&pg=&ct=1664371998046&di=sjZTJjdqNQtPlO9lTnEKjgQ64GHM&app=1&pe=about:blank&pf=&sig=2147483391,805503465&loc...
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.128 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a.rfihub.com/sr/adr.html?w=320&h=50&co=sej:false,optimize:false,serverId:sjc-218,newUser:false,scoreMicroClicks:3899,scoreMicroConversions:0,uV:963312,uG:0,uE:0,uD:0,url:sjc-218.sjc-rtb1.rfihub.com,bB:true,bt:1664371991885,mt:1,did:tid_1481760|med_regular,exId:7762830295348553514,rdi:E1423B1C-228E-44BA-A1B5-A7D29D98ACCE,shadi:8d94c98dda8d42d3e53bd9539c42a3810eb81873,diPlat:4,uuid:3476113424838708470,diSrc:1,ip:12.249.160.38,dvct:26,fcc:3@13,fd:5,faf:3,tagid:24326946,sid:12501,p39:8,ge:&ep=${AUCTION_PRICE}&ri=763a105e7078b1d8e6283e06eda446b8&rs=apps.apple.com/us/app/block-puzzle-jewel-gem-legend/id1561719761?uo=4&ai=4990998&rt=1481760&re=36199&ug=&pv=0&ra=3719980460.17020623591942574&rb=345&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre3719980453020&pb=&pc=&pd=&pg=&ct=1664371998046&di=sjZTJjdqNQtPlO9lTnEKjgQ64GHM&app=1&pe=about:blank&pf=&sig=2147483391,805503465&loc...
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

Content-Type: image/gif
Date: Wed, 28 Sep 2022 15:02:13 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 ba.js Show response
c.evidon.com/geo/ 41 KB
12 KB 134ms
29ms Script
application/x-javascript 184.24.12.191
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/geo/ba.js?r220907
Requested by: Host: c.betrad.com
URL: https://c.betrad.com/durly.js?;ad_w=320;ad_h=50;coid=141;nid=15456;ecaid=181502
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 184.24.12.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-12-191.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a28b9871dc80175bbb6cbaadf100abc925d5e106f0254c8f8a13d34141d90bfa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 15:02:13 GMT
content-encoding: gzip
last-modified: Wed, 07 Sep 2022 19:50:26 GMT
server: AkamaiNetStorage
etag: "1e1cf06df2b98e267c5e511e819fb810:1662580226.311849"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: application/x-javascript
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
content-length: 12426

GET
H2 200 4.gif
c.evidon.com/a/ 43 B
335 B 134ms
30ms Image
image/gif 184.24.12.191
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/a/4.gif
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sr/adr.html?w=320&h=50&co=sej:false,optimize:false,serverId:sjc-218,newUser:false,scoreMicroClicks:3899,scoreMicroConversions:0,uV:963312,uG:0,uE:0,uD:0,url:sjc-218.sjc-rtb1.rfihub.com,bB:true,bt:1664371991885,mt:1,did:tid_1481760|med_regular,exId:7762830295348553514,rdi:E1423B1C-228E-44BA-A1B5-A7D29D98ACCE,shadi:8d94c98dda8d42d3e53bd9539c42a3810eb81873,diPlat:4,uuid:3476113424838708470,diSrc:1,ip:12.249.160.38,dvct:26,fcc:3@13,fd:5,faf:3,tagid:24326946,sid:12501,p39:8,ge:&ep=${AUCTION_PRICE}&ri=763a105e7078b1d8e6283e06eda446b8&rs=apps.apple.com/us/app/block-puzzle-jewel-gem-legend/id1561719761?uo=4&ai=4990998&rt=1481760&re=36199&ug=&pv=0&ra=3719980460.17020623591942574&rb=345&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre3719980453020&pb=&pc=&pd=&pg=&ct=1664371998046&di=sjZTJjdqNQtPlO9lTnEKjgQ64GHM&app=1&pe=about:blank&pf=&sig=2147483391,805503465&loc...
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 184.24.12.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-12-191.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: de3a7ca2f8ae592aae2652335b755b0d0b65df663dda8776387cae7339b76d64

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 15:02:13 GMT
content-encoding: gzip
last-modified: Thu, 15 Apr 2010 17:07:29 GMT
server: AkamaiNetStorage
etag: "65786c291a4603aa5150a1884452838d:1271351254"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: image/gif
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=432000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 53

