give.unrefugees.org Open in urlscan Pro
54.200.66.202 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://click.e.unrefugees.org/?qs=df36127ad5e79ba48892be5d8b5a5912152465e56d2f054a1b96326269b4e2717754f5531cdc32cc47bc50d70dcf...
Effective URL:
https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_...
Submission: On September 08 via api (September 8th 2022, 1:35:33 pm UTC) from US — Scanned from DE

Summary HTTP 163 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 66 IPs in 7 countries across 54 domains to perform 163 HTTP transactions. The main IP is 54.200.66.202, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is give.unrefugees.org. The Cisco Umbrella rank of the primary domain is 286379.
TLS certificate: Issued by Amazon on December 8th 2021. Valid for: a year.

This is the only time give.unrefugees.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	13.111.228.216 13.111.228.216	22606 (EXACT-7) (EXACT-7)
10	54.200.66.202 54.200.66.202	16509 (AMAZON-02) (AMAZON-02)
2	2a02:26f0:350... 2a02:26f0:3500:16::215:148f	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
17	91.235.132.130 91.235.132.130	30286 (THM) (THM)
1	13.32.99.114 13.32.99.114	16509 (AMAZON-02) (AMAZON-02)
3	54.160.6.45 54.160.6.45	14618 (AMAZON-AES) (AMAZON-AES)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:1b	20446 (STACKPATH...) (STACKPATH-CDN)
1	2606:4700:21:... 2606:4700:21::681b:c258	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a00:1450:400... 2a00:1450:4001:806::2004	15169 (GOOGLE) (GOOGLE)
6	151.101.65.21 151.101.65.21	54113 (FASTLY) (FASTLY)
4	2a00:1450:400... 2a00:1450:400c:c0c::5c	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
1	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
1 4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	18.66.120.247 18.66.120.247	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f08... 2a03:2880:f080:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1288:80:... 2a00:1288:80:807::2	203220 (YAHOO-DEB) (YAHOO-DEB)
2	3.129.137.210 3.129.137.210	16509 (AMAZON-02) (AMAZON-02)
1	35.190.72.228 35.190.72.228	15169 (GOOGLE) (GOOGLE)
4	2600:1901:0:7... 2600:1901:0:7d2::	15169 (GOOGLE) (GOOGLE)
1	18.66.112.72 18.66.112.72	16509 (AMAZON-02) (AMAZON-02)
2 2	142.250.186.70 142.250.186.70	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2 4	52.200.167.175 52.200.167.175	14618 (AMAZON-AES) (AMAZON-AES)
3	23.22.216.223 23.22.216.223	14618 (AMAZON-AES) (AMAZON-AES)
1	3.226.0.49 3.226.0.49	14618 (AMAZON-AES) (AMAZON-AES)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:1495	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:400c:c08::9a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1	212.82.100.181 212.82.100.181	34010 (YAHOO-IRD) (YAHOO-IRD)
2	2620:1ec:27::... 2620:1ec:27::cafe:1995	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	52.25.243.35 52.25.243.35	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f17... 2a03:2880:f173:81:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
10	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
2	151.101.194.133 151.101.194.133	54113 (FASTLY) (FASTLY)
2	192.229.221.25 192.229.221.25	15133 (EDGECAST) (EDGECAST)
3	40.76.174.66 40.76.174.66	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2600:9000:223... 2600:9000:223c:c000:1:76cf:fe80:93a1	16509 (AMAZON-02) (AMAZON-02)
2 4	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
1	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
1 1	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
1 2	185.89.211.84 185.89.211.84	29990 (ASN-APPNEX) (ASN-APPNEX)
1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	34.252.39.216 34.252.39.216	16509 (AMAZON-02) (AMAZON-02)
1	3.122.214.165 3.122.214.165	16509 (AMAZON-02) (AMAZON-02)
1	23.35.228.23 23.35.228.23	16625 (AKAMAI-AS) (AKAMAI-AS)
1	3.123.131.103 3.123.131.103	16509 (AMAZON-02) (AMAZON-02)
1 1	108.138.17.118 108.138.17.118	16509 (AMAZON-02) (AMAZON-02)
2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	3.224.161.11 3.224.161.11	14618 (AMAZON-AES) (AMAZON-AES)
1 2	104.18.18.126 104.18.18.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	69.192.160.219 69.192.160.219	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
1	2600:1f18:612... 2600:1f18:612b:4264:562f:45f1:d263:2a9f	14618 (AMAZON-AES) (AMAZON-AES)
1	52.59.153.178 52.59.153.178	16509 (AMAZON-02) (AMAZON-02)
1	34.249.119.142 34.249.119.142	16509 (AMAZON-02) (AMAZON-02)
1 2	35.158.225.181 35.158.225.181	16509 (AMAZON-02) (AMAZON-02)
1	151.101.130.49 151.101.130.49	54113 (FASTLY) (FASTLY)
1	151.101.66.137 151.101.66.137	54113 (FASTLY) (FASTLY)
4	35.190.43.134 35.190.43.134	15169 (GOOGLE) (GOOGLE)
1 2	20.234.93.27 20.234.93.27	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	3.248.104.74 3.248.104.74	16509 (AMAZON-02) (AMAZON-02)
1	162.247.241.14 162.247.241.14	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
1	91.235.134.131 91.235.134.131	30286 (THM) (THM)
1	52.222.206.19 52.222.206.19	16509 (AMAZON-02) (AMAZON-02)
163	66

1 13.111.228.216 (United States) 1 redirects

ASN22606 (EXACT-7, US)
PTR: click.e.unrefugees.org

click.e.unrefugees.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 54.200.66.202 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-200-66-202.us-west-2.compute.amazonaws.com

give.unrefugees.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:16::215:148f (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 91.235.132.130 (United States)

ASN30286 (THM, US)
PTR: h.online-metrix.net

h.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.99.114 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-114.fra60.r.cloudfront.net

cdn.unrefugees.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.160.6.45 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-160-6-45.compute-1.amazonaws.com

app.dafwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:1b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:21::681b:c258 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.plyr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:806::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.65.21 (United States)

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400c:c0c::5c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

pay.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.120.247 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-120-247.fra60.r.cloudfront.net

sc-static.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f080:9:face:b00c:0:3 (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:80:807::2 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.129.137.210 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-129-137-210.us-east-2.compute.amazonaws.com

collector-3219.tvsquared.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.72.228 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 228.72.190.35.bc.googleusercontent.com

www.tp88trk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:1901:0:7d2:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

g1782759016.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
g792337342.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.72 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-72.fra56.r.cloudfront.net

js.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.70 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.200.167.175 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-200-167-175.compute-1.amazonaws.com

trkn.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.22.216.223 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-22-216-223.compute-1.amazonaws.com

ad.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.226.0.49 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-226-0-49.compute-1.amazonaws.com

data.adxcel-ec2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:1495 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400c:c08::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.181 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spdc.pbp.vip.ir2.yahoo.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:27::cafe:1995 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.25.243.35 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-25-243-35.us-west-2.compute.amazonaws.com

lyibja.unrefugees.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f173:81:face:b00c:0:25de (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.194.133 (United States)

ASN54113 (FASTLY, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.229.221.25 (United States)

ASN15133 (EDGECAST, US)

t.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 40.76.174.66 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

d.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:c000:1:76cf:fe80:93a1 (United States)

ASN16509 (AMAZON-02, US)

c1.rfihub.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 193.0.160.128 (United States) 2 redirects

ASN54312 (ROCKETFUEL, US)

