phishcheck.me Open in urlscan Pro
142.93.23.27 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://phishcheck.me/122336/details
Effective URL:
https://phishcheck.me/
Submission: On May 19 via manual (May 19th 2023, 4:39:22 pm UTC) from US — Scanned from DE

Summary HTTP 198 Redirects Behaviour Indicators

Summary

This website contacted 32 IPs in 5 countries across 30 domains to perform 198 HTTP transactions. The main IP is 142.93.23.27, located in Santa Clara, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is phishcheck.me.
TLS certificate: Issued by R3 on May 3rd 2023. Valid for: 3 months.

This is the only time phishcheck.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 6	142.93.23.27 142.93.23.27	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
7	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	192.229.221.25 192.229.221.25	15133 (EDGECAST) (EDGECAST)
31	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
26	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
35	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
5 8	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
4 14	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
2 4	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2 3	185.89.210.101 185.89.210.101	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	104.102.40.143 104.102.40.143	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
1 1	20.85.134.6 20.85.134.6	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3 3	2606:4700:20:... 2606:4700:20::681a:832	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	52.203.43.195 52.203.43.195	14618 (AMAZON-AES) (AMAZON-AES)
1 1	185.89.210.212 185.89.210.212	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	64.74.236.191 64.74.236.191	19024 (INTERNAP-...) (INTERNAP-BLK5)
1 1	35.208.249.213 35.208.249.213	19527 (GOOGLE-2) (GOOGLE-2)
1 2	52.215.211.28 52.215.211.28	16509 (AMAZON-02) (AMAZON-02)
9	2a00:1450:400... 2a00:1450:4001:811::2006	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:93ca:31d8:d86e:38f6	16509 (AMAZON-02) (AMAZON-02)
1 2	2606:4700::68... 2606:4700::6812:18ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	18.185.28.161 18.185.28.161	16509 (AMAZON-02) (AMAZON-02)
1	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
1 1	51.75.86.98 51.75.86.98	16276 (OVH) (OVH)
1 2	104.111.217.42 104.111.217.42	16625 (AKAMAI-AS) (AKAMAI-AS)
2	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
2	2600:9000:237... 2600:9000:237d:fc00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
7	2600:1f18:1ac... 2600:1f18:1aca:4280:24a6:ad5:f26:f749	14618 (AMAZON-AES) (AMAZON-AES)
198	32

6 142.93.23.27 (Santa Clara, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

phishcheck.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

netdna.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.229.221.25 (United States)

ASN15133 (EDGECAST, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany) 5 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 142.250.184.194 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.80.39.216 (Canada) 2 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.89.210.101 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.102.40.143 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-40-143.deploy.static.akamaitechnologies.com

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.85.134.6 (Tappahannock, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

mweb.ck.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:20::681a:832 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

a.clickcertain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.203.43.195 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-203-43-195.compute-1.amazonaws.com

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.210.212 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.74.236.191 (United States) 2 redirects

ASN19024 (INTERNAP-BLK5, US)
PTR: chi.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.208.249.213 (Council Bluffs, United States) 1 redirects

ASN19527 (GOOGLE-2, US)
PTR: 213.249.208.35.bc.googleusercontent.com

trace.mediago.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.215.211.28 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-211-28.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:811::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:93ca:31d8:d86e:38f6 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:18ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.185.28.161 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-28-161.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.75.86.98 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip98.ip-51-75-86.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.217.42 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-217-42.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:237d:fc00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:1f18:1aca:4280:24a6:ad5:f26:f749 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
66	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 93 tpc.googlesyndication.com — Cisco Umbrella Rank: 132	664 KB
41	doubleclick.net 4 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 34 cm.g.doubleclick.net — Cisco Umbrella Rank: 210 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 337	247 KB
25	google.com 5 redirects fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1856 adservice.google.com — Cisco Umbrella Rank: 68 www.google.com — Cisco Umbrella Rank: 2	58 KB
16	gstatic.com fonts.gstatic.com www.gstatic.com	136 KB
11	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 835 static.adsafeprotected.com — Cisco Umbrella Rank: 595 dt.adsafeprotected.com — Cisco Umbrella Rank: 569	99 KB
9	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 276	116 KB
8	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35 ajax.googleapis.com — Cisco Umbrella Rank: 320	101 KB
7	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 181	369 KB
6	phishcheck.me 1 redirects phishcheck.me	45 KB
4	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 214 secure.adnxs.com — Cisco Umbrella Rank: 417	4 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 530	3 KB
3	clickcertain.com 3 redirects a.clickcertain.com — Cisco Umbrella Rank: 3271	2 KB
3	google.de adservice.google.de — Cisco Umbrella Rank: 9037	818 B
3	bootstrapcdn.com netdna.bootstrapcdn.com — Cisco Umbrella Rank: 2727	51 KB
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1255	505 B
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 290	1 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 742 s.tribalfusion.com — Cisco Umbrella Rank: 1808	1 KB
2	zemanta.com 2 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 533	1 KB
2	liadm.com 2 redirects i.liadm.com — Cisco Umbrella Rank: 572	2 KB
2	criteo.com dis.criteo.com — Cisco Umbrella Rank: 575	725 B
2	owneriq.net 1 redirects px.owneriq.net — Cisco Umbrella Rank: 1406	476 B
2	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2231	4 KB
1	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 729	395 B
1	openx.net rtb.openx.net — Cisco Umbrella Rank: 1172	245 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 686	464 B
1	mediago.io 1 redirects trace.mediago.io — Cisco Umbrella Rank: 1160	449 B
1	inmobi.com 1 redirects mweb.ck.inmobi.com — Cisco Umbrella Rank: 3313	464 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 606	544 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 902	605 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 199	4 KB
198	30

	Domain	Requested by
35	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
31	pagead2.googlesyndication.com	phishcheck.me pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com tpc.googlesyndication.com
25	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
14	cm.g.doubleclick.net	4 redirects googleads.g.doubleclick.net
14	fundingchoicesmessages.google.com	pagead2.googlesyndication.com phishcheck.me
13	www.gstatic.com	googleads.g.doubleclick.net
9	s0.2mdn.net	phishcheck.me s0.2mdn.net googleads.g.doubleclick.net
8	www.google.com	5 redirects tpc.googlesyndication.com googleads.g.doubleclick.net
7	dt.adsafeprotected.com	googleads.g.doubleclick.net
7	www.googletagservices.com	googleads.g.doubleclick.net
7	fonts.googleapis.com	phishcheck.me googleads.g.doubleclick.net
6	phishcheck.me	1 redirects phishcheck.me
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
3	a.clickcertain.com	3 redirects
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
3	fonts.gstatic.com	fonts.googleapis.com
3	netdna.bootstrapcdn.com	phishcheck.me netdna.bootstrapcdn.com
2	static.adsafeprotected.com	googleads.g.doubleclick.net
2	googleads4.g.doubleclick.net	phishcheck.me
2	sync.teads.tv	1 redirects googleads.g.doubleclick.net
2	x.bidswitch.net	2 redirects
2	fw.adsafeprotected.com	1 redirects phishcheck.me
2	b1sync.zemanta.com	2 redirects
2	i.liadm.com	2 redirects
2	dis.criteo.com	googleads.g.doubleclick.net
2	px.owneriq.net	1 redirects
2	www.paypalobjects.com	phishcheck.me
1	onetag-sys.com	1 redirects
1	rtb.openx.net	googleads.g.doubleclick.net
1	s.tribalfusion.com	googleads.g.doubleclick.net
1	a.tribalfusion.com	1 redirects
1	cms.quantserve.com	googleads.g.doubleclick.net
1	trace.mediago.io	1 redirects
1	secure.adnxs.com	1 redirects
1	mweb.ck.inmobi.com	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	cdnjs.cloudflare.com	phishcheck.me
1	ajax.googleapis.com	phishcheck.me
198	41

This site contains no links.

Subject Issuer	Validity	Valid
phishcheck.me R3	`2023-05-03` - `2023-08-01`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-12-30` - `2023-12-30`	a year	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2022-11-09` - `2023-12-10`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-12` - `2023-08-10`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M01	`2023-02-24` - `2023-09-04`	6 months	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M02	`2023-05-09` - `2024-06-07`	a year	crt.sh

This page contains 31 frames:

Primary Page: https://phishcheck.me/
Frame ID: 43D8A0DA53076FD8FA292786386FF98F
Requests: 43 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20190131/zrt_lookup.html
Frame ID: 2B4ED20F804B0FBFC71CB60EFE72A207
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&adk=1812271804&adf=3025194257&lmt=1684514358&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fphishcheck.me%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514357792&bpp=6&bdt=363&idt=226&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2130420438757&frm=20&pv=2&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=402
Frame ID: 150760FD7DBEDF662E9D33A7ECC48920
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1801062927&pi=t.aa~a.768063588~rp.1&w=1155&fwrn=4&fwrnh=100&lmt=1684514358&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514357792&bpp=2&bdt=363&idt=270&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=580&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=tR3lvOyIJE&p=https%3A//phishcheck.me&dtd=408
Frame ID: DB87357B3AF55FA8390218D76CFFEBA1
Requests: 15 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/x4MEI6eqFB0dCdwpn32-R0gTDA087Zgj0u4bOKm75nA.js
Frame ID: 529D6D68EF2CFED57C077E31A456BC82
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=280&adk=889495490&adf=2039575784&pi=t.aa~a.258514030~i.3~rp.4&w=365&fwrn=4&fwrnh=100&lmt=1684514359&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1402822305&ad_type=text_image&format=365x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rh=305&rw=365&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359588&bpp=1&bdt=2159&idt=1&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280&nras=3&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=HNs3i103KL&p=https%3A//phishcheck.me&dtd=6
Frame ID: B5413E5789F762DF296087EB725E34AA
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3
Frame ID: 281BE991D063BB57F6FA58DF64B716DC
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1
Frame ID: 17C3879A36A234F610E2CB96BB1E81C9
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1
Frame ID: DD79ABC46F0BC6ABD572DC68B025D438
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1
Frame ID: A0D7BD421CD28AB73377E153F3E1A5DF
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1
Frame ID: B99642D9DB26F6792DF6D1213E4F0A16
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 66BDBA8A8E4CE7325B4130937FE25069
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 5785DD3309286BE531E9587448D6DBA8
Requests: 2 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 1E559EC27BC06F0145184783F811DEB1
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: F499015672DB90B92E4B7844885F35BF
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 6E5C6FAF8F4ACFC7642865EF876A1FC5
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: CBC842DBE53DA1269E8CBE27313B32B5
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 195CE19F1E37A51CE0D61E61056D34F3
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/x4MEI6eqFB0dCdwpn32-R0gTDA087Zgj0u4bOKm75nA.js
Frame ID: 94A388D2ECC48CFB707674BEAB85C934
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/x4MEI6eqFB0dCdwpn32-R0gTDA087Zgj0u4bOKm75nA.js
Frame ID: 57839940658C6085DB7F63A0A759918B
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/x4MEI6eqFB0dCdwpn32-R0gTDA087Zgj0u4bOKm75nA.js
Frame ID: F6EA90A63C495C2F628412BFBBDC416E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/x4MEI6eqFB0dCdwpn32-R0gTDA087Zgj0u4bOKm75nA.js
Frame ID: 351D134DD0DCE360C31225584487BDCA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY1O7NxQEwAQ&v=APEucNXaMLMgQW2JolcAAEEgEQfx798jEDjyydz_bRs3yznGWiTJQCz5sMQEgCrIhm6CqsD7s4jyXdFgne7ZB02CACDJsCfVMQSAffZ7lr7KK8qTS4cUXZqQ1PGoozx0kz5Q6KlTC5iFM3CsXef8fU1iKNnkyCqpWJ4srRcwilPugw_meomTDUM
Frame ID: 491A8E9E78D082BDBF91FE443EF7B233
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 0FCC297D47104A6DB9158932236476FA
Requests: 28 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 94E5423DE989C28BA78489B027FB32E9
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: AEC1D5A3C70766E9D95128738DE4C954
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/x4MEI6eqFB0dCdwpn32-R0gTDA087Zgj0u4bOKm75nA.js
Frame ID: 595D9937F18084835EA1E069DE7C4DBD
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 87D7EC1B350062E434016949DDF15D3E
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 4CFEF39F8AF6521CFCC176EC931F4769
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17990266662471768200/index.html
Frame ID: BE5EA4FFB9051714A6B371949B793EF7
Requests: 8 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 2C621606E9FC6D4C36A1C532E7B01D18
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Phishcheck 2.0 beta - Home

Page URL History Show full URLs

https://phishcheck.me/122336/details HTTP 302
https://phishcheck.me/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Django (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

(?:powered by <a[^>]+>Django ?([\d.]+)?<\/a>|<input[^>]*name=["']csrfmiddlewaretoken["'][^>]*>)

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

198
Requests

92 %
HTTPS

53 %
IPv6

30
Domains

41
Subdomains

32
IPs

5
Countries

1900 kB
Transfer

5228 kB
Size

26
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://phishcheck.me/122336/details HTTP 302
https://phishcheck.me/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 105

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 111

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 114

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 116

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 143

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAGCBnwF30JTRAwmwQUxGU&google_cver=1

Request Chain 144

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZGemONvJoXOc9CU3SKSKegAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAGCBnwF30JTRAwmwQUxGU&google_cver=1

Request Chain 145

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEI7cUXw_UAMetzU3dksCg-Q&google_cver=1

Request Chain 146

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY4NjMxNzAwNDU0Mzc1NzA0

Request Chain 147

https://px.owneriq.net/ecmg?google_gid=CAESELZ0ITJg4ROtkiGnWNoPPVI&google_cver=1&google_push=ATf1kGPMsEgTZvn8GCLvCZKl827kgY4-MEcofGHzu1RWa7GJ0f5sCcCe4uxmrmPWxmkzhTxP-6sSdJsDalUqHXN8gLocP3JMZ1fsSXE HTTP 302
https://px.owneriq.net/noop?ct=image%2Fgif

Request Chain 148

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEDS7MdaW0j-jppHvUrM1rfg&google_cver=1&google_push=ATf1kGMtCiJSg6BARtV65roNthgX0BzyWbj7H5p64veH3z8o-puwV66N8GZ0ANQRrAFJq-9fZGEkUgr88yuhNtjgMOvKug3aDJvvgnk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEDS7MdaW0j-jppHvUrM1rfg&google_push=ATf1kGMtCiJSg6BARtV65roNthgX0BzyWbj7H5p64veH3z8o-puwV66N8GZ0ANQRrAFJq-9fZGEkUgr88yuhNtjgMOvKug3aDJvvgnk

Request Chain 149

https://mweb.ck.inmobi.com/sync/3?redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dinmobi_pte_limited%26google_hm%3D%24DSP_CKID&google_gid=CAESEFqFcdYuhvvUrPwqTVGZoxw&google_cver=1&google_push=ATf1kGO3EPyb7sS1JdUO0JE4_BL7KbdJvwgiWF-KGLxu1QPc5Jf36STZksNZro8XAnHctIW_fucdoIlOPCBwX3869bXnBakNahKN1Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=MDM1NDZkYTQtYzJhZS00NTg5LTliOWUtODk3NGE2ODk5ZDAz&google_gid=CAESEFqFcdYuhvvUrPwqTVGZoxw&google_cver=1&google_push=ATf1kGO3EPyb7sS1JdUO0JE4_BL7KbdJvwgiWF-KGLxu1QPc5Jf36STZksNZro8XAnHctIW_fucdoIlOPCBwX3869bXnBakNahKN1Q

Request Chain 151

https://a.clickcertain.com/px/img/g/?google_gid=CAESEMcQQoRjx28njXDMHQZC_cM&google_cver=1&google_push=ATf1kGMqbsfWhDYJNN9WPBhzfsLOgNt4c_ma44hKmes7_Ph6ENfhM_x2C-ESpjODkBPwHSlocSrC7AhXkDkfdCTBmgMMSR-_cSAyyg HTTP 302
https://i.liadm.com/s/56408?bidder_id=200441&bidder_uuid=d6cefecf-7546-44b8-82ea-9dacb270f998&ccid=d6cefecf-7546-44b8-82ea-9dacb270f998&redir=https%253a%252f%252fsecure%252eadnxs%252ecom%252fgetuidu%253fhttps%253a%252f%252fa%252eclickcertain%252ecom%252fpx%252fimg%252fg%252f%253fdone%253dtrue%2526google_gid%253dCAESEMcQQoRjx28njXDMHQZC_cM%2526google_cver%253d1%2526google_push%253dATf1kGMqbsfWhDYJNN9WPBhzfsLOgNt4c_ma44hKmes7_Ph6ENfhM_x2C%252dESpjODkBPwHSlocSrC7AhXkDkfdCTBmgMMSR%252d_cSAyyg%2526anx_uId%253d%2524UID HTTP 303
https://i.liadm.com/s/56408?redir=https%253a%252f%252fsecure%252eadnxs%252ecom%252fgetuidu%253fhttps%253a%252f%252fa%252eclickcertain%252ecom%252fpx%252fimg%252fg%252f%253fdone%253dtrue%2526google_gid%253dCAESEMcQQoRjx28njXDMHQZC_cM%2526google_cver%253d1%2526google_push%253dATf1kGMqbsfWhDYJNN9WPBhzfsLOgNt4c_ma44hKmes7_Ph6ENfhM_x2C%252dESpjODkBPwHSlocSrC7AhXkDkfdCTBmgMMSR%252d_cSAyyg%2526anx_uId%253d%2524UID&bidder_id=200441&bidder_uuid=d6cefecf-7546-44b8-82ea-9dacb270f998&_li_chk=true&ccid=d6cefecf-7546-44b8-82ea-9dacb270f998&previous_uuid=50e4b5bc4c3f45e3b883a9befe7526f7 HTTP 303
https://a.clickcertain.com/px/li/?redir=https%253a%252f%252fsecure%252eadnxs%252ecom%252fgetuidu%253fhttps%253a%252f%252fa%252eclickcertain%252ecom%252fpx%252fimg%252fg%252f%253fdone%253dtrue%2526google_gid%253dCAESEMcQQoRjx28njXDMHQZC_cM%2526google_cver%253d1%2526google_push%253dATf1kGMqbsfWhDYJNN9WPBhzfsLOgNt4c_ma44hKmes7_Ph6ENfhM_x2C%252dESpjODkBPwHSlocSrC7AhXkDkfdCTBmgMMSR%252d_cSAyyg%2526anx_uId%253d%2524UID&ccid=d6cefecf-7546-44b8-82ea-9dacb270f998 HTTP 302
https://secure.adnxs.com/getuidu?https://a.clickcertain.com/px/img/g/?done=true&google_gid=CAESEMcQQoRjx28njXDMHQZC_cM&google_cver=1&google_push=ATf1kGMqbsfWhDYJNN9WPBhzfsLOgNt4c_ma44hKmes7_Ph6ENfhM_x2C-ESpjODkBPwHSlocSrC7AhXkDkfdCTBmgMMSR-_cSAyyg&anx_uId=$UID HTTP 302
https://a.clickcertain.com/px/img/g/?done=true&google_gid=CAESEMcQQoRjx28njXDMHQZC_cM&google_cver=1&google_push=ATf1kGMqbsfWhDYJNN9WPBhzfsLOgNt4c_ma44hKmes7_Ph6ENfhM_x2C-ESpjODkBPwHSlocSrC7AhXkDkfdCTBmgMMSR-_cSAyyg&anx_uId=368631700454375704 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_push=ATf1kGMqbsfWhDYJNN9WPBhzfsLOgNt4c_ma44hKmes7_Ph6ENfhM_x2C-ESpjODkBPwHSlocSrC7AhXkDkfdCTBmgMMSR-_cSAyyg&google_hm=ZDZjZWZlY2YtNzU0Ni00NGI4LTgyZWEtOWRhY2IyNzBmOTk4

Request Chain 152

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESELkquDAzz0Zetcn6xH62lbk&google_cver=1&google_push=ATf1kGMZSVmxuuOj1WmP6nC0S9pH6X10FVcntZghGcU88diO36aFGMKvJR4fl86PTT1IH8FN4aFO4Ne07fN6jw7y5cpRon4U58eBy_4 HTTP 302
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESELkquDAzz0Zetcn6xH62lbk&google_push=ATf1kGMZSVmxuuOj1WmP6nC0S9pH6X10FVcntZghGcU88diO36aFGMKvJR4fl86PTT1IH8FN4aFO4Ne07fN6jw7y5cpRon4U58eBy_4&s=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=ATf1kGMZSVmxuuOj1WmP6nC0S9pH6X10FVcntZghGcU88diO36aFGMKvJR4fl86PTT1IH8FN4aFO4Ne07fN6jw7y5cpRon4U58eBy_4&google_hm=RlNTVi1GMTFzelZra0V5MHdfb1c=

Request Chain 153

https://trace.mediago.io/cs/google?google_gid=CAESEC6yzV3xDRPr5CLBuQMmnQU&google_cver=1&google_push=ATf1kGO0_gJipHM4mR7ZXPgawwHKMWifmpvE1SPitgSgiHI5_wYZ86xfHphTN3zb3l69eB_9Gxp_70737Sl5_10pU1otCHIrp3KR84Vf HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=ATf1kGO0_gJipHM4mR7ZXPgawwHKMWifmpvE1SPitgSgiHI5_wYZ86xfHphTN3zb3l69eB_9Gxp_70737Sl5_10pU1otCHIrp3KR84Vf&google_hm=98ebde90ddefd0631029b97e5a1146ba