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame E6FD 22 KB
8 KB 64ms
20ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a.rfihub.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 112368
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 27 Sep 2022 07:49:25 GMT
expires: Wed, 27 Sep 2023 07:49:25 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ 0
63 B 58ms
57ms Ping
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 15:02:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 404 15456.js
c.evidon.com/a/n/141/ 0
0 29ms
29ms Script
text/plain 184.24.12.191
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/a/n/141/15456.js
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r220907
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 184.24.12.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-12-191.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 15:02:13 GMT
server: AkamaiNetStorage
vary: Origin
access-control-max-age: 108000
access-control-allow-methods: GET,OPTIONS,POST
access-control-allow-origin
cache-control: max-age=600
accept-ranges: bytes
access-control-allow-headers: *
content-length: 10

GET
H3 200 D52GskfJOxf5PECSshYwDvZZSmyyoPi_bK3LssDxWko.js Show response
pagead2.googlesyndication.com/bg/ Frame E6FD 36 KB
16 KB 109ms
36ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/D52GskfJOxf5PECSshYwDvZZSmyyoPi_bK3LssDxWko.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f9d86b247c93b17f93c4092b216300ef6594a6cb2a0f8bf6cadcbb2c0f15a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Tue, 27 Sep 2022 00:15:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 139615
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15913
x-xss-protection: 0
last-modified: Mon, 19 Sep 2022 14:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Sep 2023 00:15:18 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E6FD 0
20 B 74ms
74ms Image
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BnV2K9WE0Y-KqGtSR3gO_v5_ACQAAAAA4AeAEAg&bg=!5uWl5aHNAAYIxsuQKMY7ACkAdvg8WrMdCbN2oCJ4l3djbXk3aeCCCdni-57OLbGujsFHuUETQgwfDgIAAABxUgAAAAJoAQcKAEoMx1_iw_MtOVdSjXb6G8dxkRJl-qD3ZESaPjLOQ_6IAxJ5MdvclaD-n8v8vXgBOCU52DVuho2X0VqEBcBAteaM9iuzibnvWlkTj5kClbjlWpPHS-YLw6h0VFCXdmyt9eHeGfy6tnOvp3lCSXmDhXTaZtCYqmzJInuGeeT5dlAeovoqEedcUXiGo5IiT5LVQctWiw0lkyNZhNs87SGsZSHXa1pei5vSzcNrNcBelsyjfpkNe5cxILwClt7MEa8Hn9_rTog1U54W_pPPwsx0pYc2TeM3t-rdQUyySBugs4we-OQEhKHRIEpXOhQGREdI-P06w0OifqfXGPayrYfta7nscknBomjk7J1b6P1tU5Um0ZU6-O06T4LhOO6msX9hAbkLpMiDmn6oOOfHeHcQFEqu94iDZ7MCCy5YnQjvmc5-cEeDIvUK1zeLbHHyo4SQclNzWZAITPR0O1bmB-x3_Klfmqm6L7W_8um-RnHMQh795XY2dbZUzl4jWebjJCNRGkOxmO_pFAk5h94yUx3SCxdXVJ5EbAdbOq-_UJ7OHBK68o8fjoF-A1wBu5F3s0eCzIV_FfZLuXC08ooZIWcic9nlQMb__FlncXo4kOD67aQgiWgg_eVnRwANTdJEmnnQb42vq8udG8vdSHNMA7IFFekSqXM_Qt4zj9YNv7pqD-sQEAOGi2VJcnqTKQqsrvkZ21Wa5z7ELzwKiDhKVV1prHXjrpQ9gsWwbSWbiC7RVvjzBgtRhyNAf60hNMUkxaQdiGUL7qReHt9iNbhtzFgNeEAGzGcumtel9ybyoTEo5m6H7igpK1WjRBMFW2DlHygxnppLw5uXyLgRa3lep1dKFNZ-SJIy3flV92iH1sTq2nF694JA_nMUKUaS_Yy3VZGebq07gqKQBHr3kRtSiHWJ7sHyk1yOXVXvn_4rpZPtUICaBBfZa60BVRhumCneNjZnTPKme7Ia8jv4eUs5umsi8p-HXXc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Sep 2022 15:02:13 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 COMMON.css
c.evidon.com/a/ 2 KB
984 B 29ms
29ms Stylesheet
text/css 184.24.12.191
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/a/COMMON.css?r=0.7752166576134987
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r220907
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 184.24.12.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-12-191.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a3c92e8d35e4e636238e577da8cd44aaf8dd699b719e4125ba0029330edf6907