20826429p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.98 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.211.84 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.252.39.216 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-252-39-216.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.122.214.165 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-214-165.eu-central-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.228.23 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-228-23.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.123.131.103 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-123-131-103.eu-central-1.compute.amazonaws.com

bs.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.17.118 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-108-138-17-118.fra56.r.cloudfront.net

live.rezync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.224.161.11 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-224-161-11.compute-1.amazonaws.com

bpi.rtactivate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.18.126 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.192.160.219 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a69-192-160-219.deploy.static.akamaitechnologies.com

x.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.126 (Amsterdam, Netherlands) 1 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4264:562f:45f1:d263:2a9f (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.59.153.178 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-153-178.eu-central-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.249.119.142 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-119-142.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.158.225.181 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-225-181.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.49 (United States)

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.190.43.134 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 134.43.190.35.bc.googleusercontent.com

tr.snapchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.234.93.27 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.248.104.74 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-104-74.eu-west-1.compute.amazonaws.com

w.usabilla.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.241.14 (United States)

ASN23467 (NEWRELIC-AS-1, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.235.134.131 (United States)

ASN30286 (THM, US)

zrtzph91cdi6pkob2zj7zodriqgfsdlttihmoerl78e9b39f3d6f111dam1.e.aa.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.206.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-206-19.fra56.r.cloudfront.net

d6tizftlrpuof.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 19 pay.google.com — Cisco Umbrella Rank: 3842 adservice.google.com — Cisco Umbrella Rank: 142 region1.analytics.google.com — Cisco Umbrella Rank: 3915 play.google.com — Cisco Umbrella Rank: 76	421 KB
18	online-metrix.net h.online-metrix.net — Cisco Umbrella Rank: 4714 zrtzph91cdi6pkob2zj7zodriqgfsdlttihmoerl78e9b39f3d6f111dam1.e.aa.online-metrix.net	106 KB
13	unrefugees.org 1 redirects click.e.unrefugees.org give.unrefugees.org — Cisco Umbrella Rank: 286379 cdn.unrefugees.org lyibja.unrefugees.org	896 KB
11	gstatic.com www.gstatic.com fonts.gstatic.com	637 KB
9	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 94	80 KB
8	doubleclick.net 3 redirects ad.doubleclick.net — Cisco Umbrella Rank: 214 stats.g.doubleclick.net — Cisco Umbrella Rank: 188 googleads.g.doubleclick.net — Cisco Umbrella Rank: 73 cm.g.doubleclick.net — Cisco Umbrella Rank: 303	4 KB
8	paypal.com www.paypal.com — Cisco Umbrella Rank: 2465 t.paypal.com — Cisco Umbrella Rank: 3345	104 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 787 d.clarity.ms — Cisco Umbrella Rank: 6726 c.clarity.ms — Cisco Umbrella Rank: 1178	26 KB
6	google.de adservice.google.de — Cisco Umbrella Rank: 5202 www.google.de — Cisco Umbrella Rank: 3469	2 KB
4	snapchat.com tr.snapchat.com — Cisco Umbrella Rank: 1011	1 KB
4	rfihub.com 2 redirects 20826429p.rfihub.com a.rfihub.com — Cisco Umbrella Rank: 4477 p.rfihub.com — Cisco Umbrella Rank: 1205	6 KB
4	trkn.us 2 redirects trkn.us — Cisco Umbrella Rank: 3944	3 KB
4	ipredictive.com js.ipredictive.com — Cisco Umbrella Rank: 144790 ad.ipredictive.com — Cisco Umbrella Rank: 8328	4 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 664 c.bing.com — Cisco Umbrella Rank: 408	13 KB
3	g1782759016.co g1782759016.co — Cisco Umbrella Rank: 253941	505 B
3	dafwidget.com app.dafwidget.com	13 KB
3	typekit.net use.typekit.net — Cisco Umbrella Rank: 1044 p.typekit.net — Cisco Umbrella Rank: 1273	21 KB
2	bidswitch.net 1 redirects x.bidswitch.net — Cisco Umbrella Rank: 420	1 KB
2	spotxchange.com 1 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 778	1 KB
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 904	2 KB
2	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 607	107 B
2	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 297	2 KB
2	adnxs.com 1 redirects ib.adnxs.com — Cisco Umbrella Rank: 329	2 KB
2	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2141	33 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 111	315 B
2	tvsquared.com collector-3219.tvsquared.com	9 KB
2	yimg.com s.yimg.com — Cisco Umbrella Rank: 638	7 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 208	167 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 141	172 KB
1	cloudfront.net d6tizftlrpuof.cloudfront.net	2 KB
1	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 423	616 B
1	usabilla.com w.usabilla.com — Cisco Umbrella Rank: 4485	11 KB
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 768	14 KB
1	everesttech.net sync-tm.everesttech.net — Cisco Umbrella Rank: 949	177 B
1	krxd.net beacon.krxd.net — Cisco Umbrella Rank: 741	338 B
1	agkn.com aa.agkn.com — Cisco Umbrella Rank: 775	377 B
1	tremorhub.com partners.tremorhub.com — Cisco Umbrella Rank: 1801	183 B
1	addthis.com x.dlx.addthis.com — Cisco Umbrella Rank: 2012	191 B
1	rtactivate.com bpi.rtactivate.com — Cisco Umbrella Rank: 3313	109 B
1	rezync.com 1 redirects live.rezync.com — Cisco Umbrella Rank: 2594	775 B
1	serving-sys.com bs.serving-sys.com — Cisco Umbrella Rank: 1684	105 B
1	media.net contextual.media.net — Cisco Umbrella Rank: 819	630 B
1	eyeota.net ps.eyeota.net — Cisco Umbrella Rank: 1452	344 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 494	239 B
1	rfihub.net c1.rfihub.net — Cisco Umbrella Rank: 7471	6 KB
1	yahoo.com sp.analytics.yahoo.com — Cisco Umbrella Rank: 1672	632 B
1	adxcel-ec2.com data.adxcel-ec2.com — Cisco Umbrella Rank: 4671	131 B
1	g792337342.co g792337342.co — Cisco Umbrella Rank: 251684	668 B
1	tp88trk.com www.tp88trk.com — Cisco Umbrella Rank: 39210	18 KB
1	sc-static.net sc-static.net — Cisco Umbrella Rank: 994	8 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 159	16 KB
1	plyr.io cdn.plyr.io — Cisco Umbrella Rank: 15600	32 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 976	30 KB
0	Failed function sub() { [native code] }. Failed
163	54