Request Chain 155

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 168

https://a.tribalfusion.com/i.match?p=b6&u=CAESEABAKZSe__MXY1fQBeHIGco&google_cver=1&google_push=ATf1kGO4ZRn07jhHyC5sHaGNH_N23U2hlCscAOr7CWFOojE7VQT3wKXHYmHvpR1ebhXdiMBZrTbIkE6TY1jW9r4s-dzqfGIrTPjgRt2C98MqSrznH3opyjYAu_WJLRvNgRmExzMY-9OKtCDS6TMy1yARE7T0vms&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGO4ZRn07jhHyC5sHaGNH_N23U2hlCscAOr7CWFOojE7VQT3wKXHYmHvpR1ebhXdiMBZrTbIkE6TY1jW9r4s-dzqfGIrTPjgRt2C98MqSrznH3opyjYAu_WJLRvNgRmExzMY-9OKtCDS6TMy1yARE7T0vms%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEABAKZSe__MXY1fQBeHIGco&google_cver=1&google_push=ATf1kGO4ZRn07jhHyC5sHaGNH_N23U2hlCscAOr7CWFOojE7VQT3wKXHYmHvpR1ebhXdiMBZrTbIkE6TY1jW9r4s-dzqfGIrTPjgRt2C98MqSrznH3opyjYAu_WJLRvNgRmExzMY-9OKtCDS6TMy1yARE7T0vms&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGO4ZRn07jhHyC5sHaGNH_N23U2hlCscAOr7CWFOojE7VQT3wKXHYmHvpR1ebhXdiMBZrTbIkE6TY1jW9r4s-dzqfGIrTPjgRt2C98MqSrznH3opyjYAu_WJLRvNgRmExzMY-9OKtCDS6TMy1yARE7T0vms%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 169

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEFeOIDwIaZPRxP7rW_Pqcp8&google_cver=1&google_push=ATf1kGNbCL4IUkaf918ICknaZfHr32gD0CoYiAaPUIWje3EWrb0ZU8AoXWD9gdGC2vqyRgIoYaH41a6G0yg3kGMTxNPBVSuaqAKT_dkKiSpw2pSofDUoTDf-hTsCBr_7t0GikHCsz6hf3UJfnCcDNzPEao-cmbU HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEFeOIDwIaZPRxP7rW_Pqcp8&google_cver=1&google_push=ATf1kGNbCL4IUkaf918ICknaZfHr32gD0CoYiAaPUIWje3EWrb0ZU8AoXWD9gdGC2vqyRgIoYaH41a6G0yg3kGMTxNPBVSuaqAKT_dkKiSpw2pSofDUoTDf-hTsCBr_7t0GikHCsz6hf3UJfnCcDNzPEao-cmbU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGNbCL4IUkaf918ICknaZfHr32gD0CoYiAaPUIWje3EWrb0ZU8AoXWD9gdGC2vqyRgIoYaH41a6G0yg3kGMTxNPBVSuaqAKT_dkKiSpw2pSofDUoTDf-hTsCBr_7t0GikHCsz6hf3UJfnCcDNzPEao-cmbU&google_hm=wNA63hZnQr2Codrba2-iAQ==

Request Chain 172

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEEmmqyUmip0ZBHscHa72WGM&google_cver=1&google_push=ATf1kGOAw1JT0Xesev5wYoyqq-HC-7JP3i7LAS9Gk3hja5O8DlrjxGtNcZvnNGsRFhr_o5RqvsqiRneiFvBBrrDsS42sYuu98hvXeyT8BlX9hQEd0H1eEfsT-QUA0_OE7OmI6r6kGK7johi7ThBiJfL1gJgOJcc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGOAw1JT0Xesev5wYoyqq-HC-7JP3i7LAS9Gk3hja5O8DlrjxGtNcZvnNGsRFhr_o5RqvsqiRneiFvBBrrDsS42sYuu98hvXeyT8BlX9hQEd0H1eEfsT-QUA0_OE7OmI6r6kGK7johi7ThBiJfL1gJgOJcc

Request Chain 173

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEHK7X_8edrYP8pqEsoMZRyI&google_cver=1&google_push=ATf1kGP-O7M-WpP6rUaXobJf1_GGcgKLpvyKeAZo-QXEe3D3A9eVvHFq_CwX__DDdDBUYAHkTes5LUM1JzCoAxePiYu1hgmDzC-Med1zSR50T5v4f1cTvuSXpXKeANRYfo-LSkw96ac9NZXzj2KRLOXrt1Q1Dpgm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=ATf1kGP-O7M-WpP6rUaXobJf1_GGcgKLpvyKeAZo-QXEe3D3A9eVvHFq_CwX__DDdDBUYAHkTes5LUM1JzCoAxePiYu1hgmDzC-Med1zSR50T5v4f1cTvuSXpXKeANRYfo-LSkw96ac9NZXzj2KRLOXrt1Q1Dpgm HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 179

https://fw.adsafeprotected.com/rfw/st/990511/61634096/4.js?ias_dspID=3&ias_campId=1010147412&ias_pubId=pub-5625379829790606&ias_chanId=1&ias_placementId=20118853377&bidurl=https://phishcheck.me/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0iq8olpusjhYYjo9oHLDXkr&adContainerId=brand_safety_OKZnZLPsJu6i9u8Pzsiw-As&cbFunctionName=goog_wrapCb_OKZnZLPsJu6i9u8Pzsiw-As&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_728x90.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fphishcheck.me&adsafe_type=g&adsafe_url=https%3A%2F%2Fphishcheck.me%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fus_privacy%3D1---%26client%3Dca-pub-5625379829790606%26output%3Dhtml%26h%3D90%26adk%3D3399761335%26adf%3D1116380410%26pi%3Dt.aa~a.768063588~rp.4%26w%3D1155%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1684514359%26rafmt%3D1%26to%3Dqs%26pwprc%3D1402822305%26format%3D1155x90%26url%3Dhttps%253A%252F%252Fphishcheck.me%252F%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..%26dt%3D1684514359600%26bpp%3D1%26bdt%3D2171%26idt%3D0%26shv%3Dr20230517%26mjsv%3Dm202305160101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253D2fcc77e7be8451e2-22992856dddd00f0%253AT%253D1684514358%253ART%253D1684514358%253AS%253DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ%26gpic%3DUID%253D00000c187c4773d8%253AT%253D1684514358%253ART%253D1684514358%253AS%253DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg%26prev_fmts%3D0x0%252C1155x280%252C365x280%26nras%3D4%26correlator%3D2130420438757%26frm%3D20%26pv%3D1%26ga_vid%3D1158962159.1684514358%26ga_sid%3D1684514358%26ga_hid%3D123682219%26ga_fc%3D0%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D215%26ady%3D1800%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759926%252C44759837%252C44759875%252C31074687%252C44785293%252C44788441%252C44789779%252C44769662%26oid%3D2%26psts%3DABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ%26pvsid%3D1201746257145151%26tmod%3D650566965%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26ifi%3D4%26uci%3Da!4%26btvi%3D2%26fsb%3D1%26xpc%3DsHOg7lvUWw%26p%3Dhttps%253A%2F%2Fphishcheck.me%26dtd%3D3&adsafe_type=bed&adsafe_jsinfo=,id:abebfbf5-c8d9-755d-a3e3-144c0b42a6b4,c:d4Y7yV,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-5cf46fd95f-2zdsr,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:3,mot:0,app:0,maw:0,fm:tEIOAy0+11%7C12%7C13%7C14%7C15%7C16%7C17%7C181%7C191%7C192%7C193%7C1a1*.990511-61634096%7C1a11%7C1a12%7C1a131%7C1a14%7C1b11%7C1b12%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1f%7C1g,idMap:1a1*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:DIV,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:22,oid:b474c4aa-f663-11ed-86a1-de170ca626ea,v:19.8.411,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js

198 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
phishcheck.me/
Redirect Chain

https://phishcheck.me/122336/details
https://phishcheck.me/

20 KB
7 KB

332ms
332ms

Document
text/html

142.93.23.27
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://phishcheck.me/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

142.93.23.27 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

8cb81ebfbf2a332919a10f191eac5204248d765215bdceb5a2b8243130ad53b4

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Fri, 19 May 2023 16:39:17 GMT
Server: nginx/1.14.0 (Ubuntu)
Transfer-Encoding: chunked
Vary: Cookie
X-Frame-Options: SAMEORIGIN

Redirect headers

Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=utf-8
Date: Fri, 19 May 2023 16:39:17 GMT
Location: /
Server: nginx/1.14.0 (Ubuntu)
X-Frame-Options: SAMEORIGIN

GET
H2 200 css
fonts.googleapis.com/ 2 KB
959 B 66ms
22ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Nunito

Requested by

Host: phishcheck.me
URL: https://phishcheck.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

acb56c6f7cb5d7535893ca8f3ede167db52e709927be848f4285ab3d92973bb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 19 May 2023 16:39:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 19 May 2023 16:21:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 19 May 2023 16:39:17 GMT

GET
H2 200 bootstrap.min.css
netdna.bootstrapcdn.com/bootstrap/3.3.1/css/ 111 KB
19 KB 41ms
22ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://netdna.bootstrapcdn.com/bootstrap/3.3.1/css/bootstrap.min.css

Requested by

Host: phishcheck.me
URL: https://phishcheck.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d699f303990ce9bd7d7c97e9bd3cad6a46ecf2532f475cf22ae58213237821b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 756
age: 6904170
cdn-cachedat: 12/27/2021 16:05:23
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:03:58 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 2fc14f032e96d80c2a970b6638be897f
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 7c9dc66e1ad99bf2-FRA
cdn-requestpullsuccess: True

GET
H/1.1 200
OK main.css
phishcheck.me/css/ 5 KB
5 KB 161ms
160ms Stylesheet
text/css 142.93.23.27
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://phishcheck.me/css/main.css
Requested by: Host: phishcheck.me
URL: https://phishcheck.me/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 142.93.23.27 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 26f64f8bbe24fd08534113bcb1e61988c2e941edf55834661e776ac266cecb68

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 19 May 2023 16:39:17 GMT
Last-Modified: Friday, 19-May-2023 16:39:17 GMT
Server: nginx/1.14.0 (Ubuntu)
Content-Type: text/css
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4914

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.0/ 94 KB
95 KB 56ms
13ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js

Requested by

Host: phishcheck.me
URL: https://phishcheck.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 15:27:58 GMT
x-content-type-options: nosniff
age: 4279
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 96381
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 18 May 2024 15:27:58 GMT

GET
H2 200 bootbox.min.js Show response
cdnjs.cloudflare.com/ajax/libs/bootbox.js/4.4.0/ 10 KB
4 KB 31ms
14ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/bootbox.js/4.4.0/bootbox.min.js

Requested by

Host: phishcheck.me
URL: https://phishcheck.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e05edee09b002722d47693fb43c49a87ceba8c23a1bfbdb353913c948444478c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 4918818
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3213
last-modified: Mon, 04 May 2020 16:06:37 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d8d-27d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ube8xWNUfpp7B9SSWWIT7Ur50zBMM7P%2FUtomQXXnp1WTTO6hNv3DqcCUfoVJu1UvmtP4Xnnw8AyHqDYtlTDJuyy9cmO%2FOqXTqi2CeE8FKg%2BAXjh4ceHvGmjyIvveH5KmL5Slij7ZOsQplU34KLnlX3Qk"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7c9dc66e1b832ba3-FRA
expires: Wed, 08 May 2024 16:39:17 GMT

GET
H/1.1 200
OK phishcheck.js Show response
phishcheck.me/js/ 7 KB
8 KB 160ms
160ms Script
application/javascript 142.93.23.27
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://phishcheck.me/js/phishcheck.js
Requested by: Host: phishcheck.me
URL: https://phishcheck.me/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 142.93.23.27 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: c88f2bfe24b1ea2b1edf5c3b678de67ae68b5b457e8001eba865be15b6e126d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 19 May 2023 16:39:17 GMT
Last-Modified: Fri, 02 Jul 2021 04:37:43 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60de9817-1dff"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7679

GET
H/1.1 200
OK navbarlogo3-reversed.png
phishcheck.me/images/ 5 KB
5 KB 160ms
160ms Image
image/png 142.93.23.27
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://phishcheck.me/images/navbarlogo3-reversed.png
Requested by: Host: phishcheck.me
URL: https://phishcheck.me/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 142.93.23.27 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: c8c38714236c1b847b96fbebaba10af1574a7f4d567f8cfbdb3dfe2997ab18fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 19 May 2023 16:39:17 GMT
Last-Modified: Thu, 02 May 2019 17:44:56 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5ccb2c98-13f4"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5108

GET
H/1.1 200
OK phishchecklogo3-vert.png
phishcheck.me/images/ 20 KB
20 KB 160ms
160ms Image
image/png 142.93.23.27
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://phishcheck.me/images/phishchecklogo3-vert.png
Requested by: Host: phishcheck.me
URL: https://phishcheck.me/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 142.93.23.27 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: db3df22768fe7273aa43d8f6cf193b406b1cb15f5d4a26ad36f73e5fdf86a331

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date: Fri, 19 May 2023 16:39:17 GMT
Last-Modified: Thu, 02 May 2019 17:44:56 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5ccb2c98-4fa7"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 20391

GET
H2 200 btn_donateCC_LG.gif
www.paypalobjects.com/en_US/i/btn/ 3 KB
3 KB 40ms
9ms Image
image/gif 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif

Requested by

Host: phishcheck.me
URL: https://phishcheck.me/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CF2) /

Resource Hash

33a91bd6d378215fcd413c279aa88d48bda6c8b2ef7695892777c87de37de256

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:17 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Thu, 27 May 2021 14:20:07 GMT
server: ECAcc (frc/4CF2)
etag: "60afaa97-c1b"
x-cache: HIT
content-type: image/gif
paypal-debug-id: 2b4c172ba8a6d
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
dc: ccg11-origin-www-1.paypal.com
content-length: 3099
expires: Fri, 19 May 2023 17:39:17 GMT

GET
H2 200 pixel.gif
www.paypalobjects.com/en_US/i/scr/ 43 B
392 B 38ms
7ms Image
image/gif 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/en_US/i/scr/pixel.gif

Requested by

Host: phishcheck.me
URL: https://phishcheck.me/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CBC) /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:17 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Fri, 16 Aug 2019 04:57:34 GMT
server: ECAcc (frc/4CBC)
etag: "5d5637be-2b"
x-cache: HIT
content-type: image/gif
paypal-debug-id: d1c4cfe1ff620
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
dc: ccg11-origin-www-1.paypal.com
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
content-length: 43
expires: Fri, 19 May 2023 17:39:17 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 137 KB
47 KB 110ms
74ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: phishcheck.me
URL: https://phishcheck.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c52efccc8d4f4f2bf62cd5aa1cba2151242fa44e2f33f253e440746e9ed5331c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47632
x-xss-protection: 0
server: cafe
etag: 2499955122021980263
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 19 May 2023 16:39:17 GMT

GET
H2 200 bootstrap.min.js Show response
netdna.bootstrapcdn.com/bootstrap/3.1.1/js/ 28 KB
8 KB 17ms
17ms Script
application/javascript 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://netdna.bootstrapcdn.com/bootstrap/3.1.1/js/bootstrap.min.js

Requested by

Host: phishcheck.me
URL: https://phishcheck.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 723
age: 5207345
cdn-cachedat: 11/16/2021 09:13:38
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:03:57 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: e5f811a11ec2f19e8c3cbb2ceb95764e
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 7c9dc66efbdb9bf2-FRA
cdn-requestpullsuccess: True

GET
H2 200 XRXI3I6Li01BKofiOc5wtlZ2di8HDLshdTQ3jw.woff2
fonts.gstatic.com/s/nunito/v25/ 14 KB
14 KB 48ms
13ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v25/XRXI3I6Li01BKofiOc5wtlZ2di8HDLshdTQ3jw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Nunito

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e2f97ea0fb92d5e3ae31eeef403b9c34363c8fb2a387e13cf381fa97f3e8cf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://phishcheck.me
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Sat, 13 May 2023 14:30:44 GMT
x-content-type-options: nosniff
age: 526113
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14060
x-xss-protection: 0
last-modified: Mon, 18 Jul 2022 19:44:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 May 2024 14:30:44 GMT

GET
H3 200 glyphicons-halflings-regular.woff
netdna.bootstrapcdn.com/bootstrap/3.3.1/fonts/ 23 KB
23 KB 24ms
15ms Font
font/woff 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://netdna.bootstrapcdn.com/bootstrap/3.3.1/fonts/glyphicons-halflings-regular.woff

Requested by

Host: netdna.bootstrapcdn.com
URL: https://netdna.bootstrapcdn.com/bootstrap/3.3.1/css/bootstrap.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://netdna.bootstrapcdn.com/bootstrap/3.3.1/css/bootstrap.min.css
Origin: https://phishcheck.me
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 755
age: 29951271
cdn-cachedat: 03/08/2022 23:01:03
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 23320
last-modified: Mon, 25 Jan 2021 22:03:58 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: "68ed1dac06bf0409c18ae7bc62889170"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 55e06a5b78197c24b252aa7c4bedb19d
accept-ranges: bytes
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 7c9dc66f59cb6946-FRA
cdn-requestpullsuccess: True

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202305160101/ 355 KB
120 KB 76ms
75ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202305160101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5625379829790606&plah=phishcheck.me

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a779738af1d724715f16be72a08a3dcf932b530984a1bc7ceeb0bb1351015a20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 122737
x-xss-protection: 0
server: cafe
etag: 9420003045847020188
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 19 May 2023 16:39:17 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230517/r20190131/ Frame 2B4E 10 KB
5 KB 83ms
23ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230517/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://phishcheck.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34279
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4540
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 07:07:58 GMT
etag: 15057649708203361565
expires: Fri, 02 Jun 2023 07:07:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ca-pub-5625379829790606 Show response
fundingchoicesmessages.google.com/i/ 132 KB
45 KB 93ms
37ms Script
application/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-5625379829790606?ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202305160101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5625379829790606&plah=phishcheck.me

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

eac4ff92a30ec7ab3e548d8777e378b3e7a9220b230bbf5fde1609a9ad7ac7bd

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ZZ3n_C-3hriZZSAKg0iFng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:18 GMT
content-security-policy: script-src 'report-sample' 'nonce-ZZ3n_C-3hriZZSAKg0iFng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 393 B
605 B 59ms
22ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=phishcheck.me&callback=_gfp_s_&client=ca-pub-5625379829790606

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d36f2c9a46702e6fb2bc387257a0b1c792aedda850b41e5b63fad9bdfa9fa9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 253
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 62ms
25ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=phishcheck.me

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 61ms
24ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=phishcheck.me

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 47ms
47ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=navbar%20navbar-fixed-top&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: phishcheck.me
URL: https://phishcheck.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1507 567 KB
104 KB 1288ms
1286ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&adk=1812271804&adf=3025194257&lmt=1684514358&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fphishcheck.me%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514357792&bpp=6&bdt=363&idt=226&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2130420438757&frm=20&pv=2&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=402

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6011726dce81936022c56f69fe22936b24be24f440a6abbdc058f8c8ab1ad855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://phishcheck.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 105771
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 16:39:19 GMT
expires: Fri, 19 May 2023 16:39:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DB87 92 KB
33 KB 455ms
455ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1801062927&pi=t.aa~a.768063588~rp.1&w=1155&fwrn=4&fwrnh=100&lmt=1684514358&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514357792&bpp=2&bdt=363&idt=270&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=580&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=tR3lvOyIJE&p=https%3A//phishcheck.me&dtd=408

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bf9a2d95fea3732a5d21e759f91fc00311aed1743e8646c8e4a497e30ca93b89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://phishcheck.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 33338
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 16:39:18 GMT
expires: Fri, 19 May 2023 16:39:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 AGSKWxW4Kz1li9_b1C2l5thfFgRRXK7MqzbDWxiGaHZNDBTEGLC11sRprumLlN9piRwP89brOZER6sdiWzf-2H659VA= Show response
fundingchoicesmessages.google.com/f/ 4 KB
2 KB 40ms
39ms Script
application/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxW4Kz1li9_b1C2l5thfFgRRXK7MqzbDWxiGaHZNDBTEGLC11sRprumLlN9piRwP89brOZER6sdiWzf-2H659VA=?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjg0NTE0MzU4LDIwNzAwMDAwMF0sIkVBQkE4QjA3LUQzQzUtNDgxRC05NEEyLUJDQ0I4MjlDMkY0OCIsbnVsbCxudWxsLFtudWxsLFs3XV0sImh0dHBzOi8vcGhpc2hjaGVjay5tZS8iLG51bGwsW1s4LCJKZkE3LWlmVFlTbyJdLFs5LCJkZSJdLFsxNiwiWzEsMSwxXSJdXV0

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.JfA7-ifTYSo.es5.O/d=1/rs=AJlcJMzwaGYaKxlIN36FvEZUbCxN0Iyjkg/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f9929da9e054b859a89d49fd5c49b493eed033b2945da4385693f638667a3f43

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-YwWKLJTdO958h0oboNXuKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:18 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-YwWKLJTdO958h0oboNXuKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxWTfBJBDjMZXM_2OUw048wd3w4w1kuS_YGyNGMZ3deZqqeyeydltjH0XNNhUq7-ArtbEsDs2oI_TD9tHBF7COU= Show response
fundingchoicesmessages.google.com/el/ 0
28 B 59ms
29ms XHR
text/html 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWTfBJBDjMZXM_2OUw048wd3w4w1kuS_YGyNGMZ3deZqqeyeydltjH0XNNhUq7-ArtbEsDs2oI_TD9tHBF7COU=?pvid=EABA8B07-D3C5-481D-94A2-BCCB829C2F48

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-yxlOT93Mb00cMONX_-tCCg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://phishcheck.me/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 19 May 2023 16:39:18 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-yxlOT93Mb00cMONX_-tCCg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://phishcheck.me
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxWBwZ5xWyaWY2XT9gjyIhAKuW7M2P42GxgaSvvAYYt2dMcsBo05CjylmMuQ6nmZaq-_8u0K0bXBHhQTVhIDZP345rG8o4vjBDL6p5OQxftlOfUDYAXMC1uNa8LTcXlTEqVdTulRdA== Show response
fundingchoicesmessages.google.com/f/ 13 KB
6 KB 55ms
55ms Script
application/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWBwZ5xWyaWY2XT9gjyIhAKuW7M2P42GxgaSvvAYYt2dMcsBo05CjylmMuQ6nmZaq-_8u0K0bXBHhQTVhIDZP345rG8o4vjBDL6p5OQxftlOfUDYAXMC1uNa8LTcXlTEqVdTulRdA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjg0NTE0MzU4LDI1NTAwMDAwMF0sIkVBQkE4QjA3LUQzQzUtNDgxRC05NEEyLUJDQ0I4MjlDMkY0OCIsbnVsbCxudWxsLFtudWxsLFs3LDEwXV0sImh0dHBzOi8vcGhpc2hjaGVjay5tZS8iLG51bGwsW1s4LCJKZkE3LWlmVFlTbyJdLFs5LCJkZSJdLFsxNiwiWzEsMSwxXSJdXV0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