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 15:02:14 GMT
content-encoding: gzip
last-modified: Thu, 02 Feb 2017 16:26:10 GMT
server: AkamaiNetStorage
etag: "c3cc19ce8230df99c7835decc2d79ee8:1486052770"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: text/css
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
accept-ranges: bytes
access-control-allow-headers: *
content-length: 715

GET
H2 204 pixel.gif
l.betrad.com/ct/0_0_181502_15456/ 0
121 B 382ms
111ms Image
text/plain 34.197.148.110
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.betrad.com/ct/0_0_181502_15456/pixel.gif?e=12&v=2_1&d=a.rfihub.com&r=0.6366837889017178
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.197.148.110 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-197-148-110.compute-1.amazonaws.com
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Wed, 28 Sep 2022 15:02:14 GMT
content-encoding: gzip
x-powered-by: Express
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
vary: Accept-Encoding

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ 42 B
64 B 148ms
72ms Fetch
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsssgLS7VGyRxjqtJeEqevpb4bnV0iBTAte20LgENH5RcHcTlxWnz01OpDoYx9Xk6Czc5rr2rcdJBzmdeM2ue84&sig=Cg0ArKJSzAoTwWfEKJcsEAE&id=lidar2&mcvt=1000&p=8,8,58,328&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220926&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=32&adk=4082377020&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1664377332243&rpt=1354&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 28 Sep 2022 15:02:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

110 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.rfihub.com/	1970-01-20 15:41:13	Name: ub Value: H4sIAAAAAAAA_-OKT3R0DTOP9A53tLV19EgxtDA0NTBydDJ0dHR0SjcJTs03LgaKJ2MXd8rAEElHEwEA4bbi_2EAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNjYxNzM0NDYxMrEwtjA3sDAxNxDiM9R1ywhNjLd0LvIOdSkFAEcboCslAAAA
.rfihub.com/	1970-01-20 15:41:13	Name: rud Value: H4sIAAAAAAAA_-MSNjYxNzM0NDYxMrEwtjA3sDAxNxDiM9R1ywhNjLd0LvIOdSkFAEcboCslAAAA
.rfihub.com/	1970-01-20 15:41:13	Name: cmd Value: H4sIAAAAAAAA_-NiNBTiNTQzMzE2NzcGAlMLAHGz9akSAAAA
.doubleclick.net/	1970-01-20 06:19:38	Name: test_cookie Value: CheckForPermission