	Domain	Requested by
17	h.online-metrix.net	give.unrefugees.org h.online-metrix.net
10	www.gstatic.com	www.google.com www.gstatic.com pay.google.com
10	give.unrefugees.org	give.unrefugees.org
9	www.google-analytics.com	www.googletagmanager.com give.unrefugees.org www.gstatic.com www.google-analytics.com
8	www.google.com	give.unrefugees.org www.gstatic.com www.google.com
7	play.google.com	www.gstatic.com
6	www.paypal.com	give.unrefugees.org www.paypal.com www.paypalobjects.com
5	www.google.de	give.unrefugees.org
4	tr.snapchat.com	sc-static.net
4	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
4	trkn.us	2 redirects give.unrefugees.org
4	pay.google.com	give.unrefugees.org pay.google.com www.gstatic.com
3	d.clarity.ms	www.clarity.ms
3	ad.ipredictive.com	give.unrefugees.org js.ipredictive.com
3	g1782759016.co	give.unrefugees.org
3	bat.bing.com	www.googletagmanager.com bat.bing.com give.unrefugees.org
3	app.dafwidget.com	give.unrefugees.org app.dafwidget.com
2	c.clarity.ms	1 redirects
2	x.bidswitch.net	1 redirects
2	sync.search.spotxchange.com	1 redirects
2	dsum-sec.casalemedia.com	1 redirects
2	idsync.rlcdn.com	give.unrefugees.org
2	p.rfihub.com	2 redirects
2	dpm.demdex.net	1 redirects
2	ib.adnxs.com	1 redirects
2	t.paypal.com	give.unrefugees.org
2	www.paypalobjects.com	www.paypal.com www.paypalobjects.com
2	www.facebook.com	give.unrefugees.org
2	www.clarity.ms	bat.bing.com www.clarity.ms
2	region1.analytics.google.com	www.googletagmanager.com
2	ad.doubleclick.net	2 redirects
2	collector-3219.tvsquared.com	give.unrefugees.org
2	s.yimg.com	give.unrefugees.org s.yimg.com
2	connect.facebook.net	give.unrefugees.org connect.facebook.net
2	www.googletagmanager.com	give.unrefugees.org www.googletagmanager.com
2	use.typekit.net	give.unrefugees.org use.typekit.net
1	d6tizftlrpuof.cloudfront.net	give.unrefugees.org
1	zrtzph91cdi6pkob2zj7zodriqgfsdlttihmoerl78e9b39f3d6f111dam1.e.aa.online-metrix.net
1	bam.nr-data.net	js-agent.newrelic.com
1	w.usabilla.com	give.unrefugees.org
1	c.bing.com	1 redirects
1	js-agent.newrelic.com	give.unrefugees.org
1	sync-tm.everesttech.net	give.unrefugees.org
1	beacon.krxd.net	give.unrefugees.org
1	aa.agkn.com	give.unrefugees.org
1	partners.tremorhub.com	give.unrefugees.org
1	x.dlx.addthis.com	give.unrefugees.org
1	bpi.rtactivate.com	give.unrefugees.org
1	live.rezync.com	1 redirects
1	bs.serving-sys.com	give.unrefugees.org
1	contextual.media.net	give.unrefugees.org
1	ps.eyeota.net
1	pixel.rubiconproject.com	give.unrefugees.org
1	a.rfihub.com
1	cm.g.doubleclick.net	1 redirects
1	fonts.gstatic.com	www.google.com
1	20826429p.rfihub.com	c1.rfihub.net
1	c1.rfihub.net	give.unrefugees.org
1	lyibja.unrefugees.org	connect.facebook.net
1	sp.analytics.yahoo.com	give.unrefugees.org
1	googleads.g.doubleclick.net	www.googleadservices.com
1	p.typekit.net	use.typekit.net
1	data.adxcel-ec2.com	give.unrefugees.org
1	adservice.google.de	give.unrefugees.org
1	adservice.google.com	1 redirects
1	js.ipredictive.com	www.googletagmanager.com
1	g792337342.co	give.unrefugees.org
1	www.tp88trk.com	www.googletagmanager.com
1	sc-static.net	www.googletagmanager.com
1	www.googleadservices.com	www.googletagmanager.com
1	cdn.plyr.io	give.unrefugees.org
1	code.jquery.com	give.unrefugees.org
1	cdn.unrefugees.org	give.unrefugees.org
1	click.e.unrefugees.org	1 redirects
0	ghbmnnjooekpmoecnnnilnnbdlolhkhi Failed	h.online-metrix.net
163	75

This site contains links to these domains. Also see Links.

Domain
dafwidget.com
www.unrefugees.org

Subject Issuer	Validity	Valid
unrefugees.org Amazon	`2021-12-08` - `2023-01-05`	a year	crt.sh
use.typekit.net DigiCert TLS RSA SHA256 2020 CA1	`2022-03-07` - `2023-04-07`	a year	crt.sh
h.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1	`2021-12-28` - `2023-01-23`	a year	crt.sh
*.unrefugees.org Amazon	`2022-05-06` - `2023-06-04`	a year	crt.sh
app.dafwidget.com Amazon	`2021-10-29` - `2022-11-27`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
*.plyr.io GTS CA 1P5	`2022-09-02` - `2022-12-01`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2022-04-12` - `2023-04-12`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2022-09-03` - `2023-03-03`	6 months	crt.sh
sc-static.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-27` - `2023-01-27`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-06-17` - `2022-09-15`	3 months	crt.sh
*.api.fantasysports.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-09-05` - `2022-10-26`	2 months	crt.sh
*.tvsquared.com Amazon	`2022-08-16` - `2023-09-13`	a year	crt.sh
tp88trk.com Starfield Secure Certificate Authority - G2	`2022-02-15` - `2023-02-15`	a year	crt.sh
g1782759016.co GTS CA 1D4	`2022-09-05` - `2022-12-04`	3 months	crt.sh
g792337342.co GTS CA 1D4	`2022-07-20` - `2022-10-18`	3 months	crt.sh
*.ipredictive.com Amazon	`2022-04-13` - `2023-05-12`	a year	crt.sh
adxcel-ec2.com Amazon	`2021-11-17` - `2022-12-16`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
real.sp.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-08-09` - `2023-02-01`	6 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-02-27` - `2023-02-27`	a year	crt.sh
lyibja.unrefugees.org R3	`2022-07-23` - `2022-10-21`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 02	`2022-06-07` - `2023-06-02`	a year	crt.sh
*.rfihub.net Amazon	`2021-12-29` - `2023-01-27`	a year	crt.sh
*.rfihub.com Sectigo RSA Domain Validation Secure Server CA	`2022-05-24` - `2023-05-24`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2022-02-20` - `2023-02-22`	a year	crt.sh
bs.serving-sys.com Amazon	`2022-04-10` - `2023-05-09`	a year	crt.sh
rtactivate.com Amazon	`2022-04-13` - `2023-05-12`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2022-02-26` - `2023-03-01`	a year	crt.sh
*.tremorhub.com Amazon	`2022-03-24` - `2023-04-22`	a year	crt.sh
*.agkn.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-09-06` - `2023-09-21`	a year	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-11-03` - `2022-11-02`	a year	crt.sh
*.everesttech.net GlobalSign Atlas R3 DV TLS CA 2022 Q1	`2022-02-03` - `2023-03-07`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2022 Q2	`2022-07-10` - `2023-08-11`	a year	crt.sh
*.snap.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-16` - `2023-08-16`	a year	crt.sh
w.usabilla.com Amazon	`2022-02-10` - `2023-03-11`	a year	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-10` - `2023-02-10`	a year	crt.sh
*.e.aa.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1	`2022-06-08` - `2023-07-10`	a year	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh

This page contains 15 frames:

Primary Page: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Frame ID: C778BBF522800FD4C9259823B5836EBB
Requests: 93 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html
Frame ID: C1F1859AA18D38C7D66440D22F31C5A3
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 6582860CD070A56BDDF617C6132DE55B
Requests: 1 HTTP requests in this frame

Frame: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fgive.unrefugees.org&mid=
Frame ID: 30E26EDDC375AFF00A7BA855F11BF99B
Requests: 12 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdZJnUUAAAAAOw4JvRyjeAl2m7wg02iD6YH5iqm&co=aHR0cHM6Ly9naXZlLnVucmVmdWdlZXMub3JnOjQ0Mw..&hl=de&v=duyHVVR9Brf6N2GewjkPRfsA&size=normal&cb=ne116zirvf1o
Frame ID: 7014319E88520B2D15C442653C3EAAE4
Requests: 8 HTTP requests in this frame

Frame: https://ad.ipredictive.com/d/track/event?upid=101374&cache_buster=1662644127&url=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM&val=undefined&tn=undefined&itms=undefined
Frame ID: 11056C00BFF537224A03AADB65480687
Requests: 1 HTTP requests in this frame