46b6b2b07e77b22bd5a04b35032cc0a77ba8729c51c5d78b142526df0a5bb53d

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-zsw_9wUfWkq6R5chi0Xi1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:18 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-zsw_9wUfWkq6R5chi0Xi1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame DB87 4 KB
751 B 26ms
25ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1801062927&pi=t.aa~a.768063588~rp.1&w=1155&fwrn=4&fwrnh=100&lmt=1684514358&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514357792&bpp=2&bdt=363&idt=270&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=580&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=tR3lvOyIJE&p=https%3A//phishcheck.me&dtd=408

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 19 May 2023 16:39:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 19 May 2023 15:13:12 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 19 May 2023 16:39:18 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/ Frame DB87 2 KB
846 B 55ms
19ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:36:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21764
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:36:34 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame DB87 0
0 57ms
57ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C7fzbNqZnZJyiDo7wtweMhLLADfazxM1wprHHsaoRr4G649cCEAEgnfDqIGCV4pCCoAegAf_bisgDyAEJqAMByAPLBKoE0gFP0OhvDHtw3glAoSMmURQfgGqmF5U_tmoS7_cCOP_FzwOPtYig7jshBox90sk4_NNhhZ1xZavb3iEH7cYiEWj18LwaRdsab0akFYdBoeec8-O9LYSPfnXZKnmHMa1pQ_4bqpKA3i3OhjQ0LZ-l3D2uzkTOKf9-ND_Jm4O-Op0YdBjZrAyp4JWertAEmxUOXtAiv7o0D2RQUh5nWOWZ2jv8w_2jX_3x0fw_Mnt8_2c5YhtovXw_pUi5K7AjdM4T0Du0HHEdj3dC5Pm7vqNn2VKoIo7ABMuJ9O6qBJIFBAgEGAGSBQQIBRgEoAYugAfw7qyiAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEO6KSNIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgHICwG4E-QD2BMMiBQB0BUBgBcBshccChoIABIUcHViLTU2MjUzNzk4Mjk3OTA2MDYYAA&sigh=yeqA1PNF8Hw&uach_m=[UACH]&cid=CAQSGwBygQiDQo-oDCjgcBkQLTZYQrsr7zt-PvTBPRgB&template_id=484

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1801062927&pi=t.aa~a.768063588~rp.1&w=1155&fwrn=4&fwrnh=100&lmt=1684514358&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514357792&bpp=2&bdt=363&idt=270&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=580&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=tR3lvOyIJE&p=https%3A//phishcheck.me&dtd=408
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 19 May 2023 16:39:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 19 May 2023 16:39:18 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/16708277255941283142/ Frame DB87 30 KB
30 KB 59ms
26ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16708277255941283142/14763004658117789537?w=600&h=314

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1aa338ebebca9a5d8b448999825c608f335d430ca28bb5531965de2ca585cda7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 17 May 2023 11:58:35 GMT
x-content-type-options: nosniff
age: 189643
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30339
x-xss-protection: 0
last-modified: Wed, 19 Apr 2023 17:13:47 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 16 May 2024 11:58:35 GMT

GET
H2 200 8944335040070221310
tpc.googlesyndication.com/simgad/ Frame DB87 3 KB
3 KB 69ms
36ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8944335040070221310?w=100&h=100

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad707b6241c6bbfaf831458eb523b732fe69c4d0cc35493d8f86db7d8215b8d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Sat, 13 May 2023 23:05:40 GMT
x-content-type-options: nosniff
age: 495218
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3138
x-xss-protection: 0
last-modified: Thu, 24 Mar 2022 23:46:27 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 12 May 2024 23:05:40 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/ Frame DB87 22 KB
9 KB 42ms
17ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

756997924e97f09793e32520f153591ff455188cf2fd5e2f8d95b6d427b9e87b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:36:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21771
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8780
x-xss-protection: 0
server: cafe
etag: 16540081610679671253
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:36:27 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/ Frame DB87 3 KB
1 KB 44ms
20ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:59:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20395
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:59:23 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/ Frame DB87 19 KB
8 KB 42ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9df1ad09e8ee902ee6a76cf88df57306868ca4ee532d74830fbcfe4db8bdf39d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:36:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21777
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7953
x-xss-protection: 0
server: cafe
etag: 16153819885643670827
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:36:21 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DB87 170 KB
53 KB 64ms
29ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47d66a97dd9e4ae073078b5dcd843a74baf83776f2dd8dff131b1b6ea9209698

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53893
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1684322484769956"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 19 May 2023 16:39:18 GMT

GET
H2 200 a0d8c68f3de0718362c8759993c4ce7f.js Show response
www.gstatic.com/mysidia/ Frame DB87 32 KB
14 KB 50ms
14ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a0d8c68f3de0718362c8759993c4ce7f.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

daf9dc6664474a6b01d9e293a39749d0e9b637629239cbe512dd4a0f0854a8eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 20:46:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 589976
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13639
x-xss-protection: 0
last-modified: Fri, 12 May 2023 20:16:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 10 Aug 2023 20:46:22 GMT

GET
DATA 200
OK truncated
/ Frame DB87 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3c541d0f6f738252d0bca4f2434954933f3e2456ef89663fc3f364ebab07f4e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame DB87 16 KB
16 KB 14ms
14ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Sat, 13 May 2023 21:03:36 GMT
x-content-type-options: nosniff
age: 502542
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 May 2024 21:03:36 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame DB87 15 KB
15 KB 18ms
18ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 02:06:17 GMT
x-content-type-options: nosniff
age: 52381
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 18 May 2024 02:06:17 GMT

GET
H3 200 x4MEI6eqFB0dCdwpn32-R0gTDA087Zgj0u4bOKm75nA.js Show response
pagead2.googlesyndication.com/bg/ Frame 529D 37 KB
14 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/x4MEI6eqFB0dCdwpn32-R0gTDA087Zgj0u4bOKm75nA.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7830423a7aa141d1d09dc299f7dbe4748130c0d3ced9823d2ee1b38a9bbe670

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 16 May 2023 17:01:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 257839
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14664
x-xss-protection: 0
last-modified: Mon, 15 May 2023 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 May 2024 17:01:59 GMT

GET
H3 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
68 B 28ms
27ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=1&rn=4.946423034846861

Requested by

Host: phishcheck.me
URL: https://phishcheck.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-60zRVvSTC00hpzROxX-1iw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:19 GMT
content-security-policy: script-src 'report-sample' 'nonce-60zRVvSTC00hpzROxX-1iw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
68 B 35ms
35ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=2&rn=2.421855499513075

Requested by

Host: phishcheck.me
URL: https://phishcheck.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-bbCieLpeQpMEVCzdyckCtg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:19 GMT
content-security-policy: script-src 'report-sample' 'nonce-bbCieLpeQpMEVCzdyckCtg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxWnpQ-rKQ9f_u1B9fxpE5c15i2RpYRh-6NMfDL_9pWOwjTPTU60L7c7zA1xe3sy9HldHuq6Br_oHmcGHzk6m19SADV-VOS6oZ6RUtWUOHSJBa_koO0Idrxc566xHdljHOy53iLKQg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 32ms
31ms XHR
text/html 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWnpQ-rKQ9f_u1B9fxpE5c15i2RpYRh-6NMfDL_9pWOwjTPTU60L7c7zA1xe3sy9HldHuq6Br_oHmcGHzk6m19SADV-VOS6oZ6RUtWUOHSJBa_koO0Idrxc566xHdljHOy53iLKQg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce---MQYp5Xai0RUmd8-Hz3Hg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://phishcheck.me/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 19 May 2023 16:39:19 GMT
content-security-policy: script-src 'report-sample' 'nonce---MQYp5Xai0RUmd8-Hz3Hg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://phishcheck.me
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 94ms
64ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230517&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dbafa20efc40e2fe9e7ba9f77e454c1050b6a750793fb4a40614b13f397c3631

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11406
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202305160101/ 152 KB
51 KB 80ms
80ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202305160101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

368ccdbf0bf8aa90462b57fb38247e2e558b9ad27720fb00c890adbe6c629632

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52644
x-xss-protection: 0
server: cafe
etag: 2643700878542133949
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 19 May 2023 16:39:19 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 30ms
28ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=phishcheck.me

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 22ms
22ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=phishcheck.me

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B541 86 KB
35 KB 753ms
752ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=280&adk=889495490&adf=2039575784&pi=t.aa~a.258514030~i.3~rp.4&w=365&fwrn=4&fwrnh=100&lmt=1684514359&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1402822305&ad_type=text_image&format=365x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rh=305&rw=365&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359588&bpp=1&bdt=2159&idt=1&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280&nras=3&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=HNs3i103KL&p=https%3A//phishcheck.me&dtd=6

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

997c28b87e7d78e33107cedc652ea932244a55b859cc29435e9b80c4b3fcd725

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://phishcheck.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 35543
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 16:39:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 281B 27 KB
12 KB 847ms
846ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

088f11a47119f668cb7bd22a9fe55e1f1eeee56484658348b67acd7cf1d6f219

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://phishcheck.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 12207
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 16:39:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 19 May 2023 16:39:19 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 25ms
25ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=phishcheck.me

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 22ms
22ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=phishcheck.me

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/ Frame 17C3 10 KB
4 KB 14ms
13ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://phishcheck.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 80670
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4540
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 18 May 2023 18:14:49 GMT
etag: 15057649708203361565
expires: Thu, 01 Jun 2023 18:14:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/ Frame DD79 10 KB
4 KB 14ms
13ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://phishcheck.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 80670
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4540
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 18 May 2023 18:14:49 GMT
etag: 15057649708203361565
expires: Thu, 01 Jun 2023 18:14:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/ Frame A0D7 10 KB
4 KB 15ms
13ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://phishcheck.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 80670
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4540
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 18 May 2023 18:14:49 GMT
etag: 15057649708203361565
expires: Thu, 01 Jun 2023 18:14:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/ Frame B996 10 KB
4 KB 14ms
14ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://phishcheck.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 80670
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4540
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 18 May 2023 18:14:49 GMT
etag: 15057649708203361565
expires: Thu, 01 Jun 2023 18:14:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css2
fonts.googleapis.com/ Frame 17C3 4 KB
671 B 23ms
23ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 19 May 2023 16:39:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 19 May 2023 15:05:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 19 May 2023 16:39:19 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 17C3 205 B
519 B 16ms
14ms Image
image/png 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 09:32:06 GMT
x-content-type-options: nosniff
age: 25633
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 18 May 2024 09:32:06 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 17C3 604 B
694 B 17ms
15ms Image
image/png 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 15:30:03 GMT
x-content-type-options: nosniff
age: 4156
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 18 May 2024 15:30:03 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/elements/html/ Frame 17C3 20 KB
8 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fd4f1c9d69a243c7240669fd0fedbe8a66953243d409f75ae02dc4824b17cf68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 17:01:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85084
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8271
x-xss-protection: 0
server: cafe
etag: 10419244916965318868
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 01 Jun 2023 17:01:15 GMT

GET
H2 200 25c1ebd307027cb6cde802b753523349.js Show response
www.gstatic.com/mysidia/ Frame DD79 8 KB
4 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/25c1ebd307027cb6cde802b753523349.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08c6df6675aa9335318105edf2dae0e633d9b9b5e023d2f7d312dee6850b1013

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 20:54:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 589491
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3684
x-xss-protection: 0
last-modified: Fri, 12 May 2023 20:16:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 10 Aug 2023 20:54:28 GMT

GET
H2 200 36469e4fd4a5fb7e4def07f073d8e0a7.js Show response
www.gstatic.com/mysidia/ Frame DD79 9 KB
4 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/36469e4fd4a5fb7e4def07f073d8e0a7.js?tag=text/vanilla_highlight

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4893bfd7cb55ae6211e10c745f763f132d4c2f366deeabe781c4b0d58a319d72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 20:54:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 589491
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3916
x-xss-protection: 0
last-modified: Fri, 12 May 2023 20:38:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 10 Aug 2023 20:54:28 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame DD79 9 KB
932 B 31ms
30ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b1289ccca476df0a33259965671579525261926bf8ea0a9f4fb3ba67535c4f69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 19 May 2023 16:39:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 19 May 2023 15:02:05 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 19 May 2023 16:39:19 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/ Frame DD79 2 KB
765 B 16ms
15ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:36:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21765
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:36:34 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/ Frame DD79 22 KB
9 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

756997924e97f09793e32520f153591ff455188cf2fd5e2f8d95b6d427b9e87b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:36:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21772
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8780
x-xss-protection: 0
server: cafe
etag: 16540081610679671253
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:36:27 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/ Frame DD79 3 KB
1 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:59:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20396
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:59:23 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/ Frame DD79 19 KB
8 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9df1ad09e8ee902ee6a76cf88df57306868ca4ee532d74830fbcfe4db8bdf39d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:36:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21778
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7953
x-xss-protection: 0
server: cafe
etag: 16153819885643670827
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:36:21 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DD79 170 KB
53 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47d66a97dd9e4ae073078b5dcd843a74baf83776f2dd8dff131b1b6ea9209698

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53893
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1684322484769956"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 19 May 2023 16:39:19 GMT

GET
H2 200 a0d8c68f3de0718362c8759993c4ce7f.js Show response
www.gstatic.com/mysidia/ Frame DD79 32 KB
13 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a0d8c68f3de0718362c8759993c4ce7f.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

daf9dc6664474a6b01d9e293a39749d0e9b637629239cbe512dd4a0f0854a8eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 20:46:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 589977
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13639
x-xss-protection: 0
last-modified: Fri, 12 May 2023 20:16:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 10 Aug 2023 20:46:22 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 66BD 13 KB
5 KB 17ms
14ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://phishcheck.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 18148
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 11:36:51 GMT
expires: Sat, 18 May 2024 11:36:51 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5785 783 B
1 KB 74ms
25ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0fc64d7d1cc842671dc8f25a0cac90219d3729d967e25797ea10a97d269d2f06

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-M7DZVOPL4FKbhimrkaTGBQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://phishcheck.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-M7DZVOPL4FKbhimrkaTGBQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 16:39:19 GMT
expires: Fri, 19 May 2023 16:39:19 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 25c1ebd307027cb6cde802b753523349.js Show response
www.gstatic.com/mysidia/ Frame A0D7 8 KB
4 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/25c1ebd307027cb6cde802b753523349.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08c6df6675aa9335318105edf2dae0e633d9b9b5e023d2f7d312dee6850b1013

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 20:54:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 589491
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3684
x-xss-protection: 0
last-modified: Fri, 12 May 2023 20:16:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 10 Aug 2023 20:54:28 GMT

GET
H3 200 36469e4fd4a5fb7e4def07f073d8e0a7.js Show response
www.gstatic.com/mysidia/ Frame A0D7 9 KB
4 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/36469e4fd4a5fb7e4def07f073d8e0a7.js?tag=text/vanilla_highlight

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4893bfd7cb55ae6211e10c745f763f132d4c2f366deeabe781c4b0d58a319d72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 20:54:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 589491
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3916
x-xss-protection: 0
last-modified: Fri, 12 May 2023 20:38:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 10 Aug 2023 20:54:28 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame A0D7 9 KB
932 B 26ms
25ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b1289ccca476df0a33259965671579525261926bf8ea0a9f4fb3ba67535c4f69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 19 May 2023 16:39:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 19 May 2023 15:01:10 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 19 May 2023 16:39:19 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/ Frame A0D7 2 KB
765 B 19ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:36:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21765
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:36:34 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/ Frame A0D7 22 KB
9 KB 20ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

756997924e97f09793e32520f153591ff455188cf2fd5e2f8d95b6d427b9e87b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:36:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21772
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8780
x-xss-protection: 0
server: cafe
etag: 16540081610679671253
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:36:27 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/ Frame A0D7 3 KB
1 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:59:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20396
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:59:23 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/ Frame A0D7 19 KB
8 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9df1ad09e8ee902ee6a76cf88df57306868ca4ee532d74830fbcfe4db8bdf39d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:36:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21778
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7953
x-xss-protection: 0
server: cafe
etag: 16153819885643670827
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:36:21 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A0D7 170 KB
53 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47d66a97dd9e4ae073078b5dcd843a74baf83776f2dd8dff131b1b6ea9209698

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53893
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1684322484769956"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 19 May 2023 16:39:19 GMT

GET
H3 200 a0d8c68f3de0718362c8759993c4ce7f.js Show response
www.gstatic.com/mysidia/ Frame A0D7 32 KB
13 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a0d8c68f3de0718362c8759993c4ce7f.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

daf9dc6664474a6b01d9e293a39749d0e9b637629239cbe512dd4a0f0854a8eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 20:46:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 589977
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13639
x-xss-protection: 0
last-modified: Fri, 12 May 2023 20:16:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 10 Aug 2023 20:46:22 GMT

GET
H3 200 25c1ebd307027cb6cde802b753523349.js Show response
www.gstatic.com/mysidia/ Frame B996 8 KB
4 KB 18ms
16ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/25c1ebd307027cb6cde802b753523349.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08c6df6675aa9335318105edf2dae0e633d9b9b5e023d2f7d312dee6850b1013

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 20:54:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 589491
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3684
x-xss-protection: 0
last-modified: Fri, 12 May 2023 20:16:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 10 Aug 2023 20:54:28 GMT

GET
H3 200 36469e4fd4a5fb7e4def07f073d8e0a7.js Show response
www.gstatic.com/mysidia/ Frame B996 9 KB
4 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/36469e4fd4a5fb7e4def07f073d8e0a7.js?tag=text/vanilla_highlight

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4893bfd7cb55ae6211e10c745f763f132d4c2f366deeabe781c4b0d58a319d72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 20:54:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 589491
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3916
x-xss-protection: 0
last-modified: Fri, 12 May 2023 20:38:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 10 Aug 2023 20:54:28 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame B996 9 KB
932 B 25ms
24ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b1289ccca476df0a33259965671579525261926bf8ea0a9f4fb3ba67535c4f69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 19 May 2023 16:39:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 19 May 2023 14:53:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 19 May 2023 16:39:19 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/ Frame B996 2 KB
765 B 19ms
17ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:36:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21765
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:36:34 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/ Frame B996 22 KB
9 KB 19ms
17ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

756997924e97f09793e32520f153591ff455188cf2fd5e2f8d95b6d427b9e87b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:36:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21772
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8780
x-xss-protection: 0
server: cafe
etag: 16540081610679671253
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:36:27 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/ Frame B996 3 KB
1 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:59:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20396
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:59:23 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/ Frame B996 19 KB
8 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9df1ad09e8ee902ee6a76cf88df57306868ca4ee532d74830fbcfe4db8bdf39d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:36:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21778
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7953
x-xss-protection: 0
server: cafe
etag: 16153819885643670827
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:36:21 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B996 170 KB
53 KB 36ms
34ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47d66a97dd9e4ae073078b5dcd843a74baf83776f2dd8dff131b1b6ea9209698

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53893
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1684322484769956"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 19 May 2023 16:39:19 GMT

GET
H3 200 a0d8c68f3de0718362c8759993c4ce7f.js Show response
www.gstatic.com/mysidia/ Frame B996 32 KB
13 KB 18ms
16ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a0d8c68f3de0718362c8759993c4ce7f.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

daf9dc6664474a6b01d9e293a39749d0e9b637629239cbe512dd4a0f0854a8eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 20:46:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 589977
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13639
x-xss-protection: 0
last-modified: Fri, 12 May 2023 20:16:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 10 Aug 2023 20:46:22 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame DB87 42 B
64 B 54ms
53ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvG4qvFebonJjgIBy_yQyhIIB4mHMdnZbPZLgwOos4Jud982aBihONDh6BMVlV-PonDZ7lsquNR91tylYwvTz-rrU2GX4SIgotfV6eteOGrh0AxBsTmu3_FMhYG67ZCT9WgVyhBhA&sai=AMfl-YQPO1MwBH_zH-tzHA8rvaMIHFIofLttAmxmXm36gUzds8GFDnEJb01QtXyEPsAqO0KKOFHoVdnnrXFM&sig=Cg0ArKJSzEOVYoHvr6L5EAE&cid=CAQSGwBygQiDQo-oDCjgcBkQLTZYQrsr7zt-PvTBPRgB&id=lidar2&mcvt=1036&p=0,0,280,1155&mtos=1036,1036,1036,1036,1036&tos=1036,0,0,0,0&v=20230517&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2508842873&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1684514358201&rpt=636&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 1E55 9 KB
932 B 27ms
26ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b1289ccca476df0a33259965671579525261926bf8ea0a9f4fb3ba67535c4f69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 19 May 2023 16:39:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 19 May 2023 14:48:57 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 19 May 2023 16:39:19 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/ Frame 1E55 2 KB
765 B 18ms
17ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:36:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21765
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:36:34 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/ Frame 1E55 22 KB
9 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

756997924e97f09793e32520f153591ff455188cf2fd5e2f8d95b6d427b9e87b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:36:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21772
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8780
x-xss-protection: 0
server: cafe
etag: 16540081610679671253
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:36:27 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/ Frame 1E55 3 KB
1 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:59:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20396
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:59:23 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/ Frame 1E55 19 KB
8 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9df1ad09e8ee902ee6a76cf88df57306868ca4ee532d74830fbcfe4db8bdf39d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:36:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21778
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7953
x-xss-protection: 0
server: cafe
etag: 16153819885643670827
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:36:21 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1E55 170 KB
53 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47d66a97dd9e4ae073078b5dcd843a74baf83776f2dd8dff131b1b6ea9209698

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53893
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1684322484769956"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 19 May 2023 16:39:19 GMT

GET
H3 200 a0d8c68f3de0718362c8759993c4ce7f.js Show response
www.gstatic.com/mysidia/ Frame 1E55 32 KB
13 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a0d8c68f3de0718362c8759993c4ce7f.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

daf9dc6664474a6b01d9e293a39749d0e9b637629239cbe512dd4a0f0854a8eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 12 May 2023 20:46:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 589977
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13639
x-xss-protection: 0
last-modified: Fri, 12 May 2023 20:16:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 10 Aug 2023 20:46:22 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F499 143 B
166 B 14ms
14ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1703
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 16:10:56 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 6E5C 143 B
166 B 13ms
13ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1703
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 16:10:56 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 x4MEI6eqFB0dCdwpn32-R0gTDA087Zgj0u4bOKm75nA.js Show response
pagead2.googlesyndication.com/bg/ Frame 66BD 37 KB
14 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/x4MEI6eqFB0dCdwpn32-R0gTDA087Zgj0u4bOKm75nA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7830423a7aa141d1d09dc299f7dbe4748130c0d3ced9823d2ee1b38a9bbe670