14 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://a.rfihub.com/sr/adr.html?w=320&h=50&co=sej:false,optimize:false,serverId:sjc-218,newUser:false,scoreMicroClicks:3899,scoreMicroConversions:0,uV:963312,uG:0,uE:0,uD:0,url:sjc-218.sjc-rtb1.rfihub.com,bB:true,bt:1664371991885,mt:1,did:tid_1481760\|med_regular,exId:7762830295348553514,rdi:E1423B1C-228E-44BA-A1B5-A7D29D98ACCE,shadi:8d94c98dda8d42d3e53bd9539c42a3810eb81873,diPlat:4,uuid:3476113424838708470,diSrc:1,ip:12.249.160.38,dvct:26,fcc:3@13,fd:5,faf:3,tagid:24326946,sid:12501,p39:8,ge:&ep=${AUCTION_PRICE}&ri=763a105e7078b1d8e6283e06eda446b8&rs=apps.apple.com/us/app/block-puzzle-jewel-gem-legend/id1561719761?uo=4&ai=4990998&rt=1481760&re=36199&ug=&pv=0&ra=3719980460.17020623591942574&rb=345&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre3719980453020&pb=&pc=&pd=&pg=&ct=1664371998046&di=sjZTJjdqNQtPlO9lTnEKjgQ64GHM&app=1&pe=about:blank&pf=&sig=2147483391,805503465&loc...(Line 15) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://rtbcdn.doubleverify.com/bsredirect5.js?callback=__dvredirect_callback_16965743448, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://a.rfihub.com/sr/adr.html?w=320&h=50&co=sej:false,optimize:false,serverId:sjc-218,newUser:false,scoreMicroClicks:3899,scoreMicroConversions:0,uV:963312,uG:0,uE:0,uD:0,url:sjc-218.sjc-rtb1.rfihub.com,bB:true,bt:1664371991885,mt:1,did:tid_1481760\|med_regular,exId:7762830295348553514,rdi:E1423B1C-228E-44BA-A1B5-A7D29D98ACCE,shadi:8d94c98dda8d42d3e53bd9539c42a3810eb81873,diPlat:4,uuid:3476113424838708470,diSrc:1,ip:12.249.160.38,dvct:26,fcc:3@13,fd:5,faf:3,tagid:24326946,sid:12501,p39:8,ge:&ep=${AUCTION_PRICE}&ri=763a105e7078b1d8e6283e06eda446b8&rs=apps.apple.com/us/app/block-puzzle-jewel-gem-legend/id1561719761?uo=4&ai=4990998&rt=1481760&re=36199&ug=&pv=0&ra=3719980460.17020623591942574&rb=345&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre3719980453020&pb=&pc=&pd=&pg=&ct=1664371998046&di=sjZTJjdqNQtPlO9lTnEKjgQ64GHM&app=1&pe=about:blank&pf=&sig=2147483391,805503465&loc...(Line 15) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://rtbcdn.doubleverify.com/bsredirect5.js?callback=__dvredirect_callback_16965743448, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://rtbcdn.doubleverify.com/bsredirect5.js?callback=__dvredirect_callback_16965743448(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://rtbcdn.doubleverify.com/bsredirect5_internal78.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://rtbcdn.doubleverify.com/bsredirect5.js?callback=__dvredirect_callback_16965743448(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://rtbcdn.doubleverify.com/bsredirect5_internal78.