Frame: https://20826429p.rfihub.com/ca.html?ver=9&rb=9587&ca=20826429&_o=9587&_t=20826429&pe=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM&pf=&ra=25081064198253133
Frame ID: 527111FF36DC8C043E99263368D99CDB
Requests: 19 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=duyHVVR9Brf6N2GewjkPRfsA&k=6LdZJnUUAAAAAOw4JvRyjeAl2m7wg02iD6YH5iqm
Frame ID: 5DA5CF371204331BBB796577B1D23500
Requests: 3 HTTP requests in this frame

Frame: https://h.online-metrix.net/fp/check.js;CIS3SID=057D181EF27EA910679D9E45315AEA0C?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&nonce=78e9b39f3d6f111d&jb=35392e24687b6f753555696e666f7f73246a7b673d55696e6c6d7573273a30313224687162773f4368726f6d6d24687b623d4b6a726f6f652d323231383d
Frame ID: 60DB83F81A159B84B54798E00D164677
Requests: 12 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/i?pid=cda0845c-e241-4b98-8d4b-abdc76d31d9d&u_scsid=1f11450b-adda-4f4c-8d31-98bef34259b6&u_sclid=204b6aff-41be-40c2-94c6-8c43edf3a3e6
Frame ID: 2B6E9A814F7E7EE76EE38CFCE766B28B
Requests: 1 HTTP requests in this frame

Frame: https://w.usabilla.com/fa5b33ed7c80.js?lv=1
Frame ID: 42B6CFA7C13A138C67987AD7F3698E98
Requests: 1 HTTP requests in this frame

Frame: https://h.online-metrix.net/fp/ls_fp.html;CIS3SID=057D181EF27EA910679D9E45315AEA0C?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&nonce=78e9b39f3d6f111d
Frame ID: 8B74E5BF1FF51BA962995DB94D0D63BF
Requests: 3 HTTP requests in this frame

Frame: https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=057D181EF27EA910679D9E45315AEA0C?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&nonce=78e9b39f3d6f111d
Frame ID: D81B2F43960303F0B1CE459D467D63F4
Requests: 2 HTTP requests in this frame

Frame: https://h.online-metrix.net/fp/top_fp.html;CIS3SID=057D181EF27EA910679D9E45315AEA0C?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&nonce=78e9b39f3d6f111d
Frame ID: 75A7049ABB2833A98B25F1F3F3102D88
Requests: 1 HTTP requests in this frame

Frame: https://d6tizftlrpuof.cloudfront.net/themes/production/unhcr-button-ca8fba580979f02c2694fa49ed8ef52a.png
Frame ID: 35996CC737C6F687C55A80A6CD2A2F7C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Send Hope Every Month to Strong Refugees | USA for UNHCR

Page URL History Show full URLs

https://click.e.unrefugees.org/?qs=df36127ad5e79ba48892be5d8b5a5912152465e56d2f054a1b96326269b4e2717754f553... HTTP 302
https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_so... Page URL

Detected technologies

Plyr (Video players) Expand

Overall confidence: 100%
Detected patterns

https://cdn\.plyr\.io/([0-9.]+)/.+\.js

Google Pay (Payment processors) Expand

Overall confidence: 100%
Detected patterns

pay\.google\.com/([a-z/]+)/pay\.js

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Sizmek (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

serving-sys\.com/

Typekit (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+use\.typekit\.(?:net|com)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

163
Requests

92 %
HTTPS

36 %
IPv6

54
Domains

75
Subdomains

66
IPs

7
Countries

2867 kB
Transfer

6978 kB
Size

66
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://dafwidget.com/terms-and-privacy-policy/
Title: Terms of Service and Privacy Policy

Search URL Search Domain Scan URL

URL: https://dafwidget.com/add-a-new-fund-to-the-dafwidget/
Title: Don't see your fund? Let us know.

Search URL Search Domain Scan URL

URL: https://www.unrefugees.org/privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.unrefugees.org/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://click.e.unrefugees.org/?qs=df36127ad5e79ba48892be5d8b5a5912152465e56d2f054a1b96326269b4e2717754f5531cdc32cc47bc50d70dcf00a73c9949c77f0ac1a7 HTTP 302
https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 34

https://ad.doubleclick.net/ddm/activity/src=4269937;type=invmedia;cat=unhcr0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=4269937;dc_pre=CJPP74SohfoCFYFJkQUdS_ELDQ;type=invmedia;cat=unhcr0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1 HTTP 302
https://adservice.google.com/ddm/fls/p/src=4269937;dc_pre=CJPP74SohfoCFYFJkQUdS_ELDQ;type=invmedia;cat=unhcr0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1;~oref=https://give.unrefugees.org/ HTTP 302
https://adservice.google.de/ddm/fls/p/src=4269937;dc_pre=CJPP74SohfoCFYFJkQUdS_ELDQ;type=invmedia;cat=unhcr0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1;~oref=https://give.unrefugees.org/

Request Chain 35

https://trkn.us/pixel/conv/ppt=18384;g=sitewide;gid=42298;ord=[uniqueid]?gtmcb=1175746412 HTTP 302
https://trkn.us/pixel/conv/ppt=18384;g=sitewide;gid=42298;ord=[uniqueid]?gtmcb=1175746412;ip=217.114.218.22;cuidchk=1

Request Chain 36

https://trkn.us/pixel/conv/ppt=18676;g=sitewide;gid=43404;ord=undefined?gtmcb=894994966 HTTP 302
https://trkn.us/pixel/conv/ppt=18676;g=sitewide;gid=43404;ord=undefined?gtmcb=894994966;ip=217.114.218.22;cuidchk=1

Request Chain 106

https://cm.g.doubleclick.net/pixel?&in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=NTE0MDA4NDkyMTc3MzkyNzA1OA==&forward= HTTP 302
https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEJJE2-Mjfa0ma_J8EdZrcCo&google_cver=1

Request Chain 107

https://ib.adnxs.com/setuid?entity=18&code=5140084921773927058 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D5140084921773927058

Request Chain 109

https://dpm.demdex.net/ibs:dpid=1121&dpuuid=5140084921773927058&redir= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5140084921773927058&redir=

Request Chain 110

https://p.rfihub.com/cm?pub=24472&in=1 HTTP 302
https://ps.eyeota.net/match?uid=5140084921773927058&bid=omt9pi0

Request Chain 113

https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=5140084921773927058&referrer=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM HTTP 302
https://p.rfihub.com/cm?pub=39342&in=0&userid=8ba5c303-af95-4dd1-9801-e3d71e9fad2f%3A1662644128.9283571&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D8ba5c303-af95-4dd1-9801-e3d71e9fad2f%253A1662644128.9283571 HTTP 302
https://idsync.rlcdn.com/501709.gif?partner_uid=8ba5c303-af95-4dd1-9801-e3d71e9fad2f%3A1662644128.9283571

Request Chain 115

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5140084921773927058&forward= HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5140084921773927058&forward=&C=1

Request Chain 118

https://sync.search.spotxchange.com/partner?adv_id=7180&uid=5140084921773927058&img=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7180&uid=5140084921773927058&img=1&__user_check__=1&sync_id=1a79080a-2f7b-11ed-93e1-141484330106

Request Chain 122

https://x.bidswitch.net/sync?dsp_id=119&user_id=5140084921773927058&expires=30 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5140084921773927058&expires=30

Request Chain 130

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=CBE4708A134D4CEB8BC6A9C85FBD7807&RedC=c.clarity.ms&MXFR=2FACEB675E89630824E4F97E5A896D07 HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=CBE4708A134D4CEB8BC6A9C85FBD7807&MUID=2E485A27A2286C8A258D483EA3846DEA

163 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request 210714core_afgmain_p_3000 Show response
give.unrefugees.org/
Redirect Chain

https://click.e.unrefugees.org/?qs=df36127ad5e79ba48892be5d8b5a5912152465e56d2f054a1b96326269b4e2717754f5531cdc32cc47bc50d70dcf00a73c9949c77f0ac1a7
https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=701...