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 16 May 2023 17:01:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 257841
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14664
x-xss-protection: 0
last-modified: Mon, 15 May 2023 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 May 2024 17:01:59 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CBC8 143 B
166 B 14ms
13ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1704
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 16:10:56 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame B996 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e40c51963cc1b46e333d784ca995ae35ff34c173d2103d749e5f1545ea2c2435

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5785 0
0 60ms
59ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230517&jk=1201746257145151&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame DD79 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e0e8bbe2cbd26a11d1fec52a43d6b02b0a1d1f3f5df37889518721e77cb1a69b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 195C 143 B
166 B 23ms
22ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1704
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 16:10:56 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F499
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

26ms
23ms

Document
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 16:39:20 GMT
expires: Fri, 19 May 2023 16:39:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 16:39:20 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 x4MEI6eqFB0dCdwpn32-R0gTDA087Zgj0u4bOKm75nA.js Show response
pagead2.googlesyndication.com/bg/ Frame 94A3 37 KB
14 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/x4MEI6eqFB0dCdwpn32-R0gTDA087Zgj0u4bOKm75nA.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7830423a7aa141d1d09dc299f7dbe4748130c0d3ced9823d2ee1b38a9bbe670

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 16 May 2023 17:01:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 257841
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14664
x-xss-protection: 0
last-modified: Mon, 15 May 2023 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 May 2024 17:01:59 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame DD79 0
19 B 60ms
59ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CRdJJNqZnZJSVEvutn88Pr8-nqArKsLqzcOu1s-OgEcCNtwEQASCd8OogYJXikIKgB6ABirqhzgHIAQGoAwHIA8MEqgTLAU_Qi7a8ZS3eofP-oTyVf-pOZtB0avvZ6X5VvNTmBIjzY-_KD2gfjEdEeNacem-mKmocq2D2yxW_AG1O9_WoA0vnIvT4_zfraywIXRt27wkVz3W3C9GRbT5tFDHfLPt0rrYbJXxd0eCcNKOvAitxeL6urdKqjgmeRCbPpkU5i9DlnjnBrfK1ewcIohI7dp1Lrteg6VjOzG_DtOvQFzaUmzRtL5Q8D5Jo5rw4IrirqFwqX_wcX4joaM98XDKxs3PycnrceEh9iQuxXTIfwAS_-_z2nQSSBQQIBBgBkgUECAUYBKAGZoAH3sXesQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBDn8QzSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoByAsB2BMNiBQC0BUBgBcBshccChoIABIUcHViLTU2MjUzNzk4Mjk3OTA2MDYYAA&sigh=36bIP1LVCMM&uach_m=[UACH]&cid=CAQSGwBygQiDXfRZNah9od2l7xfmkEBpJYWKPPRTYxgB&cbvp=2&vis=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 19 May 2023 16:39:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 ads- Show response
fundingchoicesmessages.google.com/f/AGSKWxXHmI4fJE4PzjgSfnXZBlR6FA-N56x2H3VvZfoTHdrhu_14vtwvfVWqpWwBcOGpidW-qFz3vjFa4gp10Ejjvk3Z3fFurFPoMFLtZ6Ane3q5J6AMKdrY42oOgLPYLtLvwws4j-757vNTs7mrFBAVa5UZFXmCl... 54 B
109 B 28ms
28ms Script
application/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXHmI4fJE4PzjgSfnXZBlR6FA-N56x2H3VvZfoTHdrhu_14vtwvfVWqpWwBcOGpidW-qFz3vjFa4gp10Ejjvk3Z3fFurFPoMFLtZ6Ane3q5J6AMKdrY42oOgLPYLtLvwws4j-757vNTs7mrFBAVa5UZFXmCl0-Xw3iONQGX3vncUkYgUdzAXhNRc_35/_/AdNewsclip15._psu_ad..adforge./adfootleft./plugins/ads-

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.JfA7-ifTYSo.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_ccpa_signal_executable/ed=1/rs=AJlcJMzwaGYaKxlIN36FvEZUbCxN0Iyjkg/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

345e56904c429868d14bd51e81812f365588d2f3f65309662ec27ef05e9927bf

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-GdKvlamSbaBboQTyccos-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:20 GMT
content-security-policy: script-src 'report-sample' 'nonce-GdKvlamSbaBboQTyccos-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 rum.js Show response
pagead2.googlesyndication.com/pagead/js/ 62 KB
23 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/rum.js?fcd=true

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9c67029f91f8c5e1887184af72adada17ca0eae88fdba6eeaa5c0dd7518a4eb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 15:43:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3362
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23471
x-xss-protection: 0
server: cafe
etag: 11524603251922372012
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Fri, 19 May 2023 16:43:18 GMT

POST
H3 204 AGSKWxWnpQ-rKQ9f_u1B9fxpE5c15i2RpYRh-6NMfDL_9pWOwjTPTU60L7c7zA1xe3sy9HldHuq6Br_oHmcGHzk6m19SADV-VOS6oZ6RUtWUOHSJBa_koO0Idrxc566xHdljHOy53iLKQg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 29ms
29ms XHR
text/html 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWnpQ-rKQ9f_u1B9fxpE5c15i2RpYRh-6NMfDL_9pWOwjTPTU60L7c7zA1xe3sy9HldHuq6Br_oHmcGHzk6m19SADV-VOS6oZ6RUtWUOHSJBa_koO0Idrxc566xHdljHOy53iLKQg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-hALekhUVlMy-wKjW5y9gEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://phishcheck.me/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 19 May 2023 16:39:20 GMT
content-security-policy: script-src 'report-sample' 'nonce-hALekhUVlMy-wKjW5y9gEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://phishcheck.me
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 6E5C
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

28ms
28ms

Document
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 16:39:20 GMT
expires: Fri, 19 May 2023 16:39:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 16:39:20 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 x4MEI6eqFB0dCdwpn32-R0gTDA087Zgj0u4bOKm75nA.js Show response
pagead2.googlesyndication.com/bg/ Frame 5783 37 KB
14 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/x4MEI6eqFB0dCdwpn32-R0gTDA087Zgj0u4bOKm75nA.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7830423a7aa141d1d09dc299f7dbe4748130c0d3ced9823d2ee1b38a9bbe670

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 16 May 2023 17:01:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 257841
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14664
x-xss-protection: 0
last-modified: Mon, 15 May 2023 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 May 2024 17:01:59 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame B996 0
19 B 61ms
61ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CDTeQNqZnZJaVEvutn88Pr8-nqArKsLqzcOu1s-OgEcCNtwEQASCd8OogYJXikIKgB6ABirqhzgHIAQGoAwHIA8MEqgTMAU_QP7weTKpqD-nXsQcqQJCGABXr0vZ-F1aR7QzxHNvfI5ZT3BmqHJI-Soc0BgmnayNyehsdog00zBKhm3LULTdLF9ZdRi1CD_7zi8TfBZpOh6nCHmerEQwocFrwcw2QZM5GlD2_ZE7-JlyjSnJPLuqUZ6ZkCMsnmRmiOHx65RWr-gU6jRUtb5mnsSmZ4m5ueQ4AasLjRBlokN1UlaWDyCoto69u47p0isV7cK2yn1eg2gSry_dIdtXnB3yWYvDRXbVdXLBJ-XaZlp0zBcAEv_v89p0EkgUECAQYAZIFBAgFGASgBmaAB97F3rECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQtssf0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOoAKAcgLAdgTDYgUAtAVAYAXAbIXHAoaCAASFHB1Yi01NjI1Mzc5ODI5NzkwNjA2GAA&sigh=d1ZB0YJWRNo&uach_m=[UACH]&cid=CAQSGwBygQiDXfRZNah9od2l7xfmkEBpJYWKPPRTYxgB&cbvp=2&vis=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 19 May 2023 16:39:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CBC8
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

23ms
22ms

Document
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 16:39:20 GMT
expires: Fri, 19 May 2023 16:39:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 16:39:20 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 x4MEI6eqFB0dCdwpn32-R0gTDA087Zgj0u4bOKm75nA.js Show response
pagead2.googlesyndication.com/bg/ Frame F6EA 37 KB
14 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/x4MEI6eqFB0dCdwpn32-R0gTDA087Zgj0u4bOKm75nA.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7830423a7aa141d1d09dc299f7dbe4748130c0d3ced9823d2ee1b38a9bbe670

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 16 May 2023 17:01:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 257841
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14664
x-xss-protection: 0
last-modified: Mon, 15 May 2023 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 May 2024 17:01:59 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 195C
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

28ms
28ms

Document
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230517/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 16:39:20 GMT
expires: Fri, 19 May 2023 16:39:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 16:39:20 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 x4MEI6eqFB0dCdwpn32-R0gTDA087Zgj0u4bOKm75nA.js Show response
pagead2.googlesyndication.com/bg/ Frame 351D 37 KB
14 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/x4MEI6eqFB0dCdwpn32-R0gTDA087Zgj0u4bOKm75nA.js

Requested by

Host: phishcheck.me
URL: https://phishcheck.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7830423a7aa141d1d09dc299f7dbe4748130c0d3ced9823d2ee1b38a9bbe670

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 16 May 2023 17:01:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 257841
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14664
x-xss-protection: 0
last-modified: Mon, 15 May 2023 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 May 2024 17:01:59 GMT

POST
H3 204 AGSKWxWnpQ-rKQ9f_u1B9fxpE5c15i2RpYRh-6NMfDL_9pWOwjTPTU60L7c7zA1xe3sy9HldHuq6Br_oHmcGHzk6m19SADV-VOS6oZ6RUtWUOHSJBa_koO0Idrxc566xHdljHOy53iLKQg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 28ms
27ms XHR
text/html 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWnpQ-rKQ9f_u1B9fxpE5c15i2RpYRh-6NMfDL_9pWOwjTPTU60L7c7zA1xe3sy9HldHuq6Br_oHmcGHzk6m19SADV-VOS6oZ6RUtWUOHSJBa_koO0Idrxc566xHdljHOy53iLKQg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-gcBsbctXaBZRjCt8gP8d7Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://phishcheck.me/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 19 May 2023 16:39:20 GMT
content-security-policy: script-src 'report-sample' 'nonce-gcBsbctXaBZRjCt8gP8d7Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://phishcheck.me
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxWnpQ-rKQ9f_u1B9fxpE5c15i2RpYRh-6NMfDL_9pWOwjTPTU60L7c7zA1xe3sy9HldHuq6Br_oHmcGHzk6m19SADV-VOS6oZ6RUtWUOHSJBa_koO0Idrxc566xHdljHOy53iLKQg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 37ms
36ms XHR
text/html 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWnpQ-rKQ9f_u1B9fxpE5c15i2RpYRh-6NMfDL_9pWOwjTPTU60L7c7zA1xe3sy9HldHuq6Br_oHmcGHzk6m19SADV-VOS6oZ6RUtWUOHSJBa_koO0Idrxc566xHdljHOy53iLKQg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Kh31iQoKhvcsW9h7oZoxdw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://phishcheck.me/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 19 May 2023 16:39:20 GMT
content-security-policy: script-src 'report-sample' 'nonce-Kh31iQoKhvcsW9h7oZoxdw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://phishcheck.me
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxWnpQ-rKQ9f_u1B9fxpE5c15i2RpYRh-6NMfDL_9pWOwjTPTU60L7c7zA1xe3sy9HldHuq6Br_oHmcGHzk6m19SADV-VOS6oZ6RUtWUOHSJBa_koO0Idrxc566xHdljHOy53iLKQg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 85ms
85ms XHR
text/html 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWnpQ-rKQ9f_u1B9fxpE5c15i2RpYRh-6NMfDL_9pWOwjTPTU60L7c7zA1xe3sy9HldHuq6Br_oHmcGHzk6m19SADV-VOS6oZ6RUtWUOHSJBa_koO0Idrxc566xHdljHOy53iLKQg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-QomwPVej-5rwoXPEr30laA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://phishcheck.me/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 19 May 2023 16:39:20 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-QomwPVej-5rwoXPEr30laA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://phishcheck.me
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxWhxfWosowffrEcjlAPVoLQhG7k2sZ85B8loY3ivMNo8AoYMLe8WpOgsnQQsRfr66ao2L7JORYmDqIYrWbXKQJddzS9q3l4Ct1_NOtQE5SIfHpN2a36YfTBoxzwo52AgiM1xcBm9Q== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 42ms
41ms Script
application/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWhxfWosowffrEcjlAPVoLQhG7k2sZ85B8loY3ivMNo8AoYMLe8WpOgsnQQsRfr66ao2L7JORYmDqIYrWbXKQJddzS9q3l4Ct1_NOtQE5SIfHpN2a36YfTBoxzwo52AgiM1xcBm9Q==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjg0NTE0MzYwLDM5NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsMTAsNl0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vcGhpc2hjaGVjay5tZS8iLG51bGwsW1s4LCJKZkE3LWlmVFlTbyJdLFs5LCJkZSJdLFsxNiwiWzEsMSwxXSJdXV0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b8c41f999913b26e2db2241883edda0f6e6f60a6782993b2383040dc2630d47c

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-tEicsRrW2MvGc7PxZYSD1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:20 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-tEicsRrW2MvGc7PxZYSD1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 2289052131512436417
tpc.googlesyndication.com/simgad/ Frame B541 45 KB
45 KB 17ms
16ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2289052131512436417?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qnV8ayOMHi9O-auQBd44N2cIHC9HQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=280&adk=889495490&adf=2039575784&pi=t.aa~a.258514030~i.3~rp.4&w=365&fwrn=4&fwrnh=100&lmt=1684514359&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1402822305&ad_type=text_image&format=365x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rh=305&rw=365&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359588&bpp=1&bdt=2159&idt=1&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280&nras=3&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=HNs3i103KL&p=https%3A//phishcheck.me&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa9fffd9bc5ea03844d7b38fac61f2504b72ee18f0d6411facd51a338118a119

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Mon, 15 May 2023 15:43:27 GMT
x-content-type-options: nosniff
age: 348953
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46433
x-xss-protection: 0
last-modified: Thu, 27 Apr 2023 17:33:31 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 14 May 2024 15:43:27 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/ Frame B541 22 KB
9 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=280&adk=889495490&adf=2039575784&pi=t.aa~a.258514030~i.3~rp.4&w=365&fwrn=4&fwrnh=100&lmt=1684514359&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1402822305&ad_type=text_image&format=365x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rh=305&rw=365&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359588&bpp=1&bdt=2159&idt=1&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280&nras=3&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=HNs3i103KL&p=https%3A//phishcheck.me&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

756997924e97f09793e32520f153591ff455188cf2fd5e2f8d95b6d427b9e87b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:36:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21773
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8780
x-xss-protection: 0
server: cafe
etag: 16540081610679671253
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:36:27 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/ Frame B541 3 KB
1 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=280&adk=889495490&adf=2039575784&pi=t.aa~a.258514030~i.3~rp.4&w=365&fwrn=4&fwrnh=100&lmt=1684514359&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1402822305&ad_type=text_image&format=365x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rh=305&rw=365&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359588&bpp=1&bdt=2159&idt=1&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280&nras=3&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=HNs3i103KL&p=https%3A//phishcheck.me&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:59:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20397
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:59:23 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/ Frame B541 19 KB
8 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=280&adk=889495490&adf=2039575784&pi=t.aa~a.258514030~i.3~rp.4&w=365&fwrn=4&fwrnh=100&lmt=1684514359&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1402822305&ad_type=text_image&format=365x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rh=305&rw=365&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359588&bpp=1&bdt=2159&idt=1&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280&nras=3&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=HNs3i103KL&p=https%3A//phishcheck.me&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9df1ad09e8ee902ee6a76cf88df57306868ca4ee532d74830fbcfe4db8bdf39d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:36:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21779
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7953
x-xss-protection: 0
server: cafe
etag: 16153819885643670827
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:36:21 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame B541 0
0 22ms
22ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSDJPWJ1XfK9jIo3OawqMJob-Clknq9QH4aSLMVWguPeO4uJ8Ky9TkKSjLzKEsm5vJ2ljt25E3T8q5_yRi2EarINSUfGQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=280&adk=889495490&adf=2039575784&pi=t.aa~a.258514030~i.3~rp.4&w=365&fwrn=4&fwrnh=100&lmt=1684514359&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1402822305&ad_type=text_image&format=365x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rh=305&rw=365&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359588&bpp=1&bdt=2159&idt=1&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280&nras=3&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=HNs3i103KL&p=https%3A//phishcheck.me&dtd=6
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B541 170 KB
53 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=280&adk=889495490&adf=2039575784&pi=t.aa~a.258514030~i.3~rp.4&w=365&fwrn=4&fwrnh=100&lmt=1684514359&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1402822305&ad_type=text_image&format=365x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rh=305&rw=365&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359588&bpp=1&bdt=2159&idt=1&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280&nras=3&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=HNs3i103KL&p=https%3A//phishcheck.me&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47d66a97dd9e4ae073078b5dcd843a74baf83776f2dd8dff131b1b6ea9209698

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53893
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1684322484769956"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 19 May 2023 16:39:20 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/ Frame B541 32 KB
13 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=280&adk=889495490&adf=2039575784&pi=t.aa~a.258514030~i.3~rp.4&w=365&fwrn=4&fwrnh=100&lmt=1684514359&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1402822305&ad_type=text_image&format=365x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rh=305&rw=365&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359588&bpp=1&bdt=2159&idt=1&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280&nras=3&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=HNs3i103KL&p=https%3A//phishcheck.me&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18a37dc90b9c1990e293e02307fc12b9c7e66331a24eabb8336a9c06907a2bd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Thu, 18 May 2023 17:16:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84189
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13064
x-xss-protection: 0
server: cafe
etag: 484897097926465030
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 01 Jun 2023 17:16:11 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame B541 0
0 60ms
59ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C8lFSN6ZnZKCOK9bUn88P1Pq_6AnImbywcLqYktS4EdvZHhABIJ3w6iBg0ASgAdSwyMIoyAECqAMByAPJBKoExwFP0DSLdTLQreG8A9aHJ3ofzTU26B8HDAVdx84XKQR6g2Ljtn5FbpLuHKt2lSs0lqgm-NKDxUqhHIwUyLorrUKl089W9wtPotpbdoamfpCZQ1ALh4MR-koU9bYEIEQCL3uqfV1resCrZKvZc36ZkxbSjtegjlyTLFUKT01Zbye9ejoJSdYUn3DXKc6hIp77ouM7rfIzUYUbbddmumEIBCLXURiPAKvsyQ27b_7ty1hdCa75EGTduulOofxuggQUW4JnF7EGOgDTwASy2M_UnwSgBgKAB9TomKIDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQx5EB0ggUCIBhEAEYHzICigI6AoBASL39wTqACgHICwHYEwPQFQGAFwGyFxwKGggAEhRwdWItNTYyNTM3OTgyOTc5MDYwNhgA&sigh=3xoJOhbWg6o&uach_m=[UACH]&cid=CAQSOwBygQiDCtLgFY6QX6Sa0_oRRvEmcwpQob2Bt2ss-o2ZnMiPDTSCJnRff0G7I2VGSt5qQiZq_QAp85oxGAE

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=280&adk=889495490&adf=2039575784&pi=t.aa~a.258514030~i.3~rp.4&w=365&fwrn=4&fwrnh=100&lmt=1684514359&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1402822305&ad_type=text_image&format=365x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rh=305&rw=365&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359588&bpp=1&bdt=2159&idt=1&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280&nras=3&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=HNs3i103KL&p=https%3A//phishcheck.me&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=280&adk=889495490&adf=2039575784&pi=t.aa~a.258514030~i.3~rp.4&w=365&fwrn=4&fwrnh=100&lmt=1684514359&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1402822305&ad_type=text_image&format=365x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rh=305&rw=365&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359588&bpp=1&bdt=2159&idt=1&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280&nras=3&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=HNs3i103KL&p=https%3A//phishcheck.me&dtd=6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 19 May 2023 16:39:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 66BD 0
10 B 14ms
13ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?pXf6HQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:20 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 491A 624 B
245 B 53ms
52ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY1O7NxQEwAQ&v=APEucNXaMLMgQW2JolcAAEEgEQfx798jEDjyydz_bRs3yznGWiTJQCz5sMQEgCrIhm6CqsD7s4jyXdFgne7ZB02CACDJsCfVMQSAffZ7lr7KK8qTS4cUXZqQ1PGoozx0kz5Q6KlTC5iFM3CsXef8fU1iKNnkyCqpWJ4srRcwilPugw_meomTDUM

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 16:39:20 GMT
expires: Fri, 19 May 2023 16:39:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 0FCC 78 KB
27 KB 83ms
81ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 19 May 2023 16:39:20 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/ Frame 0FCC 3 KB
1 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:59:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 20397
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:59:23 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/ Frame 0FCC 19 KB
8 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230517/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9df1ad09e8ee902ee6a76cf88df57306868ca4ee532d74830fbcfe4db8bdf39d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:36:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21779
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7953
x-xss-protection: 0
server: cafe
etag: 16153819885643670827
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:36:21 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 0FCC 0
0 24ms
22ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRPBhAT4L9_p8V_J6dvWu9bWhJOYDpKj0SJHGBxz-Mwts86vpiC15agD1xzLulR5ecH9siVWkA6SUwfnu75xkLxQhWKfg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0FCC 170 KB
53 KB 30ms
28ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47d66a97dd9e4ae073078b5dcd843a74baf83776f2dd8dff131b1b6ea9209698

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53893
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1684322484769956"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 19 May 2023 16:39:20 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0FCC 42 B
63 B 52ms
50ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AYIHFOzp4UYmxeA6pGlxSEzM9Aod3sWQn0TroL_Ar7lZaIhDybkWUSAa8z7QA6hfovzVosR1tFzOZ6rBQwefWCzXxL5RpH-s5Emd9jpmIZQW7PWTY