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://rtbcdn.doubleverify.com/bsredirect5_internal78.js(Line 230) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://rtb0.doubleverify.com/verifyc.js?ctx=10761597&cmp=27560475&plc=333040013&sid=4652140&num=5&srcurlD=0&callback=__verify_callback_16965743448&jsTagObjCallback=__tagObject_callback_16965743448&ssl=1&refD=0&htmlmsging=1&guid=1664377333042444&nav_pltfrm=Win32&brid=3&brver=106&bridua=3&m1=13&fcifrms=0&brh=2&fwc=0&fcl=259&flt=0&fec=8&vavbkt=&lvvn=28&dvp_idcerr=undefined&eparams=5G0FC%3Dl9EEADTbpTauTau2%5DC7%3A9F3%5D4%40%3ETauDCTau25C%5D9E%3E%3DTbuHTbsba_Tae9Tbsd_Tae4%40TbsD6%3BTbp72%3DD6Tar%40AE%3A%3E%3AK6Tbp72%3DD6TarD6CG6Cx5TbpD%3B4%5Ca%60gTar%3F6H%26D6CTbp72%3DD6TarD4%40C6%7C%3A4C%40r%3D%3A4%3CDTbpbghhTarD4%40C6%7C%3A4C%40r%40%3FG6CD%3A%40%3FDTbp_TarF%27Tbphebb%60aTarFvTbp_TarFtTbp_TarFsTbp_TarFC%3DTbpD%3B4%5Ca%60g%5DD%3B4%5CCE3%60%5DC7%3A9F3%5D4%40%3ETar3qTbpECF6Tar3ETbp%60eecbf%60hh%60ggdTar%3EETbp%60Tar5%3A5TbpE%3A50%60cg%60fe_Tfr%3E650C68F%3D2CTar6Ix5Tbpffeagb_ahdbcgddbd%60cTarC5%3ATbpt%60cabq%60r%5Caagt%5Cccqp%5Cp%60qd%5CpfsahshgprrtTarD925%3ATbpg5hc4hg552g5ca5b6db35hdbh4ca2bg%60_63g%60gfbTar5%3A!%3D2ETbpcTarFF%3A5Tbpbcfe%60%60bcacgbgf_gcf_Tar5%3A%24C4Tbp%60Tar%3AATbp%60a%5Dach%5D%60e_%5DbgTar5G4ETbpaeTar744TbpbTc_%60bTar75TbpdTar727TbpbTarE28%3A5TbpacbaehceTarD%3A5Tbp%60ad_%60TarAbhTbpgTar86TbpTae6ATbsTacTfqp%26r%25x~%7D0!%23xrtTfsTaeC%3ATbsfeb2%60_d6f_fg3%605g6eagb6_e652cce3gTaeCDTbs2AAD%5D2AA%3D6%5D4%40%3ETauFDTau2AATau3%3D%404%3C%5CAFKK%3D6%5C%3B6H6%3D%5C86%3E%5C%3D686%3F5Tau%3A5%60de%60f%60hfe%60TbuF%40TbscTae2%3ATbschh_hhgTaeCETbs%60cg%60fe_TaeC6Tbsbe%60hhTaeF8TbsTaeAGTbs_TaeC2Tbsbf%60hhg_ce_%5D%60f_a_eabdh%60hcadfcTaeC3TbsbcdTae42TbsTaeC4TbsTaeC5TbsTaeF2TbsTaeF3TbsTaeF4TbsTaeF5TbsTaeF6TbsTaeA2TbsAAC6bf%60hhg_cdb_a_TaeA3TbsTaeA4TbsTaeA5TbsTaeA8TbsTae4ETbs%60eecbf%60hhg_ceTae5%3ATbsD%3B%2B%25y%3B5B%7D%22E!%3D~h%3D%25%3Ftz%3B8%22ecvw%7CTae2AATbs%60TaeA6Tbs23%40FETbp3%3D2%3F%3CTaeA7TbsTaeD%3A8Tbsa%60cfcgbbh%60Targ_dd_bcedTae%3D%404%5D%5D%5D&ver=106&dvp_exetime=5.60, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://rtbcdn.doubleverify.com/bsredirect5_internal78.js(Line 230) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://rtb0.doubleverify.com/verifyc.js?ctx=10761597&cmp=27560475&plc=333040013&sid=4652140&num=5&srcurlD=0&callback=__verify_callback_16965743448&jsTagObjCallback=__tagObject_callback_16965743448&ssl=1&refD=0&htmlmsging=1&guid=1664377333042444&nav_pltfrm=Win32&brid=3&brver=106&bridua=3&m1=13&fcifrms=0&brh=2&fwc=0&fcl=259&flt=0&fec=8&vavbkt=&lvvn=28&dvp_idcerr=undefined&eparams=5G0FC%3Dl9EEADTbpTauTau2%5DC7%3A9F3%5D4%40%3ETauDCTau25C%5D9E%3E%3DTbuHTbsba_Tae9Tbsd_Tae4%40TbsD6%3BTbp72%3DD6Tar%40AE%3A%3E%3AK6Tbp72%3DD6TarD6CG6Cx5TbpD%3B4%5Ca%60gTar%3F6H%26D6CTbp72%3DD6TarD4%40C6%7C%3A4C%40r%3D%3A4%3CDTbpbghhTarD4%40C6%7C%3A4C%40r%40%3FG6CD%3A%40%3FDTbp_TarF%27Tbphebb%60aTarFvTbp_TarFtTbp_TarFsTbp_TarFC%3DTbpD%3B4%5Ca%60g%5DD%3B4%5CCE3%60%5DC7%3A9F3%5D4%40%3ETar3qTbpECF6Tar3ETbp%60eecbf%60hh%60ggdTar%3EETbp%60Tar5%3A5TbpE%3A50%60cg%60fe_Tfr%3E650C68F%3D2CTar6Ix5Tbpffeagb_ahdbcgddbd%60cTarC5%3ATbpt%60cabq%60r%5Caagt%5Cccqp%5Cp%60qd%5CpfsahshgprrtTarD925%3ATbpg5hc4hg552g5ca5b6db35hdbh4ca2bg%60_63g%60gfbTar5%3A!