38 KB
15 KB

2111ms
1710ms

Document
text/html

54.200.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.200.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-200-66-202.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 772672dbc458cf7b5c5dab121ddb8ec978f8b437c5b9ca29ad9d95b23f99421f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private
content-encoding: gzip
content-length: 14854
content-type: text/html; charset=utf-8
date: Thu, 08 Sep 2022 13:35:26 GMT
vary: Accept-Encoding

Redirect headers

Cache-Control: private
Connection: close
Content-Length: 383
Content-Type: text/html; charset=utf-8
Date: Thu, 08 Sep 2022 13:35:23 GMT
Location: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM

GET
H2 403 index.css
give.unrefugees.org/css/ 0
0 643ms
643ms Stylesheet
text/html 54.200.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://give.unrefugees.org/css/index.css?v=5
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.200.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-200-66-202.us-west-2.compute.amazonaws.com
Software: Microsoft-IIS/10.0 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
server: Microsoft-IIS/10.0
content-length: 1233
content-type: text/html

GET
H2 403 plyr.css
give.unrefugees.org/css/ 0
0 643ms
642ms Stylesheet
text/html 54.200.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://give.unrefugees.org/css/plyr.css
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.200.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-200-66-202.us-west-2.compute.amazonaws.com
Software: Microsoft-IIS/10.0 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
server: Microsoft-IIS/10.0
content-length: 1233
content-type: text/html

GET
H2 200 hrp3szy.css
use.typekit.net/ 7 KB
1 KB 219ms
136ms Stylesheet
text/css 2a02:26f0:3500:16::215:148f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/hrp3szy.css

Requested by

Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

7cb56da908e94235a698c35dac8162e57993bfceefba669afddc29bd866b97f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
date: Thu, 08 Sep 2022 13:35:27 GMT
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1032

GET
H/1.1 200
OK tags.js Show response
h.online-metrix.net/fp/ 91 KB
12 KB 91ms
27ms Script
text/javascript 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/tags.js?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&pageid=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

c6d91e5e9a9ef535438dd4e9d741b557d288712b8e544c6fd86b28ef79e4cd74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Sep 2022 13:35:27 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
P3P: CP=IVAa PSAa
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
Connection: Keep-Alive, Keep-Alive
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=100
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 nudge_arrow.png
give.unrefugees.org/img/ 1 KB
2 KB 423ms
422ms Image
image/png 54.200.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://give.unrefugees.org/img/nudge_arrow.png
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.200.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-200-66-202.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 394e68bb96ac874b1a9f9b39286a16349ab781c8513ce632ce5c7ba8bb2ba0ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
last-modified: Fri, 09 Aug 2019 12:38:58 GMT
accept-ranges: bytes
etag: "553cf969af4ed51:0"
content-length: 1102
content-type: image/png

GET
H2 403 lock-secure-donation.png
give.unrefugees.org/img/ 1 KB
1 KB 620ms
618ms Image
text/html 54.200.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://give.unrefugees.org/img/lock-secure-donation.png
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.200.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-200-66-202.us-west-2.compute.amazonaws.com
Software: Microsoft-IIS/10.0 /
Resource Hash: c55f527e536de44c7980fecece7428ae5a765647495e47008a8a54fa1e434736

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
server: Microsoft-IIS/10.0
content-length: 1233
content-type: text/html

GET
H/1.1 200
OK afg-monthly-main-rf1191058x530.jpg
cdn.unrefugees.org/u4uforms2020/media/yutp1dqo/ 145 KB
146 KB 99ms
20ms Image
image/jpeg 13.32.99.114
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.unrefugees.org/u4uforms2020/media/yutp1dqo/afg-monthly-main-rf1191058x530.jpg
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-114.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 99cfc4243966e15543b705ea90968933600645a2735f5d2daec0087cc039695f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 08 Sep 2022 12:20:22 GMT
Via: 1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
Age: 4506
X-Cache: Hit from cloudfront
Connection: keep-alive
x-amz-meta-local-date-created: 132894973098437725
Content-Length: 148443
x-amz-meta-local-date-modified: 132894973098437725
Last-Modified: Wed, 16 Feb 2022 15:03:43 GMT
Server: AmazonS3
ETag: "111b2d0f6dda8cde9af10d27eb583827"
Content-Type: image/jpeg
Cache-Control: public,max-age=2592000
X-Amz-Cf-Pop: FRA60-P3
Accept-Ranges: bytes
X-Amz-Cf-Id: yYlT3Wwwq4_GNARbJrnEwvUZoq5UdP88r_B4DTaGkgyY7_v5In9fuQ==

GET
H2 200 source.js Show response
app.dafwidget.com/api/js/ 6 KB
6 KB 331ms
109ms Script
application/javascript 54.160.6.45
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.dafwidget.com/api/js/source.js
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.160.6.45 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-160-6-45.compute-1.amazonaws.com
Software: nginx / Express
Resource Hash: 1ad2c17d074acf6294285ccca5e31aa0ba3c00e08be8b28226b5620609fbe9fe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
last-modified: Fri, 13 Aug 2021 16:43:24 GMT
server: nginx
x-powered-by: Express
etag: W/"1810-17b40659739"
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 6160

GET
H2 200 bbb-logo-173x87.png
give.unrefugees.org/media/1017/ 33 KB
34 KB 619ms
617ms Image
image/png 54.200.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://give.unrefugees.org/media/1017/bbb-logo-173x87.png
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.200.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-200-66-202.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 97880bcd7fcc199a008ea736ab008f7f92e9cf6c0addc2afb6c92b3e70d9c9a5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
last-modified: Wed, 28 Mar 2018 18:24:27 GMT
accept-ranges: bytes
etag: "a937c21c2c6d31:0"
content-length: 33886
content-type: image/png

GET
H2 200 guide-star-platinum.png
give.unrefugees.org/media/1005/ 16 KB
17 KB 428ms
426ms Image
image/png 54.200.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://give.unrefugees.org/media/1005/guide-star-platinum.png
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.200.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-200-66-202.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 53b492f729960ead9c5779dc772534e0f00e2dcdbd1687a0d236af95417549b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
last-modified: Tue, 05 Dec 2017 18:17:59 GMT
accept-ranges: bytes
etag: "af9bd561f56dd31:0"
content-length: 16468
content-type: image/png

GET
H2 200 unhcr-visibility-horizontal-white-cmyk-v2016.svg
give.unrefugees.org/img/ 12 KB
12 KB 613ms
612ms Image
image/svg+xml 54.200.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://give.unrefugees.org/img/unhcr-visibility-horizontal-white-cmyk-v2016.svg
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.200.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-200-66-202.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 6bfbae61daf6218548d35bd824d5299e6f0517f156050c302ddd83fa0e8abdc8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
last-modified: Tue, 31 Oct 2017 17:19:23 GMT
accept-ranges: bytes
etag: "7170a3656c52d31:0"
content-length: 12265
content-type: image/svg+xml

GET
H2 200 jquery-3.4.1.min.js Show response
code.jquery.com/ 86 KB
30 KB 632ms
531ms Script
application/javascript 2001:4de0:ac18::1:a:1b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.4.1.min.js
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:1b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Request headers