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0FCC 0
20 B 51ms
50ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=14039891970552629212&x=1&ct=76

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 94E5 143 B
166 B 15ms
14ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=280&adk=889495490&adf=2039575784&pi=t.aa~a.258514030~i.3~rp.4&w=365&fwrn=4&fwrnh=100&lmt=1684514359&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1402822305&ad_type=text_image&format=365x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rh=305&rw=365&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359588&bpp=1&bdt=2159&idt=1&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280&nras=3&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=HNs3i103KL&p=https%3A//phishcheck.me&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=280&adk=889495490&adf=2039575784&pi=t.aa~a.258514030~i.3~rp.4&w=365&fwrn=4&fwrnh=100&lmt=1684514359&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1402822305&ad_type=text_image&format=365x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rh=305&rw=365&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359588&bpp=1&bdt=2159&idt=1&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280&nras=3&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=HNs3i103KL&p=https%3A//phishcheck.me&dtd=6
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1704
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 16:10:56 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame AEC1 1 KB
643 B 15ms
14ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=280&adk=889495490&adf=2039575784&pi=t.aa~a.258514030~i.3~rp.4&w=365&fwrn=4&fwrnh=100&lmt=1684514359&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1402822305&ad_type=text_image&format=365x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rh=305&rw=365&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359588&bpp=1&bdt=2159&idt=1&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280&nras=3&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=HNs3i103KL&p=https%3A//phishcheck.me&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 20107
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 11:04:13 GMT
etag: 48472445140208031
expires: Sat, 20 May 2023 11:04:13 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame B541 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bca066af05e248aa9f25a364878e78f32b5b3b6c7dadb292e5b985f6f7a7e6dd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 AGSKWxXIMzbCLumgtqLBMKys-UzPcl4yjyM3sfWswBAtFcW-OSZRVx-n3s6P2LXqD19D_CwRvDCpSlcjKjyXkVVd8CJATiWlEFlPeimE2G2DP0A0wGweBSOlIhD5ra5VuZzI_LSYIfLm1Q== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 30ms
30ms XHR
text/html 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxXIMzbCLumgtqLBMKys-UzPcl4yjyM3sfWswBAtFcW-OSZRVx-n3s6P2LXqD19D_CwRvDCpSlcjKjyXkVVd8CJATiWlEFlPeimE2G2DP0A0wGweBSOlIhD5ra5VuZzI_LSYIfLm1Q==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-8LwbygoX8SJPCh3ppQ0x3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://phishcheck.me/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 19 May 2023 16:39:20 GMT
content-security-policy: script-src 'report-sample' 'nonce-8LwbygoX8SJPCh3ppQ0x3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://phishcheck.me
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 491A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAGCBnwF30JTRAwmwQUxGU&google_cver=1

43 B
766 B

8ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAGCBnwF30JTRAwmwQUxGU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY1O7NxQEwAQ&v=APEucNXaMLMgQW2JolcAAEEgEQfx798jEDjyydz_bRs3yznGWiTJQCz5sMQEgCrIhm6CqsD7s4jyXdFgne7ZB02CACDJsCfVMQSAffZ7lr7KK8qTS4cUXZqQ1PGoozx0kz5Q6KlTC5iFM3CsXef8fU1iKNnkyCqpWJ4srRcwilPugw_meomTDUM
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 19 May 2023 16:39:20 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAGCBnwF30JTRAwmwQUxGU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 491A
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZGemONvJoXOc9CU3SKSKegAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAGCBnwF30JTRAwmwQUxGU&google_cver=1

43 B
766 B

19ms
10ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAGCBnwF30JTRAwmwQUxGU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY1O7NxQEwAQ&v=APEucNXaMLMgQW2JolcAAEEgEQfx798jEDjyydz_bRs3yznGWiTJQCz5sMQEgCrIhm6CqsD7s4jyXdFgne7ZB02CACDJsCfVMQSAffZ7lr7KK8qTS4cUXZqQ1PGoozx0kz5Q6KlTC5iFM3CsXef8fU1iKNnkyCqpWJ4srRcwilPugw_meomTDUM
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 19 May 2023 16:39:20 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAGCBnwF30JTRAwmwQUxGU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 491A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEI7cUXw_UAMetzU3dksCg-Q&google_cver=1

43 B
1 KB

37ms
16ms

Image
image/gif

185.89.210.101
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEI7cUXw_UAMetzU3dksCg-Q&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY1O7NxQEwAQ&v=APEucNXaMLMgQW2JolcAAEEgEQfx798jEDjyydz_bRs3yznGWiTJQCz5sMQEgCrIhm6CqsD7s4jyXdFgne7ZB02CACDJsCfVMQSAffZ7lr7KK8qTS4cUXZqQ1PGoozx0kz5Q6KlTC5iFM3CsXef8fU1iKNnkyCqpWJ4srRcwilPugw_meomTDUM

Protocol

HTTP/1.1

Server

185.89.210.101 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 19 May 2023 16:39:20 GMT
AN-X-Request-Uuid: 004d480b-cee9-49cc-987c-72c2dc46cb65
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 178.162.209.136; 178.162.209.136; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEI7cUXw_UAMetzU3dksCg-Q&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 491A
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY4NjMxNzAwNDU0Mzc1NzA0

170 B
243 B

23ms
22ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY4NjMxNzAwNDU0Mzc1NzA0

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 19 May 2023 16:39:20 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 178.162.209.136; 178.162.209.136; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 589473c7-bde1-4147-b204-1d3fb1447a28
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY4NjMxNzAwNDU0Mzc1NzA0
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

noop
px.owneriq.net/ Frame AEC1
Redirect Chain

https://px.owneriq.net/ecmg?google_gid=CAESELZ0ITJg4ROtkiGnWNoPPVI&google_cver=1&google_push=ATf1kGPMsEgTZvn8GCLvCZKl827kgY4-MEcofGHzu1RWa7GJ0f5sCcCe4uxmrmPWxmkzhTxP-6sSdJsDalUqHXN8gLocP3JMZ1fsSXE
https://px.owneriq.net/noop?ct=image%2Fgif

0
287 B

12ms
12ms

Image
image/gif

104.102.40.143
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.owneriq.net/noop?ct=image%2Fgif
Protocol: HTTP/1.1
Server: 104.102.40.143 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-40-143.deploy.static.akamaitechnologies.com
Software: Apache/2.4.6 (CentOS) / PHP/7.3.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Fri, 19 May 2023 16:39:20 GMT
Server: Apache/2.4.6 (CentOS)
Connection: keep-alive
X-Powered-By: PHP/7.3.33
Content-Length: 0
Content-Type: image/gif

Redirect headers

Location: https://px.owneriq.net/noop?ct=image%2Fgif
Date: Fri, 19 May 2023 16:39:20 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame AEC1
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEDS7MdaW0j-jppHvUrM1rfg&google_push=ATf1kGMtCiJSg6BARtV65roNthgX0BzyWbj7H5p64veH3z8o-puwV66N8G...

170 B
232 B

24ms
24ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEDS7MdaW0j-jppHvUrM1rfg&google_push=ATf1kGMtCiJSg6BARtV65roNthgX0BzyWbj7H5p64veH3z8o-puwV66N8GZ0ANQRrAFJq-9fZGEkUgr88yuhNtjgMOvKug3aDJvvgnk

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230131-FRA
pragma: no-cache
date: Fri, 19 May 2023 16:39:20 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1684514361.622925,VS0,VE89
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEDS7MdaW0j-jppHvUrM1rfg&google_push=ATf1kGMtCiJSg6BARtV65roNthgX0BzyWbj7H5p64veH3z8o-puwV66N8GZ0ANQRrAFJq-9fZGEkUgr88yuhNtjgMOvKug3aDJvvgnk
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AEC1
Redirect Chain

https://mweb.ck.inmobi.com/sync/3?redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dinmobi_pte_limited%26google_hm%3D%24DSP_CKID&google_gid=CAESEFqFcdYuhvvUrPwqTVGZoxw&google_cver=...
https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=MDM1NDZkYTQtYzJhZS00NTg5LTliOWUtODk3NGE2ODk5ZDAz&google_gid=CAESEFqFcdYuhvvUrPwqTVGZoxw&google_cver=1&google_push=ATf1kGO3...

170 B
188 B

24ms
24ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=MDM1NDZkYTQtYzJhZS00NTg5LTliOWUtODk3NGE2ODk5ZDAz&google_gid=CAESEFqFcdYuhvvUrPwqTVGZoxw&google_cver=1&google_push=ATf1kGO3EPyb7sS1JdUO0JE4_BL7KbdJvwgiWF-KGLxu1QPc5Jf36STZksNZro8XAnHctIW_fucdoIlOPCBwX3869bXnBakNahKN1Q

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=MDM1NDZkYTQtYzJhZS00NTg5LTliOWUtODk3NGE2ODk5ZDAz&google_gid=CAESEFqFcdYuhvvUrPwqTVGZoxw&google_cver=1&google_push=ATf1kGO3EPyb7sS1JdUO0JE4_BL7KbdJvwgiWF-KGLxu1QPc5Jf36STZksNZro8XAnHctIW_fucdoIlOPCBwX3869bXnBakNahKN1Q
date: Fri, 19 May 2023 16:39:20 GMT
strict-transport-security: max-age=15724800; includeSubDomains
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame AEC1 43 B
363 B 64ms
14ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEPkTwgLtnQqJBqQLxQmFD_I&google_cver=1&google_push=ATf1kGMgbYa26I6Kcvh2mmYTIC3P3FgsIjFXSqPbV_NcCZGvPytrfefG1O_OnfPFEMp4NCGzhZ6VSjmFXrlvlnHMu-wvEfCi4jsopf8

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=280&adk=889495490&adf=2039575784&pi=t.aa~a.258514030~i.3~rp.4&w=365&fwrn=4&fwrnh=100&lmt=1684514359&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1402822305&ad_type=text_image&format=365x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rh=305&rw=365&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359588&bpp=1&bdt=2159&idt=1&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280&nras=3&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=HNs3i103KL&p=https%3A//phishcheck.me&dtd=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:19 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 268553
expires: Fri, 19 May 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AEC1
Redirect Chain

https://a.clickcertain.com/px/img/g/?google_gid=CAESEMcQQoRjx28njXDMHQZC_cM&google_cver=1&google_push=ATf1kGMqbsfWhDYJNN9WPBhzfsLOgNt4c_ma44hKmes7_Ph6ENfhM_x2C-ESpjODkBPwHSlocSrC7AhXkDkfdCTBmgMMSR-...
https://i.liadm.com/s/56408?bidder_id=200441&bidder_uuid=d6cefecf-7546-44b8-82ea-9dacb270f998&ccid=d6cefecf-7546-44b8-82ea-9dacb270f998&redir=https%253a%252f%252fsecure%252eadnxs%252ecom%252fgetuid...
https://i.liadm.com/s/56408?redir=https%253a%252f%252fsecure%252eadnxs%252ecom%252fgetuidu%253fhttps%253a%252f%252fa%252eclickcertain%252ecom%252fpx%252fimg%252fg%252f%253fdone%253dtrue%2526google_...
https://a.clickcertain.com/px/li/?redir=https%253a%252f%252fsecure%252eadnxs%252ecom%252fgetuidu%253fhttps%253a%252f%252fa%252eclickcertain%252ecom%252fpx%252fimg%252fg%252f%253fdone%253dtrue%2526g...
https://secure.adnxs.com/getuidu?https://a.clickcertain.com/px/img/g/?done=true&google_gid=CAESEMcQQoRjx28njXDMHQZC_cM&google_cver=1&google_push=ATf1kGMqbsfWhDYJNN9WPBhzfsLOgNt4c_ma44hKmes7_Ph6ENfh...
https://a.clickcertain.com/px/img/g/?done=true&google_gid=CAESEMcQQoRjx28njXDMHQZC_cM&google_cver=1&google_push=ATf1kGMqbsfWhDYJNN9WPBhzfsLOgNt4c_ma44hKmes7_Ph6ENfhM_x2C-ESpjODkBPwHSlocSrC7AhXkDkfd...
https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_push=ATf1kGMqbsfWhDYJNN9WPBhzfsLOgNt4c_ma44hKmes7_Ph6ENfhM_x2C-ESpjODkBPwHSlocSrC7AhXkDkfdCTBmgMMSR-_cSAyyg&google_hm=ZDZjZWZlY2YtN...

170 B
188 B

23ms
23ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_push=ATf1kGMqbsfWhDYJNN9WPBhzfsLOgNt4c_ma44hKmes7_Ph6ENfhM_x2C-ESpjODkBPwHSlocSrC7AhXkDkfdCTBmgMMSR-_cSAyyg&google_hm=ZDZjZWZlY2YtNzU0Ni00NGI4LTgyZWEtOWRhY2IyNzBmOTk4

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 19 May 2023 16:39:21 GMT
x-frontend: cc-nginx-665d6f7f7c-gs29q:cc-nginx-665d6f7f7c-gs29q
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-requestid: 0e19f801-d20a-4a60-bc6c-8cd8655e97ef
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vRamIqw1nc%2Fhvr0JXucHFP7kvRtCNlGlm1gzH02%2B5NJ5jDYyZRH9IR7%2BNB%2F44%2FSdT4yRDXvZvYa7%2BV4btqYMS0bEwkK6e2X8ZcWNQQA5tn28kap0go0UUL58yWOK0Wfz1fY6loTRncVEinax0kp2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_push=ATf1kGMqbsfWhDYJNN9WPBhzfsLOgNt4c_ma44hKmes7_Ph6ENfhM_x2C-ESpjODkBPwHSlocSrC7AhXkDkfdCTBmgMMSR-_cSAyyg&google_hm=ZDZjZWZlY2YtNzU0Ni00NGI4LTgyZWEtOWRhY2IyNzBmOTk4
cf-ray: 7c9dc6875bbb698f-FRA

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AEC1
Redirect Chain

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESELkquDAzz0Zetcn6xH62lbk&google_cver=1&google_push=ATf1kGMZSVmxuuOj1WmP6nC0S9pH6X10FVcntZghGcU88diO36aFGMKvJR4fl86PTT1IH8FN4aFO4Ne07fN6j...
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESELkquDAzz0Zetcn6xH62lbk&google_push=ATf1kGMZSVmxuuOj1WmP6nC0S9pH6X10FVcntZghGcU88diO36aFGMKvJR4fl86PTT1IH8FN4aFO4Ne07fN6j...
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=ATf1kGMZSVmxuuOj1WmP6nC0S9pH6X10FVcntZghGcU88diO36aFGMKvJR4fl86PTT1IH8FN4aFO4Ne07fN6jw7y5cpRon4U58eBy_4&google_hm=RlNTVi1GMTFzelZra...

170 B
188 B

25ms
24ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=ATf1kGMZSVmxuuOj1WmP6nC0S9pH6X10FVcntZghGcU88diO36aFGMKvJR4fl86PTT1IH8FN4aFO4Ne07fN6jw7y5cpRon4U58eBy_4&google_hm=RlNTVi1GMTFzelZra0V5MHdfb1c=

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 19 May 2023 16:39:21 GMT
Content-Type: text/html; charset=utf-8
Location: https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=ATf1kGMZSVmxuuOj1WmP6nC0S9pH6X10FVcntZghGcU88diO36aFGMKvJR4fl86PTT1IH8FN4aFO4Ne07fN6jw7y5cpRon4U58eBy_4&google_hm=RlNTVi1GMTFzelZra0V5MHdfb1c=
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 239
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AEC1
Redirect Chain

https://trace.mediago.io/cs/google?google_gid=CAESEC6yzV3xDRPr5CLBuQMmnQU&google_cver=1&google_push=ATf1kGO0_gJipHM4mR7ZXPgawwHKMWifmpvE1SPitgSgiHI5_wYZ86xfHphTN3zb3l69eB_9Gxp_70737Sl5_10pU1otCHIrp...
https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=ATf1kGO0_gJipHM4mR7ZXPgawwHKMWifmpvE1SPitgSgiHI5_wYZ86xfHphTN3zb3l69eB_9Gxp_70737Sl5_10pU1otCHIrp3KR84Vf&google_hm=98ebde90dd...

170 B
188 B

24ms
23ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=ATf1kGO0_gJipHM4mR7ZXPgawwHKMWifmpvE1SPitgSgiHI5_wYZ86xfHphTN3zb3l69eB_9Gxp_70737Sl5_10pU1otCHIrp3KR84Vf&google_hm=98ebde90ddefd0631029b97e5a1146ba

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=ATf1kGO0_gJipHM4mR7ZXPgawwHKMWifmpvE1SPitgSgiHI5_wYZ86xfHphTN3zb3l69eB_9Gxp_70737Sl5_10pU1otCHIrp3KR84Vf&google_hm=98ebde90ddefd0631029b97e5a1146ba
date: Fri, 19 May 2023 16:39:20 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 250
content-type: text/html; charset=utf-8

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame AEC1 0
130 B 45ms
20ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KF1KiVa91iMbkI0DBjviiGWnOw2drDTwCNdbigRXNd8LTzW2Tb1_1NMWPHqFRwvD231BdBwA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=280&adk=889495490&adf=2039575784&pi=t.aa~a.258514030~i.3~rp.4&w=365&fwrn=4&fwrnh=100&lmt=1684514359&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1402822305&ad_type=text_image&format=365x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rh=305&rw=365&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359588&bpp=1&bdt=2159&idt=1&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280&nras=3&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=HNs3i103KL&p=https%3A//phishcheck.me&dtd=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:20 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 94E5
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

27ms
26ms

Document
text/html

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=280&adk=889495490&adf=2039575784&pi=t.aa~a.258514030~i.3~rp.4&w=365&fwrn=4&fwrnh=100&lmt=1684514359&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1402822305&ad_type=text_image&format=365x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rh=305&rw=365&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359588&bpp=1&bdt=2159&idt=1&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280&nras=3&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=HNs3i103KL&p=https%3A//phishcheck.me&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 16:39:20 GMT
expires: Fri, 19 May 2023 16:39:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 16:39:20 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 x4MEI6eqFB0dCdwpn32-R0gTDA087Zgj0u4bOKm75nA.js Show response
pagead2.googlesyndication.com/bg/ Frame 595D 37 KB
14 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/x4MEI6eqFB0dCdwpn32-R0gTDA087Zgj0u4bOKm75nA.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=280&adk=889495490&adf=2039575784&pi=t.aa~a.258514030~i.3~rp.4&w=365&fwrn=4&fwrnh=100&lmt=1684514359&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=1402822305&ad_type=text_image&format=365x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rh=305&rw=365&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359588&bpp=1&bdt=2159&idt=1&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280&nras=3&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=HNs3i103KL&p=https%3A//phishcheck.me&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7830423a7aa141d1d09dc299f7dbe4748130c0d3ced9823d2ee1b38a9bbe670