%3D2ETbpcTarFF%3A5Tbpbcfe%60%60bcacgbgf_gcf_Tar5%3A%24C4Tbp%60Tar%3AATbp%60a%5Dach%5D%60e_%5DbgTar5G4ETbpaeTar744TbpbTc_%60bTar75TbpdTar727TbpbTarE28%3A5TbpacbaehceTarD%3A5Tbp%60ad_%60TarAbhTbpgTar86TbpTae6ATbsTacTfqp%26r%25x~%7D0!%23xrtTfsTaeC%3ATbsfeb2%60_d6f_fg3%605g6eagb6_e652cce3gTaeCDTbs2AAD%5D2AA%3D6%5D4%40%3ETauFDTau2AATau3%3D%404%3C%5CAFKK%3D6%5C%3B6H6%3D%5C86%3E%5C%3D686%3F5Tau%3A5%60de%60f%60hfe%60TbuF%40TbscTae2%3ATbschh_hhgTaeCETbs%60cg%60fe_TaeC6Tbsbe%60hhTaeF8TbsTaeAGTbs_TaeC2Tbsbf%60hhg_ce_%5D%60f_a_eabdh%60hcadfcTaeC3TbsbcdTae42TbsTaeC4TbsTaeC5TbsTaeF2TbsTaeF3TbsTaeF4TbsTaeF5TbsTaeF6TbsTaeA2TbsAAC6bf%60hhg_cdb_a_TaeA3TbsTaeA4TbsTaeA5TbsTaeA8TbsTae4ETbs%60eecbf%60hhg_ceTae5%3ATbsD%3B%2B%25y%3B5B%7D%22E!%3D~h%3D%25%3Ftz%3B8%22ecvw%7CTae2AATbs%60TaeA6Tbs23%40FETbp3%3D2%3F%3CTaeA7TbsTaeD%3A8Tbsa%60cfcgbbh%60Targ_dd_bcedTae%3D%404%5D%5D%5D&ver=106&dvp_exetime=5.60, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://rtbcdn.doubleverify.com/bsredirect5_internal78.js(Line 595) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/dcm/dcmads.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://rtbcdn.doubleverify.com/bsredirect5_internal78.js(Line 595) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/dcm/dcmads.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://www.googletagservices.com/dcm/dcmads.js(Line 53) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/dcm/impl_v91.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://www.googletagservices.com/dcm/dcmads.js(Line 53) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.googletagservices.com/dcm/impl_v91.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
other	warning	URL: https://www.googletagservices.com/dcm/impl_v91.js(Line 99) Message: Unrecognized feature: 'attribution-reporting'.
javascript	warning	URL: https://www.googletagservices.com/dcm/impl_v91.js(Line 110) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B9689862.280621528;dc_ver=91.268;dc_eid=40004001;sz=320x50;u_sd=1;dc_adk=4082377020;ord=i8qv5l;click=https%3A%2F%2Fa.rfihub.com%2Facs%2Fb%2Fc3Q9aHRtbCZhYT00OTkwOTk4LDEyMTM3NDg2NiwyMjkxMTE3LDIwMzQ5Mzg4NSwxODE1MDIsMTQ4MTc2MCw3NjNhMTA1ZTcwNzhiMWQ4ZTYyODNlMDZlZGE0NDZiOCxwLDQ1MTAyLDU0ODI4MCw2MTc1NzA3Myw0NzY2MDIsMTI0MDY2NyZtdD0xJnJiPTM0NSZyZT0zNjE5OSZoY2k9JnV1aWQ9MzQ3NjExMzQyNDgzODcwODQ3MCZkaT1zalpUSmpkcU5RdFBsTzlsVG5FS2pnUTY0R0hNJmRjPTImZGlzcmM9MSZiaXA9MjE3LjExNC4yMTguMjYmZGlkPXRpZF8xNDgxNzYwfG1lZF9yZWd1bGFyJmxpbXA9MQ..