Referer: https://give.unrefugees.org/
Origin: https://give.unrefugees.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
content-encoding: gzip
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
etag: W/"28feccc0-15851"
vary: Accept-Encoding
x-hw: 1662644127.dop230.fr8.t,1662644127.cds097.fr8.hn,1662644127.cds261.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30638

GET
H2 200 plyr.js Show response
cdn.plyr.io/3.5.2/ 111 KB
32 KB 98ms
36ms Script
application/javascript 2606:4700:21::681b:c258
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.plyr.io/3.5.2/plyr.js
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:21::681b:c258 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8608c7129a24079dd332403d0aef583dcefdf0bfc02914d626a6559a3ac049ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5367836
cf-polished: origSize=113855
x-cache: HIT, MISS
x-cache-hits: 1, 0
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: JFFSZ3NJSV2818WY
x-amz-id-2: zkq90gzit12hgVpNBYOOhZ4Oz4dDLjW72oitOrL+Wo0W5rUA2TsNMT5QyaMX1e3jQet5c7SfqLA=
x-served-by: cache-dca17746-DCA, cache-bwi5023-BWI
last-modified: Sun, 24 Feb 2019 01:08:29 GMT
server: cloudflare
x-timer: S1619317954.204049,VS0,VE61
etag: W/"26d009457000af80d7306229fc132b15"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4fxGah8g%2FfEFR7aocyEvrYS1y6sets%2BeCNBPWquI9Nct2%2Fy1IrvITfJRx4EhC6L3ppJ%2FpQrzSywLQgbZ9kyxV3CfxjyXPrhTmD8cgkeIL%2F1BCMXw3gZ3rQA%2FoAQgPggpZaRd4F%2FQNK65"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Date, Cache-Control, Content-Type, Accept, Origin, Accept
cache-control: max-age=31536000
cf-ray: 74781142ef0c9be8-FRA
cf-bgj: minify

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 850 B
969 B 88ms
27ms Script
text/javascript 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7bbc0a1a176faba3ab4ef9aebd61fbc1fd8afc56ce0ed7f7183d8256a57bb024

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 556
x-xss-protection: 1; mode=block
expires: Thu, 08 Sep 2022 13:35:27 GMT

GET
H2 200 js Show response
www.paypal.com/sdk/ 308 KB
93 KB 129ms
23ms Script
application/javascript 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AbIbWRBITO6eG3wyKiWl5Tg03s8mty2ct1y5jK221ZKyJuzQrvBEXWq0916mpH91fZGXlxFY09_R16eo&vault=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

eb57fee8660ece126dfed8fae968e5bc2136d7929b22d888cbeec26708c6f6a7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-btNeX2TuW1SMTOWJZhiY4uMAWx+Zyi0Pypkhzc2iY8lesnJI' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-btNeX2TuW1SMTOWJZhiY4uMAWx+Zyi0Pypkhzc2iY8lesnJI' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-btNeX2TuW1SMTOWJZhiY4uMAWx+Zyi0Pypkhzc2iY8lesnJI' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-btNeX2TuW1SMTOWJZhiY4uMAWx+Zyi0Pypkhzc2iY8lesnJI' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
age: 6496
x-cache: HIT
p3p: true
paypal-debug-id: f451586fab8d0
server-timing: "traceparent;desc="00-0000000000000000000f451586fab8d0-e39e923d6b7d5cd3-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 94185
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4083-HHN
access-control-allow-origin: *
traceparent: 00-0000000000000000000f451586fab8d0-86e74ff9f069f9af-01
x-timer: S1662644127.232860,VS0,VE3
x-frame-options: SAMEORIGIN
date: Thu, 08 Sep 2022 13:35:27 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600, s-maxage=10800
etag: W/"16fe9-4RA6xDuJXeyz4p8A+tjrKw3yHDk"
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 index.min.js Show response
give.unrefugees.org/scripts/lib/ 756 KB
670 KB 621ms
619ms Script
application/javascript 54.200.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://give.unrefugees.org/scripts/lib/index.min.js?v=5_1
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.200.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-200-66-202.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: f13f98e520f9dc93425fcc355818a48e869864c61a744587d41675d0abd5316d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
content-encoding: gzip
last-modified: Thu, 02 Jun 2022 18:18:03 GMT
accept-ranges: bytes
etag: "24d73f19ad76d81:0"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 403 commerce.min.js
give.unrefugees.org/scripts/lib/ 0
0 620ms
618ms Script
text/html 54.200.66.202
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://give.unrefugees.org/scripts/lib/commerce.min.js?v=5_1
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.200.66.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-200-66-202.us-west-2.compute.amazonaws.com
Software: Microsoft-IIS/10.0 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
server: Microsoft-IIS/10.0
content-length: 1233
content-type: text/html

GET
H2 200 pay.js Show response
pay.google.com/gp/p/js/ 101 KB
33 KB 215ms
131ms Script
application/javascript 2a00:1450:400c:c0c::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/js/pay.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::5c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ee7e19a624f35cb6cb7d8c149b63b9d0117e569032b291f4fa1c7e17319a9fdd

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-c8i1zf7h4p0ekmScMYphEQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
server: ESF
cross-origin-opener-policy: same-origin; report-to="InstantbuyFrontendHttp"
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
report-to: {"group":"InstantbuyFrontendHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendHttp/external"}]}
content-type: application/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: private, max-age=600
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-c8i1zf7h4p0ekmScMYphEQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
expires: Thu, 08 Sep 2022 13:35:27 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 371 KB
97 KB 113ms
52ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N9KWLLF

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6f51dad406beee43735b9f413ccc4915d6f19e3ac44f979260011f2f4e6ced6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 98736
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 08 Sep 2022 13:35:27 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 67ms
20ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N9KWLLF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 2007
date: Thu, 08 Sep 2022 13:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 08 Sep 2022 15:02:00 GMT

GET
H2 200 optimize.js Show response
www.google-analytics.com/gtm/ 103 KB
41 KB 84ms
36ms Script
application/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/optimize.js?id=GTM-M6SN8J6

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N9KWLLF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5724d0a6b8275081f82365c2b45868ed38b780c32c94a56b76d9829372605ac9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41183
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 08 Sep 2022 13:35:27 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 41 KB
16 KB 159ms
105ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N9KWLLF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

f6200e00f9bcf9a324c8c1a046c6bc624ebcaf1379faf13e4d76ae56ea0d1a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15690
x-xss-protection: 0
server: cafe
etag: 13194339052015637803
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 08 Sep 2022 13:35:27 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 85ms
45ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N9KWLLF

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

30153b15b4cb898c421e657f6de21dc27435cb990e7888367bdee12e06398da7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5176968A04DB4BA4945FBAB6A42ED3C7 Ref B: FRA31EDGE0718 Ref C: 2022-09-08T13:35:27Z
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
date: Thu, 08 Sep 2022 13:35:26 GMT
accept-ranges: bytes
content-length: 11367

GET
H2 200 scevent.min.js Show response
sc-static.net/ 22 KB
8 KB 74ms
30ms Script
application/javascript 18.66.120.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc-static.net/scevent.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N9KWLLF
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.120.247 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-120-247.fra60.r.cloudfront.net
Software: CloudFront /
Resource Hash: 3c1f4aefc4f1f802130a9ae4de294d8518ee59464736f12f89e42b82ed1713bd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
content-encoding: gzip
server: CloudFront
x-amz-cf-pop: FRA60-P2
x-cache: LambdaGeneratedResponse from cloudfront
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: private, s-maxage=0, max-age=600
access-control-allow-headers: Content-Type
content-length: 7898
via: 1.1 d71acb203a3e8fc7db2c1cf9725d51da.cloudfront.net (CloudFront)
x-amz-cf-id: b7h7Sed4cOrp2xgSSxKbs6Y-ILNNimVUSdY9LN0QJEiflYzUY3tW3Q==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 100 KB
27 KB 94ms
31ms Script
application/x-javascript 2a03:2880:f080:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f080:9:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5ae95e748ad12444cd760e245c02264cea3e8deb41fabd95f1e0784b81f72783