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 16 May 2023 17:01:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 257841
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14664
x-xss-protection: 0
last-modified: Mon, 15 May 2023 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 May 2024 17:01:59 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0FCC 0
20 B 53ms
52ms Ping
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=588292820141&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0FCC 0
20 B 55ms
55ms Ping
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=588292820141&version=m202301230201&ct=76&x=1&cor=14039891970552630000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0FCC 98 KB
38 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BT96kx3-b20ASyjhWhNgdCDMkLMKTlEMk-Az0OvF8DEvb7xSv581kaQZf7K79F7WGY4PYeaLpycAWz6eoeuy4-AB8ga9DdB6xfDBtc-gU10xerqbxk7ag5LBXMvJDQYLX-gbDpD5lFAFDG0E1lXMieUYteUc123LViRHCLqo3xE2mJFL0&dbm_d=AKAmf-DA5ZO46ZOlvTnVGhMmQ85aD6wIh4U4CgQRIkWHpfvETcOCP067085484vshg5FzBiIeVxEVjWmour7RdHsq9L142d3IjGOfoq2Si1bgXodVlvhAe62x74J3R6sx548e1s04NAiUK7mZZy2ybOWESDAlWRO66JRQIOb7VLgmVBFd61E5eP_-glbRkJ8I3ln6DVPwFhKqxeOYsKw6eiP9S0hWnMCH702fXdbcb2Dru6gI9kqjo-JtGvIkwdaV7QCBE9_M27IMHg9bB0oJEHtdSpBV_KR8ww-tyDDjrZSGQJmoYZd4Hhg91tPnVrZAmGpBhuMRCN0PpirDe5QUQybInWpg3U1XxnaQREs1oVRGi0vURrbYlz0lvANqXfsdauB_VTd3MRn0y3WRAUe1iNfLyHgb1IJJj4mT_WldtG0KMlCasCa0gOvLP21dEKfvMHtuKevF1EXg2dWyGI_IU3u3dugt35Mh7QjNFe9XqClzwyQI3g95LTGPoO0ta8P5SFuhJTn_I8dncW4CqaKaO-V-4HB8thkxeRkkx1FI768r_RUUhDh8MFn2Go09oL5okZD5wDViwlRXVi9G_vUnzu6FpddL07kjrOfpm31sRIe_Ew3D83DGXslwuK7faQQgfN_zAA7qh_3BJOho-fMY3y4mHlhAreyYzzvDFNmtqmACoXO_zgF-Fz-OCLcftSW_p4carpp6EXnkuBZLfQEl6fuOGZju123wsyUoQRdc1CrEepwIdKiOHdmFCu4v--myrB50ikNRHHqNg4y-YlnZBAbA2cMl0ouPCBNn_PR6ZAAjBPYm6Tq19CAFLRFq6nn_NICQ9CKZFEFXGzNYP5zZ4GGhaU4sZ7OdL7_oUI-gU8pIQWufFj6N_iV5vAE8BJzrpmunKvShcqLh28LkRu6tHtSnVyTndvm1Zb_FB7hq2ibxgkzGehZWUUsNFnDnBhnWUBAow9a6-_YwhrAgCte5idJIfuqNnzhqkEv5f85tfHS7Zr-bN4GruTGozrQDd28BHiimXBYHx6ABfEROj5IufYw05K4daTlFRl3SNHPU-BwX1AUQuZubX8NuLi8NO-zi1gFE9UuGhVcMVSsNPVvCn6fsXpR31fDgvtKq_CadBTR37rgRFi8McY8xaPhFBW6X0qbeBepsnu0MKTL0EsVDzf60DwzDOTqB1PO1jrGGqm1O06JXAPm2Dfx-jmDOHF-q88dPV0FNOZeNutKg9sxoSgKBdGuSv4zGrv_aZRKPJyDrQWf081jNQA-RLEPhKW8diQhV7MqRSfYhwCA9EqIlzosJ-eTEV7hkwEnQa9Ek5eEoDi1MhXJY-cSIE_Zqx9rOLN5Abf60MMM9IptSlGy5s96kGyKWKfeRw0NmQygeELFGpUFXIWuEJ1M9j6k0kwkteaCsmTFphDcdb1C0E2S4wJO1x86wEti99-CRBn06bskcZatQMKxVLrFsbFTBBDkLTl2cXyxQPUvgzkwHGw-al9h1Etx6Nq_ygC_LA-t2WGUVqXhQLSpyLZmGmOzx37MxL-KHfrfdJLs-hyQ_pkjqA2XOuAYX3HM_wLOu8QWyr4jNwypR6sLOgY0nCDoTZ7oL9c-D52CFRfy_6JYUzHbkpfp6jaBMSFyy_xzPWcXXHdh5yb-nvudUxZbfNiqPT4Uv7wnYNbkLQ40vOawzbfGYzCJFsXKjzxYgcMK3u143uuqL52CXXQk16bWUa11fodwbJqIOxLmLIYM48Jk32Msd7eip2CdJFHuAKVesMQ8S8zQEGkAw95UNxxHg3g6LaKI3yH-RIeWdZ5sft0EQrt6jTvdVzA39jnS8S3e-BUvfH3WgQ0-J7tpSBxOwoQZBzaNo3GegnloHl8_HAoUr8OyIHmXcRGYMtLVaoux_PJy2MefaHyx8gGVORqIEHdgGb5d4Quf__RxYZg9WXIzzqS8OczzqdHUl5QOhxcBHz-yXTKWzTOdW-yxgu72VFeoznlZ_U_5qkYwKxgroDyakha6tShAHO3dAKNYl8a5gNHEdN3mlpX2hxo56tAGksJlyGtZh9XzIBQ5BuYmEwkJmw5Ge3DK_XpsYOQR-qGUA0u78JtFneweLBi9HDlasYQfiSDfZ6gQXNghqcJoEPIgHHW3AeUxf6s35smDJstMx8p__hUwNTtxLWrb3HcBYhmA6ee6segKDbP7yZZry82MSY3fNDCS6GCs2Y0zDz-wW2cNI-9O7-iXTe-182vc8uhGaTSjn1QaMJiCX-upqva7G-D9VaOJBL5qPZdh9Zw6DibwkZ0BfxZ8Yoi72fUsvGDYAQOsBAt0GUsqsyKEskMBLfWbDkNKXWWUTXYNJlX8xiHiOhe5EKkDvGUF0fdkjRB4xMLpKIJjx7VMyyKaseO_P6rl5j33ykC65AwTevU7ei1lLUj6PJQNU3axwqlUduhRAdi1vA27rCRD1yJB8pAPd8YjRpMsQ07XxoJmE4Uch3PgRjnD66tgJBAvFtiNTjo09BjryRSZUoIkYe0QBqN-rLYpR3mb_DaxJP6rAnXfYeg2vGG-CKXWXAuhcBS4B0S-Zho-5z6-SdJQSUH9R52WVtQMqZ-5SnYBfmJ2WFSut3eZsTjnZp7Kq-h_jhwfeSJCElXNWk8_04UkNwxxmzSYnESt4Kdsoop5d4GJ8n0qi1QlVBAGhrvrcUw_Bz_fngvGF0hEwNREPvcCGQ3Te6TMc7Lox8Ta6iubNqWVHYpP9GnQeW2chR__r7nijANgNA_4CM8_aX1mRFyzpOHu2ISNptMttZHGNYRjvaSZCbgM69jlW4-KV7uWTqL06RwAX29fMlFnDxtKeekBy1yZtGfK36X63rwOALrO0UNvAWSAAieJbsoEkTzBYwkMfO0WxWrLjeSTCUMYgOPymSJh0mm8JIzeJcQCKlU_rXdB6-cS8XmA-pA4UW3Za7wPHiXLC4gsKAHNNyYVvUepJ6BrGToC6Nqqz9AO_v0iDtprtMyt4_SJctl8HI53qb67NbNgtxld_DMOLH9ZFbEqYKINiN3TZw-0FNTH4CjJyi6asKfO0tyWWLxwxQJ03Ce1dA4KJrU_bracl2xUExRU9YbUYcZYpWq_JeZ0t995f5qBhLXyqM4iCfYPArpSbcltLXzE9QBSGunwindLDXWQG5QYHnZdBYYOt4KArKkBG5WO3IJqDp6Hjcv717D0Suzd-kf18ev1UWwkkl098VUIxZjpouwOyuFFeP7jSRyieMTS99lDScGJYFo648b5NKhLcx7EtQmmOb_Gg3bZer3uXT060-47nJcG9dnzktpXkuF0Jc4nu3UTP79USIsgapojDl8Wz3fyCWblQH5CgFrDfSW5_S6vg8i1CzTvcQBA3VNoPdqoYdHnD31m4BAwBr_v8eMTuJK2maw16tLFl1kgMJVV2IDHT6MafN1zKziNYPB60oM-CBwZUCtN0klpUueQS1LVL4hi2rQYsxctQHHkel3y7JhllLbbJOyqUvFXK_Sk-751u9z6pHmVDOuptIxv1vFyMztIFDYRlzCVpMa7ZbWYSBQ3w6c_j3c5vVEJUkwKd5IVMYDU4vz-YBhQbtZFyexYEeM0cVUbyRmZQ_7uByxfKTsL0OTs6d95YWv_6Qmijw&cid=CAQSOwBygQiDC4xffV43MyZAkW-4I4DK4IhIbmy_pSVSmx0nS0IaAyFH1Dpzhe4j0sXAKnmr3Q5iOwqfe0bIGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fphishcheck.me%2F&ds=l&xdt=1&iif=1&cor=14039891970552630000&adk=2988274607&idt=88&cac=0&dtd=10

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7417940882459975aab4421444fe3c287ebe7300ac56127f95661840288cd494

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:20 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38858
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/990511/61634096/ Frame 0FCC 245 KB
74 KB 136ms
35ms Script
application/javascript 52.215.211.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/990511/61634096/skeleton.js?ias_dspID=3&ias_campId=1010147412&ias_pubId=pub-5625379829790606&ias_chanId=1&ias_placementId=20118853377&bidurl=https://phishcheck.me/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0iq8olpusjhYYjo9oHLDXkr
Requested by: Host: phishcheck.me
URL: https://phishcheck.me/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.211.28 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-215-211-28.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 075a32068fe2448c28f957e380dffa5b0bfc7909e48b2ffd34f6b3b83075dbc3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:20 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 0FCC 106 KB
37 KB 98ms
23ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: phishcheck.me
URL: https://phishcheck.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:49:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21016
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 20 May 2023 10:49:04 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230517/r20110914/elements/html/ Frame 0FCC 11 KB
4 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230517/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BT96kx3-b20ASyjhWhNgdCDMkLMKTlEMk-Az0OvF8DEvb7xSv581kaQZf7K79F7WGY4PYeaLpycAWz6eoeuy4-AB8ga9DdB6xfDBtc-gU10xerqbxk7ag5LBXMvJDQYLX-gbDpD5lFAFDG0E1lXMieUYteUc123LViRHCLqo3xE2mJFL0&dbm_d=AKAmf-DA5ZO46ZOlvTnVGhMmQ85aD6wIh4U4CgQRIkWHpfvETcOCP067085484vshg5FzBiIeVxEVjWmour7RdHsq9L142d3IjGOfoq2Si1bgXodVlvhAe62x74J3R6sx548e1s04NAiUK7mZZy2ybOWESDAlWRO66JRQIOb7VLgmVBFd61E5eP_-glbRkJ8I3ln6DVPwFhKqxeOYsKw6eiP9S0hWnMCH702fXdbcb2Dru6gI9kqjo-JtGvIkwdaV7QCBE9_M27IMHg9bB0oJEHtdSpBV_KR8ww-tyDDjrZSGQJmoYZd4Hhg91tPnVrZAmGpBhuMRCN0PpirDe5QUQybInWpg3U1XxnaQREs1oVRGi0vURrbYlz0lvANqXfsdauB_VTd3MRn0y3WRAUe1iNfLyHgb1IJJj4mT_WldtG0KMlCasCa0gOvLP21dEKfvMHtuKevF1EXg2dWyGI_IU3u3dugt35Mh7QjNFe9XqClzwyQI3g95LTGPoO0ta8P5SFuhJTn_I8dncW4CqaKaO-V-4HB8thkxeRkkx1FI768r_RUUhDh8MFn2Go09oL5okZD5wDViwlRXVi9G_vUnzu6FpddL07kjrOfpm31sRIe_Ew3D83DGXslwuK7faQQgfN_zAA7qh_3BJOho-fMY3y4mHlhAreyYzzvDFNmtqmACoXO_zgF-Fz-OCLcftSW_p4carpp6EXnkuBZLfQEl6fuOGZju123wsyUoQRdc1CrEepwIdKiOHdmFCu4v--myrB50ikNRHHqNg4y-YlnZBAbA2cMl0ouPCBNn_PR6ZAAjBPYm6Tq19CAFLRFq6nn_NICQ9CKZFEFXGzNYP5zZ4GGhaU4sZ7OdL7_oUI-gU8pIQWufFj6N_iV5vAE8BJzrpmunKvShcqLh28LkRu6tHtSnVyTndvm1Zb_FB7hq2ibxgkzGehZWUUsNFnDnBhnWUBAow9a6-_YwhrAgCte5idJIfuqNnzhqkEv5f85tfHS7Zr-bN4GruTGozrQDd28BHiimXBYHx6ABfEROj5IufYw05K4daTlFRl3SNHPU-BwX1AUQuZubX8NuLi8NO-zi1gFE9UuGhVcMVSsNPVvCn6fsXpR31fDgvtKq_CadBTR37rgRFi8McY8xaPhFBW6X0qbeBepsnu0MKTL0EsVDzf60DwzDOTqB1PO1jrGGqm1O06JXAPm2Dfx-jmDOHF-q88dPV0FNOZeNutKg9sxoSgKBdGuSv4zGrv_aZRKPJyDrQWf081jNQA-RLEPhKW8diQhV7MqRSfYhwCA9EqIlzosJ-eTEV7hkwEnQa9Ek5eEoDi1MhXJY-cSIE_Zqx9rOLN5Abf60MMM9IptSlGy5s96kGyKWKfeRw0NmQygeELFGpUFXIWuEJ1M9j6k0kwkteaCsmTFphDcdb1C0E2S4wJO1x86wEti99-CRBn06bskcZatQMKxVLrFsbFTBBDkLTl2cXyxQPUvgzkwHGw-al9h1Etx6Nq_ygC_LA-t2WGUVqXhQLSpyLZmGmOzx37MxL-KHfrfdJLs-hyQ_pkjqA2XOuAYX3HM_wLOu8QWyr4jNwypR6sLOgY0nCDoTZ7oL9c-D52CFRfy_6JYUzHbkpfp6jaBMSFyy_xzPWcXXHdh5yb-nvudUxZbfNiqPT4Uv7wnYNbkLQ40vOawzbfGYzCJFsXKjzxYgcMK3u143uuqL52CXXQk16bWUa11fodwbJqIOxLmLIYM48Jk32Msd7eip2CdJFHuAKVesMQ8S8zQEGkAw95UNxxHg3g6LaKI3yH-RIeWdZ5sft0EQrt6jTvdVzA39jnS8S3e-BUvfH3WgQ0-J7tpSBxOwoQZBzaNo3GegnloHl8_HAoUr8OyIHmXcRGYMtLVaoux_PJy2MefaHyx8gGVORqIEHdgGb5d4Quf__RxYZg9WXIzzqS8OczzqdHUl5QOhxcBHz-yXTKWzTOdW-yxgu72VFeoznlZ_U_5qkYwKxgroDyakha6tShAHO3dAKNYl8a5gNHEdN3mlpX2hxo56tAGksJlyGtZh9XzIBQ5BuYmEwkJmw5Ge3DK_XpsYOQR-qGUA0u78JtFneweLBi9HDlasYQfiSDfZ6gQXNghqcJoEPIgHHW3AeUxf6s35smDJstMx8p__hUwNTtxLWrb3HcBYhmA6ee6segKDbP7yZZry82MSY3fNDCS6GCs2Y0zDz-wW2cNI-9O7-iXTe-182vc8uhGaTSjn1QaMJiCX-upqva7G-D9VaOJBL5qPZdh9Zw6DibwkZ0BfxZ8Yoi72fUsvGDYAQOsBAt0GUsqsyKEskMBLfWbDkNKXWWUTXYNJlX8xiHiOhe5EKkDvGUF0fdkjRB4xMLpKIJjx7VMyyKaseO_P6rl5j33ykC65AwTevU7ei1lLUj6PJQNU3axwqlUduhRAdi1vA27rCRD1yJB8pAPd8YjRpMsQ07XxoJmE4Uch3PgRjnD66tgJBAvFtiNTjo09BjryRSZUoIkYe0QBqN-rLYpR3mb_DaxJP6rAnXfYeg2vGG-CKXWXAuhcBS4B0S-Zho-5z6-SdJQSUH9R52WVtQMqZ-5SnYBfmJ2WFSut3eZsTjnZp7Kq-h_jhwfeSJCElXNWk8_04UkNwxxmzSYnESt4Kdsoop5d4GJ8n0qi1QlVBAGhrvrcUw_Bz_fngvGF0hEwNREPvcCGQ3Te6TMc7Lox8Ta6iubNqWVHYpP9GnQeW2chR__r7nijANgNA_4CM8_aX1mRFyzpOHu2ISNptMttZHGNYRjvaSZCbgM69jlW4-KV7uWTqL06RwAX29fMlFnDxtKeekBy1yZtGfK36X63rwOALrO0UNvAWSAAieJbsoEkTzBYwkMfO0WxWrLjeSTCUMYgOPymSJh0mm8JIzeJcQCKlU_rXdB6-cS8XmA-pA4UW3Za7wPHiXLC4gsKAHNNyYVvUepJ6BrGToC6Nqqz9AO_v0iDtprtMyt4_SJctl8HI53qb67NbNgtxld_DMOLH9ZFbEqYKINiN3TZw-0FNTH4CjJyi6asKfO0tyWWLxwxQJ03Ce1dA4KJrU_bracl2xUExRU9YbUYcZYpWq_JeZ0t995f5qBhLXyqM4iCfYPArpSbcltLXzE9QBSGunwindLDXWQG5QYHnZdBYYOt4KArKkBG5WO3IJqDp6Hjcv717D0Suzd-kf18ev1UWwkkl098VUIxZjpouwOyuFFeP7jSRyieMTS99lDScGJYFo648b5NKhLcx7EtQmmOb_Gg3bZer3uXT060-47nJcG9dnzktpXkuF0Jc4nu3UTP79USIsgapojDl8Wz3fyCWblQH5CgFrDfSW5_S6vg8i1CzTvcQBA3VNoPdqoYdHnD31m4BAwBr_v8eMTuJK2maw16tLFl1kgMJVV2IDHT6MafN1zKziNYPB60oM-CBwZUCtN0klpUueQS1LVL4hi2rQYsxctQHHkel3y7JhllLbbJOyqUvFXK_Sk-751u9z6pHmVDOuptIxv1vFyMztIFDYRlzCVpMa7ZbWYSBQ3w6c_j3c5vVEJUkwKd5IVMYDU4vz-YBhQbtZFyexYEeM0cVUbyRmZQ_7uByxfKTsL0OTs6d95YWv_6Qmijw&cid=CAQSOwBygQiDC4xffV43MyZAkW-4I4DK4IhIbmy_pSVSmx0nS0IaAyFH1Dpzhe4j0sXAKnmr3Q5iOwqfe0bIGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fphishcheck.me%2F&ds=l&xdt=1&iif=1&cor=14039891970552630000&adk=2988274607&idt=88&cac=0&dtd=10

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9b847c681a24b03ba8acc0b4dcd8aab9acf8c4d3131be784d488e2402d57427

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:39:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21573
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4122
x-xss-protection: 0
server: cafe
etag: 11429739870029468282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:39:47 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230517/r20110914/ Frame 0FCC 28 KB
11 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230517/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21bf4b49938284aaececf999f198f621de0aa792bb5315fc21255d0ab439e145

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:39:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21573
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11001
x-xss-protection: 0
server: cafe
etag: 16383942900985251592
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Jun 2023 10:39:47 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 0FCC 41 KB
15 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 10:36:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21779
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 18 May 2024 10:36:21 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 87D7 1 KB
643 B 14ms
14ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 20107
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 11:04:13 GMT
etag: 48472445140208031
expires: Sat, 20 May 2023 11:04:13 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 0FCC 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 354d194488a9dcee4e2ca035e573ae2f07fe92e8318c71e1b2ca33d8b438109a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame 87D7 35 B
464 B 39ms
8ms Image
image/gif 2620:116:800d:21:93ca:31d8:d86e:38f6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEMqGy1esYZXseLoUqEt_jN8&google_cver=1&google_push=ATf1kGP71CY68uIfTR91A3A9F9GXskFNOaRlwYxmzX6OoAHYl9bhUjaSG-0wMP9PHIwdlSZs4GMsqAWBqenP9TWxC26LrlDrppD2kkvsF2Adte8lpt_J9U9NLNi5mrVG5IGNBKB3kWkGLbjUwG5QYeHts6zVni4

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:93ca:31d8:d86e:38f6 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:20 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 87D7
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEABAKZSe__MXY1fQBeHIGco&google_cver=1&google_push=ATf1kGO4ZRn07jhHyC5sHaGNH_N23U2hlCscAOr7CWFOojE7VQT3wKXHYmHvpR1ebhXdiMBZrTbIkE6TY1jW9r4s-dzqfGIrTPjgR...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEABAKZSe__MXY1fQBeHIGco&google_cver=1&google_push=ATf1kGO4ZRn07jhHyC5sHaGNH_N23U2hlCscAOr7CWFOojE7VQT3wKXHYmHvpR1ebhXdiMBZrTbIkE6TY1jW9r4s-dzqfGIrTPj...

43 B
445 B

196ms
176ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEABAKZSe__MXY1fQBeHIGco&google_cver=1&google_push=ATf1kGO4ZRn07jhHyC5sHaGNH_N23U2hlCscAOr7CWFOojE7VQT3wKXHYmHvpR1ebhXdiMBZrTbIkE6TY1jW9r4s-dzqfGIrTPjgRt2C98MqSrznH3opyjYAu_WJLRvNgRmExzMY-9OKtCDS6TMy1yARE7T0vms&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGO4ZRn07jhHyC5sHaGNH_N23U2hlCscAOr7CWFOojE7VQT3wKXHYmHvpR1ebhXdiMBZrTbIkE6TY1jW9r4s-dzqfGIrTPjgRt2C98MqSrznH3opyjYAu_WJLRvNgRmExzMY-9OKtCDS6TMy1yARE7T0vms%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:21 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7c9dc6844ed51961-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:20 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 19
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEABAKZSe__MXY1fQBeHIGco&google_cver=1&google_push=ATf1kGO4ZRn07jhHyC5sHaGNH_N23U2hlCscAOr7CWFOojE7VQT3wKXHYmHvpR1ebhXdiMBZrTbIkE6TY1jW9r4s-dzqfGIrTPjgRt2C98MqSrznH3opyjYAu_WJLRvNgRmExzMY-9OKtCDS6TMy1yARE7T0vms&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGO4ZRn07jhHyC5sHaGNH_N23U2hlCscAOr7CWFOojE7VQT3wKXHYmHvpR1ebhXdiMBZrTbIkE6TY1jW9r4s-dzqfGIrTPjgRt2C98MqSrznH3opyjYAu_WJLRvNgRmExzMY-9OKtCDS6TMy1yARE7T0vms%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7c9dc682fd141961-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 87D7
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEFeOIDwIaZPRxP7rW_Pqcp8&google_cver=1&google_push=ATf1kGNbCL4IUkaf918ICknaZfHr32gD0CoYiAaPUIWje3EWrb0ZU8AoXWD9gdGC2vqyRgIoYaH41a6G0yg3kGMTxNPB...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEFeOIDwIaZPRxP7rW_Pqcp8&google_cver=1&google_push=ATf1kGNbCL4IUkaf918ICknaZfHr32gD0CoYiAaPUIWje3EWrb0ZU8AoXWD9gdGC2vqyRgIoYaH41a6G0yg3kG...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGNbCL4IUkaf918ICknaZfHr32gD0CoYiAaPUIWje3EWrb0ZU8AoXWD9gdGC2vqyRgIoYaH41a6G0yg3kGMTxNPBVSuaqAKT_dkKiSpw2pSofDUoTDf-hTsCBr_7t0GikH...