%2Fn%2F;uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd;dc_rfl=0,https%3A%2F%2Fa.rfihub.com%2Fsr%2Fadr.html%3Fw%3D320%26h%3D50%26co%3Dsej%3Afalse%2Coptimize%3Afalse%2CserverId%3Asjc-218%2CnewUser%3Afalse%2CscoreMicroClicks%3A3899%2CscoreMicroConversions%3A0%2CuV%3A963312%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-218.sjc-rtb1.rfihub.com%2CbB%3Atrue%2Cbt%3A1664371991885%2Cmt%3A1%2Cdid%3Atid_1481760%7Cmed_regular%2CexId%3A7762830295348553514%2Crdi%3AE1423B1C-228E-44BA-A1B5-A7D29D98ACCE%2Cshadi%3A8d94c98dda8d42d3e53bd9539c42a3810eb81873%2CdiPlat%3A4%2Cuuid%3A3476113424838708470%2CdiSrc%3A1%2Cip%3A12.249.160.38%2Cdvct%3A26%2Cfcc%3A3%4013%2Cfd%3A5%2Cfaf%3A3%2Ctagid%3A24326946%2Csid%3A12501%2Cp39%3A8%2Cge%3A%26ep%3D%24%7BAUCTION_PRICE%7D%26ri%3D763a105e7078b1d8e6283e06eda446b8%26rs%3Dapps.apple.com%2Fus%2Fapp%2Fblock-puzzle-jewel-gem-legend%2Fid1561719761%3Fuo%3D4%26ai%3D4990998%26rt%3D1481760%26re%3D36199%26ug%3D%26pv%3D0%26ra%3D3719980460.17020623591942574%26rb%3D345%26ca%3D%26rc%3D%26rd%3D%26ua%3D%26ub%3D%26uc%3D%26ud%3D%26ue%3D%26pa%3Dppre3719980453020%26pb%3D%26pc%3D%26pd%3D%26pg%3D%26ct%3D1664371998046%26di%3DsjZTJjdqNQtPlO9lTnEKjgQ64GHM%26app%3D1%26pe%3Dabout%3Ablank%26pf%3D%26sig%3D2147483391%2C805503465%26loc...$0;xdt=0;crlt=39gXWZQ9ZO;stc=1;chaa=1;sttr=52;prcl=s, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://www.googletagservices.com/dcm/impl_v91.js(Line 110) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B9689862.280621528;dc_ver=91.268;dc_eid=40004001;sz=320x50;u_sd=1;dc_adk=4082377020;ord=i8qv5l;click=https%3A%2F%2Fa.rfihub.com%2Facs%2Fb%2Fc3Q9aHRtbCZhYT00OTkwOTk4LDEyMTM3NDg2NiwyMjkxMTE3LDIwMzQ5Mzg4NSwxODE1MDIsMTQ4MTc2MCw3NjNhMTA1ZTcwNzhiMWQ4ZTYyODNlMDZlZGE0NDZiOCxwLDQ1MTAyLDU0ODI4MCw2MTc1NzA3Myw0NzY2MDIsMTI0MDY2NyZtdD0xJnJiPTM0NSZyZT0zNjE5OSZoY2k9JnV1aWQ9MzQ3NjExMzQyNDgzODcwODQ3MCZkaT1zalpUSmpkcU5RdFBsTzlsVG5FS2pnUTY0R0hNJmRjPTImZGlzcmM9MSZiaXA9MjE3LjExNC4yMTguMjYmZGlkPXRpZF8xNDgxNzYwfG1lZF9yZWd1bGFyJmxpbXA9MQ..%2Fn%2F;uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd;dc_rfl=0,https%3A%2F%2Fa.rfihub.com%2Fsr%2Fadr.html%3Fw%3D320%26h%3D50%26co%3Dsej%3Afalse%2Coptimize%3Afalse%2CserverId%3Asjc-218%2CnewUser%3Afalse%2CscoreMicroClicks%3A3899%2CscoreMicroConversions%3A0%2CuV%3A963312%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-218.sjc-rtb1.rfihub.com%2CbB%3Atrue%2Cbt%3A1664371991885%2Cmt%3A1%2Cdid%3Atid_1481760%7Cmed_regular%2CexId%3A7762830295348553514%2Crdi%3AE1423B1C-228E-44BA-A1B5-A7D29D98ACCE%2Cshadi%3A8d94c98dda8d42d3e53bd9539c42a3810eb81873%2CdiPlat%3A4%2Cuuid%3A3476113424838708470%2CdiSrc%3A1%2Cip%3A12.249.160.38%2Cdvct%3A26%2Cfcc%3A3%4013%2Cfd%3A5%2Cfaf%3A3%2Ctagid%3A24326946%2Csid%3A12501%2Cp39%3A8%2Cge%3A%26ep%3D%24%7BAUCTION_PRICE%7D%26ri%3D763a105e7078b1d8e6283e06eda446b8%26rs%3Dapps.apple.com%2Fus%2Fapp%2Fblock-puzzle-jewel-gem-legend%2Fid1561719761%3Fuo%3D4%26ai%3D4990998%26rt%3D1481760%26re%3D36199%26ug%3D%26pv%3D0%26ra%3D3719980460.17020623591942574%26rb%3D345%26ca%3D%26rc%3D%26rd%3D%26ua%3D%26ub%3D%26uc%3D%26ud%3D%26ue%3D%26pa%3Dppre3719980453020%26pb%3D%26pc%3D%26pd%3D%26pg%3D%26ct%3D1664371998046%26di%3DsjZTJjdqNQtPlO9lTnEKjgQ64GHM%26app%3D1%26pe%3Dabout%3Ablank%26pf%3D%26sig%3D2147483391%2C805503465%26loc...$0;xdt=0;crlt=39gXWZQ9ZO;stc=1;chaa=1;sttr=52;prcl=s, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://c.evidon.com/a/n/141/15456.js Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20794017p.rfihub.com