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26737
x-xss-protection: 0
pragma: public
x-fb-debug: AyQO3EjqshENjg1cmU00a3DwZLmPEe6srt7V3tMcAERaPr3oqtKn0niQpTerkt7hYczP5J1CKLmKzsKhZ5mTbQ==
x-fb-trip-id: 1679558926
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 08 Sep 2022 13:35:27 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ytc.js Show response
s.yimg.com/wi/ 16 KB
6 KB 84ms
27ms Script
application/javascript 2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/ytc.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

249c4eba880cfb74e1b6e1d1048def310636dc3b1ce5b3fe525703fd4025238f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
x-amz-request-id: 4YB4J2439282BHKX
x-amz-id-2: ASZekHUnARMOv/JZLmAxHuIrrtCFfjk0PyaRILPzOdw8oVKxp023MTprKiPs3Gz15qq6dKvocT0=
referrer-policy: no-referrer-when-downgrade
x-amz-expiration: expiry-date="Thu, 20 Jul 2023 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified: Tue, 14 Jun 2022 12:21:31 GMT
server: ATS
etag: "6a624022b5d271dcefb070b0b6670abc-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-version-id: .QD3nDfK79S8_ikLSJXTL23Tdis9tg0C
x-xss-protection: 1; mode=block
cache-control: public,max-age=3600
accept-ranges: bytes
content-type: application/javascript

GET
H/1.1 200
OK tv2track.js Show response
collector-3219.tvsquared.com/ 20 KB
9 KB 525ms
119ms Script
application/javascript 3.129.137.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-3219.tvsquared.com/tv2track.js
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.129.137.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-129-137-210.us-east-2.compute.amazonaws.com
Software: nginx /
Resource Hash: a463aa6666ce0abcabf8033013cfe881fdbfb570389aff471d400a45b3a496d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 08 Sep 2022 13:35:27 GMT
Content-Encoding: gzip
Last-Modified: Wed, 24 Aug 2022 10:12:59 GMT
Server: nginx
ETag: "6305f9ab-2133"
Content-Type: application/javascript
Cache-Control: max-age=600
Connection: keep-alive
X-Robots-Tag: noindex
Content-Length: 8499
Expires: Thu, 08 Sep 2022 13:45:27 GMT

GET
H2 200 everflow.js Show response
www.tp88trk.com/scripts/sdk/ 58 KB
18 KB 172ms
127ms Script
text/javascript 35.190.72.228
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.tp88trk.com/scripts/sdk/everflow.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N9KWLLF
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.72.228 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 228.72.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2a72806e7ecf829960274016cfa7c3b84dd3f89fbba960f8e0e2b2fddfa743df

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
via: 1.1 google
server: nginx
vary: Origin
content-type: text/javascript
content-encoding: gzip
cache-control: max-age=14400
x-eflow-request-id: 1d89ad8d-9dd2-4628-ad15-6e150449cf12
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 gp Show response
g1782759016.co/ 26 B
113 B 80ms
32ms Script
application/javascript 2600:1901:0:7d2::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://g1782759016.co/gp?id=-L_Ny2xXp1FWryzFl6qy&refurl=&winurl=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM&cw=1600&ch=1200
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:7d2:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend / Express
Resource Hash: eb7e68073ee5ed998d26671859e008697e757f3276759a8ec173e5a62d34a404

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
via: 1.1 google
etag: W/"1a-7KeVhWk+843gX+8y2fD4wjI8a34"
server: Google Frontend
x-powered-by: Express
content-type: application/javascript; charset=utf-8
x-cloud-trace-context: ac8b48974a918742fea8242b1d68c5c0
cache-control: private, no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26

GET
H2 200 gp Show response
g1782759016.co/ 26 B
305 B 74ms
32ms Script
application/javascript 2600:1901:0:7d2::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://g1782759016.co/gp?id=-LXPWq_CG-cVgJYLdmun&refurl=&winurl=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM&cw=1600&ch=1200
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:7d2:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend / Express
Resource Hash: eb7e68073ee5ed998d26671859e008697e757f3276759a8ec173e5a62d34a404

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
via: 1.1 google
etag: W/"1a-7KeVhWk+843gX+8y2fD4wjI8a34"
server: Google Frontend
x-powered-by: Express
content-type: application/javascript; charset=utf-8
x-cloud-trace-context: 59be2e6df378f4bba7341473c3b034f7
cache-control: private, no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26

GET
H2 200 gp Show response
g1782759016.co/ 0
87 B 76ms
34ms Script
application/javascript 2600:1901:0:7d2::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://g1782759016.co/gp?id=-LFI9dAMttdUZNQm4p8O&refurl=&winurl=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM&cw=1600&ch=1200
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:7d2:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
via: 1.1 google
server: Google Frontend
x-powered-by: Express
content-type: application/javascript
x-cloud-trace-context: 1f89c85d527d2a2f1ecc9ce4514dd924
cache-control: private, no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 gr Show response
g792337342.co/ 389 B
668 B 81ms
33ms Script
application/javascript 2600:1901:0:7d2::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://g792337342.co/gr?id=-MigLwPTHWno7P1txloy&refurl=&winurl=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:7d2:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend / Express
Resource Hash: cbe4470dca37a1878c3c6b6c8f14c69d415d0a2bc81233eb3a377d47e9b7ab4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
via: 1.1 google
etag: W/"185-JQvwhEqirmVuKHmoQMSyf1FpPNQ"
server: Google Frontend
x-powered-by: Express
content-type: application/javascript; charset=utf-8
x-cloud-trace-context: 47e4475d3c56e7ec0a74f2d16d4e9f61
cache-control: private, no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 389

GET
H2 200 adelphic_universal_pixel.js Show response
js.ipredictive.com/ 2 KB
2 KB 74ms
21ms Script
application/javascript 18.66.112.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.ipredictive.com/adelphic_universal_pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N9KWLLF
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-72.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 35e56359a3010d1973d3505a00c79e1cef65219cbf6f74d0516ba255bad73be1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:06 GMT
via: 1.1 604f8ac78ed3ba5235c1a14794f2ac64.cloudfront.net (CloudFront)
last-modified: Mon, 11 Jul 2022 21:29:04 GMT
server: AmazonS3
age: 115
etag: "36055609c37d02bc38f0ee7bdf901af4"
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-length: 1897
x-amz-cf-id: axuyf0gHb7VD0Dn1fv4hypNEIeYb8RGKrnZcmyzeRY_FWpYehXRgog==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 214 KB
75 KB 41ms
40ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-P9YZZV758Y&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N9KWLLF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3ff51e150abff1149cc414fe10b223a4c9e51ed8bea22b95d3dbd095408e55a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 76253
x-xss-protection: 0
expires: Thu, 08 Sep 2022 13:35:27 GMT

GET
H2

200

/
adservice.google.de/ddm/fls/p/src=4269937;dc_pre=CJPP74SohfoCFYFJkQUdS_ELDQ;type=invmedia;cat=unhcr0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1;~oref=https://give.unrefugee...
Redirect Chain

https://ad.doubleclick.net/ddm/activity/src=4269937;type=invmedia;cat=unhcr0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?
https://ad.doubleclick.net/ddm/activity/src=4269937;dc_pre=CJPP74SohfoCFYFJkQUdS_ELDQ;type=invmedia;cat=unhcr0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?
https://adservice.google.com/ddm/fls/p/src=4269937;dc_pre=CJPP74SohfoCFYFJkQUdS_ELDQ;type=invmedia;cat=unhcr0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1;~oref=https://give....
https://adservice.google.de/ddm/fls/p/src=4269937;dc_pre=CJPP74SohfoCFYFJkQUdS_ELDQ;type=invmedia;cat=unhcr0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1;~oref=https://give.u...