170 B
188 B

27ms
27ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGNbCL4IUkaf918ICknaZfHr32gD0CoYiAaPUIWje3EWrb0ZU8AoXWD9gdGC2vqyRgIoYaH41a6G0yg3kGMTxNPBVSuaqAKT_dkKiSpw2pSofDUoTDf-hTsCBr_7t0GikHCsz6hf3UJfnCcDNzPEao-cmbU&google_hm=wNA63hZnQr2Codrba2-iAQ==

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGNbCL4IUkaf918ICknaZfHr32gD0CoYiAaPUIWje3EWrb0ZU8AoXWD9gdGC2vqyRgIoYaH41a6G0yg3kGMTxNPBVSuaqAKT_dkKiSpw2pSofDUoTDf-hTsCBr_7t0GikHCsz6hf3UJfnCcDNzPEao-cmbU&google_hm=wNA63hZnQr2Codrba2-iAQ==
date: Fri, 19 May 2023 16:39:20 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 87D7 43 B
362 B 16ms
15ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEPkTwgLtnQqJBqQLxQmFD_I&google_cver=1&google_push=ATf1kGMo4J9UhdkjR-qbah8r4bmXUcfMH1LTaCahv0dcKESjDWpamd_dvC8vPda94xaJYQ4UkFohJR8JPX4rBW7BsTt6J7F7Dqzd_lNrJ8aIAgC5c5pwI8PwFzASvrJ-N8e-ZI85uaS45ofLwnQWTOT6xDvmh2M

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:19 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 290196
expires: Fri, 19 May 2023 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame 87D7 43 B
245 B 55ms
18ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEGqkBQfLzc7PVSZo-pqZAlM&google_cver=1&google_push=ATf1kGNGXv8wtZ8z2rItG20dznXl9GUI5T9FQhnaRVuo7GSaq2B7CyIVPXtVoW0nn5E3Jab3ORPJ3XFeotpDonpvaz9plU866zXxmHRUdXg1Lb_OA1ew6vRCH9MAPky6ciiP31rjIlXn9Df_4-SDl58tLNDIDg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:20 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 87D7
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEEmmqyUmip0ZBHscHa72WGM&google_cver=1&google_push=ATf1kGOAw1JT0Xesev5wYoyqq-HC-7JP3i7LAS9Gk3hja5O8DlrjxGtNcZvnNGsRFhr_o5RqvsqiRneiFvBB...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGOAw1JT0Xesev5wYoyqq-HC-7JP3i7LAS9Gk3hja5O8DlrjxGtNcZvnNGsRFhr_o5RqvsqiRneiFvBBrrDsS42sYuu98hvXeyT8BlX9hQEd0H1eEfsT...

170 B
188 B

27ms
27ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGOAw1JT0Xesev5wYoyqq-HC-7JP3i7LAS9Gk3hja5O8DlrjxGtNcZvnNGsRFhr_o5RqvsqiRneiFvBBrrDsS42sYuu98hvXeyT8BlX9hQEd0H1eEfsT-QUA0_OE7OmI6r6kGK7johi7ThBiJfL1gJgOJcc

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGOAw1JT0Xesev5wYoyqq-HC-7JP3i7LAS9Gk3hja5O8DlrjxGtNcZvnNGsRFhr_o5RqvsqiRneiFvBBrrDsS42sYuu98hvXeyT8BlX9hQEd0H1eEfsT-QUA0_OE7OmI6r6kGK7johi7ThBiJfL1gJgOJcc
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2

200

report
sync.teads.tv/um/ Frame 87D7
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEHK7X_8edrYP8pqEsoMZRyI&...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=ATf1kGP-O7M-WpP6rUaXobJf1_GGcgKLpvyKeAZo-QXEe3D3A9eVvHFq_CwX__DDdDBUYAHkTes5LUM1JzCoAxePiYu1hgmDzC-Med1zSR50T5v4f1cTv...
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
172 B

48ms
48ms

Image
image/gif

104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3
Protocol: H2
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

expires: Fri, 19 May 2023 16:39:20 GMT
pragma: no-cache
date: Fri, 19 May 2023 16:39:20 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 87D7 0
12 B 23ms
22ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lb0idt95aXvW58gVOHhBiz2fXjuHexwMQVnPIJ5nS9kf7glKTS65tADFlkwmsG9Xb6oyJD3g

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:20 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 4CFE 22 KB
8 KB 14ms
14ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 21779
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 19 May 2023 10:36:21 GMT
expires: Sat, 18 May 2024 10:36:21 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 x4MEI6eqFB0dCdwpn32-R0gTDA087Zgj0u4bOKm75nA.js Show response
pagead2.googlesyndication.com/bg/ Frame 4CFE 37 KB
14 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/x4MEI6eqFB0dCdwpn32-R0gTDA087Zgj0u4bOKm75nA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7830423a7aa141d1d09dc299f7dbe4748130c0d3ced9823d2ee1b38a9bbe670

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 16 May 2023 17:01:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 257841
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14664
x-xss-protection: 0
last-modified: Mon, 15 May 2023 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 May 2024 17:01:59 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17990266662471768200/ Frame BE5E 141 KB
22 KB 74ms
14ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17990266662471768200/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

57c2b596262f49dfc85822938e3989a0345fcd5ddd698423283ca15f162f6b99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 507746
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 22865
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 13 May 2023 19:36:54 GMT
expires: Sun, 12 May 2024 19:36:54 GMT
last-modified: Wed, 09 Feb 2022 10:37:12 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0FCC 0
0 101ms
60ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst3kUImk41drPzb730TsfREUv_yybzlM996RR6qkYwkU2fuHElBMXtaJJGtSZl5mNyxHobF2H1IPFDbc2nzC2_BFIqIyGnSO9re8Elx6iWb_VicrgKDPcf6S3LJkCZY-XsYNgw5rQLy0teDdO378ANgCGVUYPSzLLpLbkrOTxshxbok6uRqVkOmcOwdzllhjeM4u5fuCXBLChSA_aOgynu0s83AElPbZV-f-XoIs3JkatpBAHgISvBPbKtBU-5ZM8rmIIxqOIMf7_YAM5nbAG1n4A0e5zeM8jOTXtH0yN9H0ogchsKCZJfnoI4cwXtQtDUGILLfSlvUkw2wKnNAeIXS6uufbcBqEM4pbpLLL3CY2EIGr1IXrMKuJ9c0P-BVoYFp2aA6q7U-ADJcDVrRYwh69FBb7KWfKOB8baUC3TVsi-tOM6LEvpS8M8e8yGlYLEmwAisTxomowP-8g4WHx0SnwWUE118_mJfUBTg13z6EEYfFwKW8UztDGnEGsxA8OI-QJvcF8kQWjfzoZ1GTaQpvLYouwBxrV194imNW16ICLDSOMl8xp5sSxhV1ZSEGq8uz0RNZrC7mS6jJQYbsT4TqcnM4LtMfLVQSy-JiFLD_lBENT6kZt3qN--GscULxGmqv83hzYzWtQdmGgdr0QS5hTWUo5fH8mKq-Hn_JMVJ7GwQkKeD5l7YHQBZl5PWJmdZ5nxikH0zfWHbx7fWvQMCgWFLO3kQ7-OXI3TTUjDexkvVzEcXNTa3cZMt89JioEXCwjHq7cglyu9SfiacGg8OmKpp7Kzn9f2lKAbvD7gpQ6CCjwzl4tt-MQSLerVwbQ-fEnJP-a6NpY0KGDgKn6q_pr7W-Qkg8LLivRC0Gsca6pTsTnR8W0Vv2ZLTD5YzRdodX5dkVdcJ-VpfTbhPq-gnSrZnF-IrKTzY2ppKaBVRIeNRt5nb47ud_cI3i7fP2fKtOFRYRKNUPVWh1cSkzM-TYaAraUk81nbCyDaJwkcc2qwRCCCwzQLm5UL_NWHN0RzPpbGjEKEQn--GzQv0aZTZoexNa7ASUvuPMwS5YnsEIXjxuZHbKHrQoDpBs_IddWXZxo7lzWqJtJ_qX3dypcE9JqA_ZgrXZdSLvXyae-B23L9VMjz3AhfaiZv1RJ6e5JJI-pfzkHyRmLLg6TSTeY2L011HkUDbEG-wKiQRLOxeIkgY8PYcocqbIOGHnSsM0edMloH1eaU4LdF7yFaIOeIQ-h1AtQMmhwcnN5Xqmwc2zfC0mniD3wTZUx943Vl4KEBbVwX_8JA&sai=AMfl-YRVj5qTYT5MSljWzn_HWwi9dB2cbwtWa2KzUsjqWCAjhtOi7IEo6iAdFgxxBSMy224LuDthLu5KsCDC7z-kIxIutd3BRE9aFGEtaKBtd9quKe-hPxAXOGZbvDlt5g-qkuhDDDryidQt27doY0MtPiafht61ZM-hOvAcrUKwZnwsqiNlv51YY_K1KruHUWztsmkuZtSE8BnP9ZCY_vZ1BNsXkudqbxG3Jq43S9SNVaqWU9RLqAj2L2buLgqrJr95ddXX&sig=Cg0ArKJSzPa5_cI_zxuDEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=118&cbvp=1&cstd=115&cisv=r20230517.69558&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: phishcheck.me
URL: https://phishcheck.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 19 May 2023 16:39:20 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 19 May 2023 16:39:20 GMT

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame 0FCC
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/990511/61634096/4.js?ias_dspID=3&ias_campId=1010147412&ias_pubId=pub-5625379829790606&ias_chanId=1&ias_placementId=20118853377&bidurl=https://phishcheck.me/&ia...
https://static.adsafeprotected.com/4.js

1 KB
1 KB

40ms
17ms

Script
application/javascript

2600:9000:237d:fc00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3
Protocol: H2
Server: 2600:9000:237d:fc00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-amz-version-id: qG0gavlQiEpwK9AKo.qb12YTK3AnJXCR
content-encoding: gzip
via: 1.1 068dc56746723ff514ed3604e029e74e.cloudfront.net (CloudFront)
date: Mon, 15 May 2023 20:43:28 GMT
x-amz-cf-pop: MUC50-P2
age: 330953
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Mon, 08 May 2023 20:43:25 GMT
server: AmazonS3
etag: W/"33dffa7df253125904b2f354b5bb5e8d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: Qjt_AQ1sT3D0cU7mxR0I4cSxjd17CREmtNNWgPpNXmmLKSR2QBFUYg==

Redirect headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:20 GMT
server: nginx
x-server-name: app08.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 2C62 91 KB
23 KB 76ms
15ms Script
application/javascript 2600:9000:237d:fc00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:237d:fc00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 068dc56746723ff514ed3604e029e74e.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P2
age: 20739784
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: T0R7Nsto-tUsmCTudAL7YZczdkRwkg6PwgZ1QmWP_4lo2W9VgrIFrw==

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame BE5E 29 KB
10 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17990266662471768200/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17990266662471768200/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 00:48:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57043
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 20 May 2023 00:48:37 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0FCC 43 B
215 B 338ms
98ms Image
image/gif 2600:1f18:1aca:4280:24a6:ad5:f26:f749
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=abebfbf5-c8d9-755d-a3e3-144c0b42a6b4&tv=%7Bc:d4Y7zs,pingTime:-3,time:54,type:v,im:%7BpBlk:40%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:21%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:54,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B48~0%5D,as:%5B48~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tEIOAy0+11%7C12%7C13%7C14%7C15%7C16%7C17%7C181%7C191%7C192%7C193%7C1a1*.990511-61634096%7C1a11%7C1a12%7C1a131%7C1a14%7C1b11%7C1b12%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1f%7C1g,idMap:1a1*,rmeas:1,rend:0,renddet:DIV,siq:22%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:24a6:ad5:f26:f749 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:21 GMT
server: nginx
x-server-name: dt16.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0FCC 43 B
215 B 337ms
99ms Image
image/gif 2600:1f18:1aca:4280:24a6:ad5:f26:f749
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=abebfbf5-c8d9-755d-a3e3-144c0b42a6b4&tv=%7Bc:d4Y7zt,pingTime:-6,time:55,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:55,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B49~0%5D,as:%5B49~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tEIOAy0+11%7C12%7C13%7C14%7C15%7C16%7C17%7C181%7C191%7C192%7C193%7C1a1*.990511-61634096%7C1a11%7C1a12%7C1a131%7C1a14%7C1b11%7C1b12%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1f%7C1g,idMap:1a1*,rmeas:1,rend:0,renddet:DIV,siq:22%7D&tpiLookup=ao:phishcheck.me*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:24a6:ad5:f26:f749 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:21 GMT
server: nginx
x-server-name: dt13.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0FCC 43 B
216 B 316ms
98ms Image
image/gif 2600:1f18:1aca:4280:24a6:ad5:f26:f749
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=abebfbf5-c8d9-755d-a3e3-144c0b42a6b4&tv=%7Bc:d4Y7zO,pingTime:-2,time:76,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:402,beZ:403,mfA:405,cmA:406,inA:406,inZ:409,prA:409,prZ:419,si:423,poA:424,bl:442,poZ:442,cmZ:442,mfZ:442,loA:456,loZ:458,ltA:477,ltZ:477%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:true,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:21%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:76,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B70~0%5D,as:%5B70~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tEIOAy0+11%7C12%7C13%7C14%7C15%7C16%7C17%7C181%7C191%7C192%7C193%7C1a1*.990511-61634096%7C1a11%7C1a12%7C1a131%7C1a14%7C1b11%7C1b12%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1f%7C1g,idMap:1a1*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:DIV,siq:22,sinceFw:53,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:24a6:ad5:f26:f749 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:21 GMT
server: nginx
x-server-name: dt15.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0FCC 0
0 52ms
51ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst3kUImk41drPzb730TsfREUv_yybzlM996RR6qkYwkU2fuHElBMXtaJJGtSZl5mNyxHobF2H1IPFDbc2nzC2_BFIqIyGnSO9re8Elx6iWb_VicrgKDPcf6S3LJkCZY-XsYNgw5rQLy0teDdO378ANgCGVUYPSzLLpLbkrOTxshxbok6uRqVkOmcOwdzllhjeM4u5fuCXBLChSA_aOgynu0s83AElPbZV-f-XoIs3JkatpBAHgISvBPbKtBU-5ZM8rmIIxqOIMf7_YAM5nbAG1n4A0e5zeM8jOTXtH0yN9H0ogchsKCZJfnoI4cwXtQtDUGILLfSlvUkw2wKnNAeIXS6uufbcBqEM4pbpLLL3CY2EIGr1IXrMKuJ9c0P-BVoYFp2aA6q7U-ADJcDVrRYwh69FBb7KWfKOB8baUC3TVsi-tOM6LEvpS8M8e8yGlYLEmwAisTxomowP-8g4WHx0SnwWUE118_mJfUBTg13z6EEYfFwKW8UztDGnEGsxA8OI-QJvcF8kQWjfzoZ1GTaQpvLYouwBxrV194imNW16ICLDSOMl8xp5sSxhV1ZSEGq8uz0RNZrC7mS6jJQYbsT4TqcnM4LtMfLVQSy-JiFLD_lBENT6kZt3qN--GscULxGmqv83hzYzWtQdmGgdr0QS5hTWUo5fH8mKq-Hn_JMVJ7GwQkKeD5l7YHQBZl5PWJmdZ5nxikH0zfWHbx7fWvQMCgWFLO3kQ7-OXI3TTUjDexkvVzEcXNTa3cZMt89JioEXCwjHq7cglyu9SfiacGg8OmKpp7Kzn9f2lKAbvD7gpQ6CCjwzl4tt-MQSLerVwbQ-fEnJP-a6NpY0KGDgKn6q_pr7W-Qkg8LLivRC0Gsca6pTsTnR8W0Vv2ZLTD5YzRdodX5dkVdcJ-VpfTbhPq-gnSrZnF-IrKTzY2ppKaBVRIeNRt5nb47ud_cI3i7fP2fKtOFRYRKNUPVWh1cSkzM-TYaAraUk81nbCyDaJwkcc2qwRCCCwzQLm5UL_NWHN0RzPpbGjEKEQn--GzQv0aZTZoexNa7ASUvuPMwS5YnsEIXjxuZHbKHrQoDpBs_IddWXZxo7lzWqJtJ_qX3dypcE9JqA_ZgrXZdSLvXyae-B23L9VMjz3AhfaiZv1RJ6e5JJI-pfzkHyRmLLg6TSTeY2L011HkUDbEG-wKiQRLOxeIkgY8PYcocqbIOGHnSsM0edMloH1eaU4LdF7yFaIOeIQ-h1AtQMmhwcnN5Xqmwc2zfC0mniD3wTZUx943Vl4KEBbVwX_8JA&sai=AMfl-YRVj5qTYT5MSljWzn_HWwi9dB2cbwtWa2KzUsjqWCAjhtOi7IEo6iAdFgxxBSMy224LuDthLu5KsCDC7z-kIxIutd3BRE9aFGEtaKBtd9quKe-hPxAXOGZbvDlt5g-qkuhDDDryidQt27doY0MtPiafht61ZM-hOvAcrUKwZnwsqiNlv51YY_K1KruHUWztsmkuZtSE8BnP9ZCY_vZ1BNsXkudqbxG3Jq43S9SNVaqWU9RLqAj2L2buLgqrJr95ddXX&sig=Cg0ArKJSzPa5_cI_zxuDEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=286&vt=11&dtpt=168&dett=3&cstd=115&cisv=r20230517.69558&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: phishcheck.me
URL: https://phishcheck.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:39:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 19 May 2023 16:39:21 GMT

GET
H3 200 cta_jetzt_buchen.svg
s0.2mdn.net/creatives/assets/4331440/ Frame BE5E 2 KB
1 KB 16ms
14ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4331440/cta_jetzt_buchen.svg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b9b2b33d50320446996a318fbd7129b3b365e760c44e8acc28031438bb3f8d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17990266662471768200/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:29:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 621
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1056
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 09:19:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 19 May 2023 16:44:00 GMT

GET
H3 200 logo_flextarif.svg
s0.2mdn.net/creatives/assets/4331440/ Frame BE5E 3 KB
1 KB 16ms
15ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4331440/logo_flextarif.svg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82df0096488e87333aaa0b7cad6ec583baee19c0d1cf7638e48fb609ed060a79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17990266662471768200/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:30:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 541
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1288
x-xss-protection: 0
last-modified: Thu, 21 Oct 2021 13:24:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 19 May 2023 16:45:20 GMT

GET
H3 200 tui_live_happy_white.svg
s0.2mdn.net/creatives/assets/4426814/ Frame BE5E 8 KB
3 KB 18ms
16ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4426814/tui_live_happy_white.svg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c043552be6d98da422ec5c2946c7a6588600e29d9f2a871ba1ea1206d3db813b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17990266662471768200/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:38:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2962
x-xss-protection: 0
last-modified: Wed, 02 Feb 2022 10:17:44 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 19 May 2023 16:53:23 GMT

GET
H3 200 head2_2line_paare.svg
s0.2mdn.net/creatives/assets/4453672/ Frame BE5E 12 KB
3 KB 21ms
19ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4453672/head2_2line_paare.svg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9711c16a64e8b4086724485013257f3ba812d103630ddd609e3bcc677a07a0bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17990266662471768200/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 373
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3441
x-xss-protection: 0
last-modified: Wed, 09 Feb 2022 08:21:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 19 May 2023 16:48:08 GMT

GET
H3 200 head1_1line_paare.svg
s0.2mdn.net/creatives/assets/4453672/ Frame BE5E 4 KB
2 KB 17ms
15ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4453672/head1_1line_paare.svg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4f859c54c2abc8c5257845d36ebb1152e3eb5c555b9b78420cca3a626ecabc9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17990266662471768200/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:35:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1610
x-xss-protection: 0
last-modified: Tue, 08 Feb 2022 09:12:24 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 19 May 2023 16:50:31 GMT

GET
H3 200 728x90_kv_paare.jpg
s0.2mdn.net/creatives/assets/4453672/ Frame BE5E 36 KB
36 KB 18ms
16ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4453672/728x90_kv_paare.jpg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15ddf64a1db0b06797a274e5975f2303bbfd68ca43e0539ddb4f5aac2bcaa456

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17990266662471768200/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Fri, 19 May 2023 16:33:32 GMT
x-content-type-options: nosniff
age: 349
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37294
x-xss-protection: 0
last-modified: Wed, 09 Feb 2022 08:21:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 19 May 2023 16:48:32 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4CFE 0
20 B 53ms
52ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BDf2VOKZnZLPsJu6i9u8Pzsiw-AsAAAAAOAHgBAI&bg=!qqmlqf3NAAZ8_aWmXP07ADkAdvg8WkxsevVkqfZEdKd6LYrPH2Df0e8xnvimtTZKcXywT_9z-NfnsMivVq74pBHsP4QjaCD2Oq4CAAAAklIAAAACaAEHCgBcUeYUkSZZVumO2RAkiVGmD09mv-AN3Tc79p2lduatltG9wpIw0k9UJOdzyM5RIdUyFYWoE1msdtbYNqng4MoT7ntGQwriZlQCJ4dGh4M6CLJfDlx0AJqGK2Krl0OZAvvGrygXdHITTAz21HXig8-EYQi0zASCQ5BFMopJwWmZyDAauv0xz9shvYa9RHf5josioMBnVtGtuTDayOUL__PAYdBHIswt_5HvYxO07YbFK3BHvUuL3wpAshTRKg90KUWArm8m02QogAAtMIBThWXszSOtqqqzeJdYQtP3T4knFSWOZqvomwjbuIVgmvWR6rmcl81pB3-xk3L3yO6GjoRxEi78OxW4qduDWOuFJ2UpyS4xWXva3YYQf1BYKOwsSD3e7J_5khxDjPs1AGSfzSBPTDDPx_bkxjrD3v60F4xqXCTP7V8nIYh3HZwhHf73GW5iYSP3BLmITM3drKcgR4VyOVmBq9y30a0TVsC_DpJwXkJixnNgZxEpuoICQ7_-DdqnwYeEE7mPUCi94fzL6lrrbEO9KBszDM7ZTDEMLnj-iaBIA9zfFMukFdL8KzMqrUyZaEecG04F0qpv4CCqP-s3XXvMa9wuDvGw8wIrbbyS-epIda3Z2atYJR55hsPf4HKqeRf9o_VXAykzeerBPuOecPZYTE8fnMZktxvHI1siuAx_wEi9POE9Hrl0q6GXH_HQdgoNNnCOkoUXKrfmfz-mM83cYRDutAm3j0drUpUp0fiWrmEPl30y-uGa73UXa4ObuGz8m_JCQj4epq4A3s3gol6ecms8nJdZZknqsKNo4hYPsa2bFvF_0p5-A-_ywr8T48_2NhOItWplnva0MECnS3SoIp-SYVKqh14tk6TllKD3Nm0sbmetJCuuQTvJQTqcX4uiM6_u--AcRuB3xivtoeIEeDwWS-0jobZVCDn8NNvfLmEB0Ez9jm1v6uwlbLUq4zjU7ydJmW13n7_vGVbUojiyw7t_bKKxKz3yBYU3D3002myfNu4OGcDb5uihgvvWH093PKEgyp6h8mzBR9-n1g_AWm05z0--lXJPsnenHc_oVk3Qj9ZMRn0Z80eWX6qC4W8vEL6oyhkuRs2NW7OMWz5kgTPheBLNRD6NsRiGdrSrk4l2N9J5f83B