a.rfihub.com
ad.doubleclick.net
c.betrad.com
c.evidon.com
c1.rfihub.net
googleads4.g.doubleclick.net
l.betrad.com
pagead2.googlesyndication.com
rtb0.doubleverify.com
rtbc-frc.doubleverify.com
rtbcdn.doubleverify.com
s0.2mdn.net
sb.scorecardresearch.com
secure-us.imrworldwide.com
tpc.googlesyndication.com
www.googletagservices.com
13.32.121.21
142.250.186.134
142.250.74.194
184.24.12.191
193.0.160.128
213.254.244.106
2600:9000:223c:7a00:1:76cf:fe80:93a1
2a00:1450:4001:808::2001
2a00:1450:4001:80b::2002
2a00:1450:4001:827::2006
2a00:1450:400d:807::2002
2a02:26f0:11a:49e::4469
34.197.148.110
34.249.136.72
92.123.14.245
0f9d86b247c93b17f93c4092b216300ef6594a6cb2a0f8bf6cadcbb2c0f15a4a
111ac61e627008261e23043c5e6b486035f0b123b1963e2fa8671e188eb33829
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1b9f460002ba7b0d95f408794f4766d9722af6eee44fd6138fbb7ea9e890cccc
250686eb4f9e94b0bd0812e4e65b239b3355af85e21aff1dfaf3914f8b99f8f3
376cf178a2dd1070127638d689a0ab3fd0275087cfcab0f0d104a6a74c33f3f7
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5885a54db7d6039ea505d57f5642e5e8ac558befd30a24422bc3933e0e103aaa
58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
622a220da2b97c4d242c6197b9973b4e7387d8c532e321ba54c2f603de4f4b4b
836fb9a1816b80f0a3c3cf2c2c8ddaf51db3282c12ac8532686c34286dafc911
a28b9871dc80175bbb6cbaadf100abc925d5e106f0254c8f8a13d34141d90bfa
a3c92e8d35e4e636238e577da8cd44aaf8dd699b719e4125ba0029330edf6907
bfcf80bfb2d17562d38d3f50db9274d902ec50021beb3cc46ca61de7d2410a2d
de3a7ca2f8ae592aae2652335b755b0d0b65df663dda8776387cae7339b76d64
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e410094afdf2d36c0894660a4101dcbd0664c7a7e491afe30066dee6f76ccf3f
ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef6c9aaf36bcf57fd7fd87c21ddfbff8bdaa6da3bfa9a35e1b2fc4e90bdfe756
f02a298299ee39eeaa176665bbf5960d01638638b01cbebfd59429e3e320c159

a.rfihub.com Open in urlscan Pro 193.0.160.128 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

29 Requests

100 %HTTPS

40 %IPv6

11 Domains

17 Subdomains

15 IPs

4 Countries

207 kBTransfer

523 kBSize

5 Cookies

1 Outgoing links

Page URL History

Redirected requests

29 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

a.rfihub.com Open in urlscan Pro
193.0.160.128 Public Scan

Screenshot
Live screenshot

Full Image

29
Requests

100 %
HTTPS

40 %
IPv6

11
Domains

17
Subdomains

15
IPs

4
Countries

207 kB
Transfer

523 kB
Size

5
Cookies

29 HTTP transactions
0 data transactions