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0FCC 0
20 B 49ms
48ms Ping
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=pvtw&eid=OKZnZLPsJu6i9u8Pzsiw-As&p=ias&bl=0&twt=324&st=240

Requested by

Host: phishcheck.me
URL: https://phishcheck.me/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0FCC 43 B
215 B 268ms
99ms Image
image/gif 2600:1f18:1aca:4280:24a6:ad5:f26:f749
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=abebfbf5-c8d9-755d-a3e3-144c0b42a6b4&tv=%7Bc:d4Y7AB,time:125,type:e,im:%7BpWait:8%7D,env:%7Bccd:%7Bversion:1,uspString:1---%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:125,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B119~0%5D,as:%5B119~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tEIOAy0+11%7C12%7C13%7C14%7C15%7C16%7C17%7C181%7C191%7C192%7C193%7C1a1*.990511-61634096%7C1a11%7C1a12%7C1a131%7C1a14%7C1b11%7C1b12%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1f%7C1g,idMap:1a1*,rmeas:1,rend:0,renddet:DIV,siq:22,sis:125%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:24a6:ad5:f26:f749 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:21 GMT
server: nginx
x-server-name: dt14.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 51ms
50ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230517&jk=1201746257145151&bg=!m5ilmMzNAAZ8_aWmXP07ADkAdvg8Wvt7QT0Y9JaZ84TxjcCkcPHYWjFxXxKij0l83Eh6Y8rWkeedCFnwKkxtaK2pENbsQgKorj8CAAABbFIAAAAEaAEHmQKg_qHyyreM5jNgcUs8uMyTeBGxTqK-asHEjNpOtfbtaPKuu0W7WXCSNV-J7pn3eCAZ2lODGrcm8TeDAVPrAQObVAq6-Q_GFubehFOycM3skGYhiI1QV_aS0mPTErlVHc_w6szHO3z98RwOC_AzPdNwD9s8AwDybxY0rZ2O9EJHz6i2xJw6EUpHEq1CpVq6d107aFD2sUNG5vi8nLVyfopyFEcmQmlN5c9QzEirC8Er7qD5vjT120rUD8mfzNIEjpYlSegugwrTvMLrPWwSj7BaEUxcEUMuWDnqSO0-PYWyNbNh5mbNOx5bHzOz0fPbtfw1iNHu2gRbd2JHgeE_AIQv4fDadqeQLvn0f9umcx2cysd5ZFAVq8luC0WY9fSTz4Cg1UpcU47ewh-tO6PV9a5i_WG5PvpZZCH6E8qxORBvMpC0WkiVM_aP4U1t02zCzVeUdW8iwQRodmr7vPI4jN43BgRRErlj2tsTHrDuBxeMhV1sThBTrwXAvDVZgWXOCsuN5lqR9ykFtVDIuOy-6wxnf3v1Ainw_ellq81YTbk0Rk4Y7a2fCNYJYiCb6dZ15saRyBFbjHc4sFmYgiibmq1owFhS6rbGSc3nes8FW4rhoEAA3mU6QC0rLT40aTOEsPOdBbRqBwLmNQLBZrZdGTHPk97rX1nU6xtUimk8fkgqoeNXEac-ySso8gqybWq-605Ka0O4RdLt8dTGS4sAe47y1N6hh9TdsWHputF93F7Pvfc_uVLEiRxqvAYn9BnnWycqTAClfLLbw2w72QbXo10oKGQV_8WDOXtZa2A5PkFelZTyoJLAIiLYgB2UA9FuTUFkbgvTKpnmd0gohbm0XdsROilBddgShPevW5I7yI_H5cnebLCC2rpPWK1Td6HPGg5B
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://phishcheck.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame DD79 42 B
64 B 51ms
51ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst4XSHZ6NMneTZQmmR8_nNoQMNxf9xHFkSCw16UnNUhCE5GAtYDTYag82sWidJwaCwPUKMK0__cYgzexcda9bi45LS7wr3FBO9lJynqEhSvUtF9A0qT_xR5XQ_cwlhE2x6OYj9FJw&sai=AMfl-YRe68PJ4vc_SgResfPe2bksF0jWqqgIEVYyohnULfPhatQlDP9rlHhdsdvlNzi0tVa9PgNR1PRjAfME&sig=Cg0ArKJSzL6Te4cFZOPLEAE&cid=CAQSGwBygQiDXfRZNah9od2l7xfmkEBpJYWKPPRTYxgB&id=lidar2&mcvt=1000&p=0,0,600,188&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230517&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1684514359701&rpt=338&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B996 42 B
64 B 50ms
50ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuXQ24nTANXPMHuIiPN74DPtKy0Geni4PN-aqzDnFT_aFRMS3PleqPB8wEfcscuHU2AY5p690ADtwiYehsxIWRgVXk4lH5_WRxVKC1ctSyTdW9seUcMaJOxzvzGF1_3GsV63OOxuw&sai=AMfl-YSwRlRGmuYS5wRpFVjVGo9eKuYt9lZcv_Cm2sPJje_c5X9FCeA9vlFnUQQoVQiZBqqBaEHm_nn47U-k&sig=Cg0ArKJSzPYbCbNS4bKKEAE&cid=CAQSGwBygQiDXfRZNah9od2l7xfmkEBpJYWKPPRTYxgB&id=lidar2&mcvt=1002&p=0,0,124,1005&mtos=193,851,1002,1002,1002&tos=193,658,151,0,0&v=20230517&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1684514359706&rpt=481&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0FCC 43 B
215 B 99ms
99ms Image
image/gif 2600:1f18:1aca:4280:24a6:ad5:f26:f749
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=abebfbf5-c8d9-755d-a3e3-144c0b42a6b4&tv=%7Bc:d4Y7Fh,pingTime:-10,time:415,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTEzLjAuNTY3Mi4xMjYgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1684514361306%7C%7Cc93414a32a09112eb1c59abe97fbbce6%7C%7Ce680db45f58fb4c44533cfaed40b3e29%7C%7Cd59ac93da01af6c2b4c36725689822e2%7C%7C858f4acc26da9732cd4a61f721779763%7C%7Cd2664e513c037d9bd6324e472bdeae23%7C%7C4bb3d8e6c6e964fcdd769f5ac5100412%7C%7C26518a0cf9e0d8b7dd7304d644f678f8%7C%7C1663701684%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-5625379829790606&output=html&h=90&adk=3399761335&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1684514359&rafmt=1&to=qs&pwprc=1402822305&format=1155x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1684514359600&bpp=1&bdt=2171&idt=0&shv=r20230517&mjsv=m202305160101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D2fcc77e7be8451e2-22992856dddd00f0%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ&gpic=UID%3D00000c187c4773d8%3AT%3D1684514358%3ART%3D1684514358%3AS%3DALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg&prev_fmts=0x0%2C1155x280%2C365x280&nras=4&correlator=2130420438757&frm=20&pv=1&ga_vid=1158962159.1684514358&ga_sid=1684514358&ga_hid=123682219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1800&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C31074687%2C44785293%2C44788441%2C44789779%2C44769662&oid=2&psts=ABHeCvjRTEcQJ_ARDgPjj-em2PRTWN_NKhBIe1A8NPm65sV4u0huipZ8i-cnEbBEr-tyICx9y9wKvR4kNPSXM-VyggkTeQ&pvsid=1201746257145151&tmod=650566965&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=sHOg7lvUWw&p=https%3A//phishcheck.me&dtd=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:24a6:ad5:f26:f749 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:21 GMT
server: nginx
x-server-name: dt01.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0FCC 43 B
215 B 99ms
99ms Image
image/gif 2600:1f18:1aca:4280:24a6:ad5:f26:f749
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=abebfbf5-c8d9-755d-a3e3-144c0b42a6b4&tv=%7Bc:d4Y7Hm,time:544,type:e,im:%7BpLoad:519%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:544,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B538~0%5D,as:%5B538~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:102,fm:tEIOAy0+11%7C12%7C13%7C14%7C15%7C16%7C17%7C181%7C191%7C192%7C193%7C1a1*.990511-61634096%7C1a11%7C1a12%7C1a131%7C1a14%7C1b11%7C1b12%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1f%7C1g,idMap:1a1*,rmeas:1,rend:0,renddet:svg.us,siq:22,sis:125%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:24a6:ad5:f26:f749 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:21 GMT
server: nginx
x-server-name: dt20.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0FCC 43 B
215 B 98ms
98ms Image
image/gif 2600:1f18:1aca:4280:24a6:ad5:f26:f749
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=abebfbf5-c8d9-755d-a3e3-144c0b42a6b4&tv=%7Bc:d4Y7PB,time:1055,type:e,im:%7Bpci:%7Btdr:1005%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:1055,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:21,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1049~0%5D,as:%5B1049~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:101,fm:tEIOAy0+11%7C12%7C13%7C14%7C15%7C16%7C17%7C181%7C191%7C192%7C193%7C1a1*.990511-61634096%7C1a11%7C1a12%7C1a131%7C1a14%7C1b11%7C1b12%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1f%7C1g,idMap:1a1*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:22,sis:125%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:24a6:ad5:f26:f749 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:21 GMT
server: nginx
x-server-name: dt07.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0FCC 0
20 B 101ms
100ms Ping
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=588292820141&version=m202301230201&ct=76&x=1&cor=14039891970552630000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 19 May 2023 16:39:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

83 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

26 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
i.liadm.com/s	1970-01-20 12:38:26	Name: _li_ss Value: CgA
phishcheck.me/	1970-01-20 20:39:23	Name: csrftoken Value: XarlEaqH0ULbrZS70gOcikbmfjmy2lTNM5nnOr1OaF6x8T7DGXcGgWaSa7JRXSZd
phishcheck.me/	1969-12-31 23:59:59	Name: sessionid Value: te30fdbi49qolfz8mogdimv3us82w72m
.phishcheck.me/	1970-01-20 21:16:50	Name: __gads Value: ID=2fcc77e7be8451e2-22992856dddd00f0:T=1684514358:RT=1684514358:S=ALNI_MbcFbeBCwjqPiOIAJICIYPS2AuOPQ
.phishcheck.me/	1970-01-20 21:16:50	Name: __gpi Value: UID=00000c187c4773d8:T=1684514358:RT=1684514358:S=ALNI_MamurSsSdG14xqzrrpnrCPcQVvVZg
.doubleclick.net/	1970-01-20 21:16:50	Name: IDE Value: AHWqTUnKA3S-Aqe2B9ggSBjS6HCJ8Rm7XdIOgRLX4xAkrxHo-AijbK-Eu5ovQgIXAH8
.doubleclick.net/	1970-01-20 11:55:17	Name: DSID Value: NO_DATA
.phishcheck.me/	1970-01-20 20:40:50	Name: FCNEC Value: %5B%5B%22AKsRol-ZysOD93q5bvZoTWunYLQVffDRRUmfQjgw3I4CgkG9jCy5DH5d7Dqxxi7yUQKO1uz6lpT2WNkVLORy6B1VnYTtycNp7opfIcjoXbuR--QEYQwXqgfocSX2o1LqphSPx23gy8ZtNETGNrs5s0e6uBFUXUuAaw%3D%3D%22%5D%2Cnull%2C%5B%5D%5D
.casalemedia.com/	1970-01-20 20:40:50	Name: CMID Value: ZGemONvJoXOc9CU3SKSKegAA
.casalemedia.com/	1970-01-20 14:04:50	Name: CMPS Value: 2169
.casalemedia.com/	1970-01-20 14:04:50	Name: CMPRO Value: 2169
.adnxs.com/	1970-01-20 14:04:50	Name: uuid2 Value: 368631700454375704
.adnxs.com/	1970-01-20 14:04:50	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Il^esp5k!]tbPl1M>e)ZlrFUfJ+tGXxp?L$iViL%qUhHjdoH[/^JU_$iOtX^UVHt.s_*3If)y3KL9D3I?+OXKI>d
.everesttech.net/	1970-01-20 20:40:50	Name: everest_g_v2 Value: g_surferid~ZGemOAAAAI8HbAAD
a.clickcertain.com/	1970-01-20 20:40:50	Name: _ccpx_u Value: d6cefecf%2d7546%2d44b8%2d82ea%2d9dacb270f998
.bidswitch.net/	1970-01-20 20:40:50	Name: tuuid Value: c0d03ade-1667-42bd-82a1-dadb6b6fa201
.bidswitch.net/	1970-01-20 20:40:50	Name: c Value: 1684514360
.bidswitch.net/	1970-01-20 20:40:50	Name: tuuid_lu Value: 1684514360
.quantserve.com/	1970-01-20 14:04:50	Name: d Value: EDIBCQGDKYEA
.quantserve.com/	1970-01-20 21:25:28	Name: mc Value: 6467a638-c1193-4b2a4-1ae91
.bidswitch.net/	1970-01-20 11:55:14	Name: google_push Value: ATf1kGNbCL4IUkaf918ICknaZfHr32gD0CoYiAaPUIWje3EWrb0ZU8AoXWD9gdGC2vqyRgIoYaH41a6G0yg3kGMTxNPBVSuaqAKT_dkKiSpw2pSofDUoTDf-hTsCBr_7t0GikHCsz6hf3UJfnCcDNzPEao-cmbU
.inmobi.com/	1970-01-20 14:04:50	Name: idsp_c Value: 03546da4-c2ae-4589-9b9e-8974a6899d03
.mediago.io/	1970-01-20 20:40:50	Name: __mguid_ Value: 98ebde90ddefd0631029b97e5a1146ba
.zemanta.com/	1970-01-20 20:40:50	Name: zuid Value: FSSV-F11szVkkEy0w_oW
.tribalfusion.com/	1970-01-20 14:04:50	Name: ANON_ID Value: aTnsIHNj6WlCyhURALxLAtfdb3wSTOsye04SU5nTwqVvvdSZcn9V57GkEXHC1JEyx8Il8j65ErWFhUikcyAZdXhNQ8
.liadm.com/	1970-01-20 21:31:14	Name: lidid Value: 50e4b5bc-4c3f-45e3-b883-a9befe7526f7

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.clickcertain.com
a.tribalfusion.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
b1sync.zemanta.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
cms.quantserve.com
dis.criteo.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
i.liadm.com
ib.adnxs.com
mweb.ck.inmobi.com
netdna.bootstrapcdn.com
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
phishcheck.me
px.owneriq.net
rtb.openx.net
s.tribalfusion.com
s0.2mdn.net
secure.adnxs.com
static.adsafeprotected.com
sync-tm.everesttech.net
sync.teads.tv
tpc.googlesyndication.com
trace.mediago.io
www.google.com
www.googletagservices.com
www.gstatic.com
www.paypalobjects.com
x.bidswitch.net
104.102.40.143
104.111.217.42
142.250.184.194
142.250.185.162
142.93.23.27
151.101.2.49
178.250.1.9
18.185.28.161
185.80.39.216
185.89.210.101
185.89.210.212
192.229.221.25
20.85.134.6
2600:1f18:1aca:4280:24a6:ad5:f26:f749
2600:9000:237d:fc00:8:48e:53c0:93a1
2606:4700:20::681a:832
2606:4700::6811:190e
2606:4700::6812:18ad
2606:4700::6812:bcf
2620:116:800d:21:93ca:31d8:d86e:38f6
2a00:1450:4001:808::2002
2a00:1450:4001:811::2003
2a00:1450:4001:811::2006
2a00:1450:4001:812::2002
2a00:1450:4001:827::200a
2a00:1450:4001:828::2002
2a00:1450:4001:828::2003
2a00:1450:4001:828::200e
2a00:1450:4001:829::200a
2a00:1450:4001:82a::2001
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2004
2a00:1450:4001:830::2002
2a00:1450:4001:831::2002
35.186.253.211
35.208.249.213
51.75.86.98
52.203.43.195
52.215.211.28
64.74.236.191
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
075a32068fe2448c28f957e380dffa5b0bfc7909e48b2ffd34f6b3b83075dbc3
088f11a47119f668cb7bd22a9fe55e1f1eeee56484658348b67acd7cf1d6f219
08c6df6675aa9335318105edf2dae0e633d9b9b5e023d2f7d312dee6850b1013
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0fc64d7d1cc842671dc8f25a0cac90219d3729d967e25797ea10a97d269d2f06
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
15ddf64a1db0b06797a274e5975f2303bbfd68ca43e0539ddb4f5aac2bcaa456
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18a37dc90b9c1990e293e02307fc12b9c7e66331a24eabb8336a9c06907a2bd6
1aa338ebebca9a5d8b448999825c608f335d430ca28bb5531965de2ca585cda7
21bf4b49938284aaececf999f198f621de0aa792bb5315fc21255d0ab439e145
26f64f8bbe24fd08534113bcb1e61988c2e941edf55834661e776ac266cecb68
27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
33a91bd6d378215fcd413c279aa88d48bda6c8b2ef7695892777c87de37de256
345e56904c429868d14bd51e81812f365588d2f3f65309662ec27ef05e9927bf
354d194488a9dcee4e2ca035e573ae2f07fe92e8318c71e1b2ca33d8b438109a
368ccdbf0bf8aa90462b57fb38247e2e558b9ad27720fb00c890adbe6c629632
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
46b6b2b07e77b22bd5a04b35032cc0a77ba8729c51c5d78b142526df0a5bb53d
47d66a97dd9e4ae073078b5dcd843a74baf83776f2dd8dff131b1b6ea9209698
4893bfd7cb55ae6211e10c745f763f132d4c2f366deeabe781c4b0d58a319d72
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f859c54c2abc8c5257845d36ebb1152e3eb5c555b9b78420cca3a626ecabc9d
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57c2b596262f49dfc85822938e3989a0345fcd5ddd698423283ca15f162f6b99
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5e2f97ea0fb92d5e3ae31eeef403b9c34363c8fb2a387e13cf381fa97f3e8cf7
6011726dce81936022c56f69fe22936b24be24f440a6abbdc058f8c8ab1ad855
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6b9b2b33d50320446996a318fbd7129b3b365e760c44e8acc28031438bb3f8d3
7417940882459975aab4421444fe3c287ebe7300ac56127f95661840288cd494
756997924e97f09793e32520f153591ff455188cf2fd5e2f8d95b6d427b9e87b
82df0096488e87333aaa0b7cad6ec583baee19c0d1cf7638e48fb609ed060a79
898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1
8cb81ebfbf2a332919a10f191eac5204248d765215bdceb5a2b8243130ad53b4
8d36f2c9a46702e6fb2bc387257a0b1c792aedda850b41e5b63fad9bdfa9fa9a
9711c16a64e8b4086724485013257f3ba812d103630ddd609e3bcc677a07a0bb
997c28b87e7d78e33107cedc652ea932244a55b859cc29435e9b80c4b3fcd725
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c67029f91f8c5e1887184af72adada17ca0eae88fdba6eeaa5c0dd7518a4eb0
9df1ad09e8ee902ee6a76cf88df57306868ca4ee532d74830fbcfe4db8bdf39d
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a779738af1d724715f16be72a08a3dcf932b530984a1bc7ceeb0bb1351015a20
a9b847c681a24b03ba8acc0b4dcd8aab9acf8c4d3131be784d488e2402d57427
aa9fffd9bc5ea03844d7b38fac61f2504b72ee18f0d6411facd51a338118a119
acb56c6f7cb5d7535893ca8f3ede167db52e709927be848f4285ab3d92973bb8
ad707b6241c6bbfaf831458eb523b732fe69c4d0cc35493d8f86db7d8215b8d9
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1289ccca476df0a33259965671579525261926bf8ea0a9f4fb3ba67535c4f69
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
b8c41f999913b26e2db2241883edda0f6e6f60a6782993b2383040dc2630d47c
bca066af05e248aa9f25a364878e78f32b5b3b6c7dadb292e5b985f6f7a7e6dd
bf9a2d95fea3732a5d21e759f91fc00311aed1743e8646c8e4a497e30ca93b89
c043552be6d98da422ec5c2946c7a6588600e29d9f2a871ba1ea1206d3db813b
c52efccc8d4f4f2bf62cd5aa1cba2151242fa44e2f33f253e440746e9ed5331c
c7830423a7aa141d1d09dc299f7dbe4748130c0d3ced9823d2ee1b38a9bbe670
c88f2bfe24b1ea2b1edf5c3b678de67ae68b5b457e8001eba865be15b6e126d5
c8c38714236c1b847b96fbebaba10af1574a7f4d567f8cfbdb3dfe2997ab18fb
d699f303990ce9bd7d7c97e9bd3cad6a46ecf2532f475cf22ae58213237821b9
daf9dc6664474a6b01d9e293a39749d0e9b637629239cbe512dd4a0f0854a8eb
db3df22768fe7273aa43d8f6cf193b406b1cb15f5d4a26ad36f73e5fdf86a331
dbafa20efc40e2fe9e7ba9f77e454c1050b6a750793fb4a40614b13f397c3631
e05edee09b002722d47693fb43c49a87ceba8c23a1bfbdb353913c948444478c
e0e8bbe2cbd26a11d1fec52a43d6b02b0a1d1f3f5df37889518721e77cb1a69b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3c541d0f6f738252d0bca4f2434954933f3e2456ef89663fc3f364ebab07f4e
e40c51963cc1b46e333d784ca995ae35ff34c173d2103d749e5f1545ea2c2435
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
eac4ff92a30ec7ab3e548d8777e378b3e7a9220b230bbf5fde1609a9ad7ac7bd
eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390
f9929da9e054b859a89d49fd5c49b493eed033b2945da4385693f638667a3f43
fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e
fd4f1c9d69a243c7240669fd0fedbe8a66953243d409f75ae02dc4824b17cf68

phishcheck.me Open in urlscan Pro 142.93.23.27 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

198 Requests

92 %HTTPS

53 %IPv6

30 Domains

41 Subdomains

32 IPs

5 Countries

1900 kBTransfer

5228 kBSize

26 Cookies

0 Outgoing links

Page URL History

Redirected requests

198 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

phishcheck.me Open in urlscan Pro
142.93.23.27 Public Scan

Screenshot
Live screenshot

Full Image

198
Requests

92 %
HTTPS

53 %
IPv6

30
Domains

41
Subdomains

32
IPs

5
Countries

1900 kB
Transfer

5228 kB
Size

26
Cookies

198 HTTP transactions
5 data transactions