42 B
737 B

106ms
58ms

Image
image/gif

2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.de/ddm/fls/p/src=4269937;dc_pre=CJPP74SohfoCFYFJkQUdS_ELDQ;type=invmedia;cat=unhcr0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1;~oref=https://give.unrefugees.org/

Requested by

Protocol

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:27 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/html; charset=UTF-8
location: https://adservice.google.de/ddm/fls/p/src=4269937;dc_pre=CJPP74SohfoCFYFJkQUdS_ELDQ;type=invmedia;cat=unhcr0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1;~oref=https://give.unrefugees.org/
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ppt=18384;g=sitewide;gid=42298;ord=[uniqueid]
trkn.us/pixel/conv/
Redirect Chain

https://trkn.us/pixel/conv/ppt=18384;g=sitewide;gid=42298;ord=[uniqueid]?gtmcb=1175746412
https://trkn.us/pixel/conv/ppt=18384;g=sitewide;gid=42298;ord=[uniqueid]?gtmcb=1175746412;ip=217.114.218.22;cuidchk=1

42 B
780 B

117ms
117ms

Image
image/gif

52.200.167.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trkn.us/pixel/conv/ppt=18384;g=sitewide;gid=42298;ord=[uniqueid]?gtmcb=1175746412;ip=217.114.218.22;cuidchk=1

Requested by

Protocol

HTTP/1.1

Server

52.200.167.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-200-167-175.compute-1.amazonaws.com

Software

Apache /

Resource Hash

b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Sep 2022 13:35:28 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 9 Nov 1980 12:59:00 GMT
Server: Apache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Sun, 9 Nov 1980 12:58:00 GMT

Redirect headers

Date: Thu, 08 Sep 2022 13:35:27 GMT
X-Content-Type-Options: nosniff
Server: Apache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: /pixel/conv/ppt=18384;g=sitewide;gid=42298;ord=[uniqueid]?gtmcb=1175746412;ip=217.114.218.22;cuidchk=1
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 0

GET
H/1.1

200
OK

ppt=18676;g=sitewide;gid=43404;ord=undefined
trkn.us/pixel/conv/
Redirect Chain

https://trkn.us/pixel/conv/ppt=18676;g=sitewide;gid=43404;ord=undefined?gtmcb=894994966
https://trkn.us/pixel/conv/ppt=18676;g=sitewide;gid=43404;ord=undefined?gtmcb=894994966;ip=217.114.218.22;cuidchk=1

42 B
780 B

123ms
122ms

Image
image/gif

52.200.167.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trkn.us/pixel/conv/ppt=18676;g=sitewide;gid=43404;ord=undefined?gtmcb=894994966;ip=217.114.218.22;cuidchk=1

Requested by

Protocol

HTTP/1.1

Server

52.200.167.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-200-167-175.compute-1.amazonaws.com

Software

Apache /

Resource Hash

b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Sep 2022 13:35:28 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 9 Nov 1980 12:59:00 GMT
Server: Apache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Sun, 9 Nov 1980 12:58:00 GMT

Redirect headers

Date: Thu, 08 Sep 2022 13:35:27 GMT
X-Content-Type-Options: nosniff
Server: Apache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: /pixel/conv/ppt=18676;g=sitewide;gid=43404;ord=undefined?gtmcb=894994966;ip=217.114.218.22;cuidchk=1
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 0

GET
H/1.1 200
OK pixel
ad.ipredictive.com/d/rt/ 631 B
787 B 438ms
107ms Image
image/jpeg 23.22.216.223
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.ipredictive.com/d/rt/pixel?rtsite_id=60700&uuid=d5534c09-ec00-4f6f-9451-54fa79df98bb&rr=CACHE_BUSTER&gtmcb=1484772438
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.22.216.223 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-22-216-223.compute-1.amazonaws.com
Software: /
Resource Hash: 25cf0f0ce42f8acd9ea6facc223f54105c7fd0cce63fb7bb5d83e6600100acbd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 08 Sep 2022 13:35:27 GMT
Content-Encoding: gzip
X-CI-RTID: ab06cbfc-bc7c-447d-9f5a-c032ef234cbc
Connection: keep-alive
Content-Length: 479
Content-Type: image/jpeg

GET
H/1.1 200
OK pixel
ad.ipredictive.com/d/track/cvt/ 631 B
858 B 441ms
108ms Image
image/jpeg 23.22.216.223
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.ipredictive.com/d/track/cvt/pixel?acct_id=58684&cache_buster=[timestamp]&gtmcb=145609931
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.22.216.223 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-22-216-223.compute-1.amazonaws.com
Software: /
Resource Hash: 25cf0f0ce42f8acd9ea6facc223f54105c7fd0cce63fb7bb5d83e6600100acbd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 08 Sep 2022 13:35:27 GMT
Content-Encoding: gzip
X-CI-RTID: 484013de-2b39-415b-a482-cc87878e28c9
Connection: keep-alive
Content-Length: 479
Content-Type: image/jpeg

GET
H/1.1 200
OK /
data.adxcel-ec2.com/pixel/ 43 B
131 B 446ms
110ms Image
image/gif 3.226.0.49
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adxcel-ec2.com/pixel/?ad_log=referer&action=content&pixid=f2fb3240-c0e1-432f-91c7-686941e6de69
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.226.0.49 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-226-0-49.compute-1.amazonaws.com
Software: /
Resource Hash: 693d949d8c3fdc7fd4ace7c340b5f177a9f0c5be7bafee8bc93a7d88b7523d75

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 p.css
p.typekit.net/ 5 B
195 B 94ms
19ms Stylesheet
text/css 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=hrp3szy&ht=tk&f=139.140.171.173.174.175.176.15701.15703.15705.15708&a=1630018&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/hrp3szy.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://use.typekit.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

unused62: 8096267
date: Thu, 08 Sep 2022 13:35:27 GMT
last-modified: Sat, 16 Oct 2021 08:18:43 GMT
server: nginx
etag: "616a8ae3-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

POST
H2 204 collect
region1.analytics.google.com/g/ 0
350 B 91ms
31ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-P9YZZV758Y&gtm=2oe8v0&_p=710267923&_gaz=1&cid=1299266622.1662644127&ul=en-us&sr=1600x1200&_z=ccd.v9B&_s=1&sid=1662644127&sct=1&seg=0&dl=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM&dt=Send%20Hope%20Every%20Month%20to%20Strong%20Refugees%20%7C%20USA%20for%20UNHCR&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P9YZZV758Y&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:27 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://give.unrefugees.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
stats.g.doubleclick.net/g/ 0
17 B 90ms
30ms Ping
text/plain 2a00:1450:400c:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-P9YZZV758Y&cid=1299266622.1662644127&gtm=2oe8v0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P9YZZV758Y&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:27 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://give.unrefugees.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 119ms
56ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-P9YZZV758Y&cid=1299266622.1662644127&gtm=2oe8v0&aip=1&z=1617039118

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
445 B 80ms
26ms XHR
text/plain 2a00:1450:400c:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-3754388-9&cid=1299266622.1662644127&jid=449972070&gjid=1538634257&_gid=1100773642.1662644127&_u=YCDAiAABRAAAAE~&z=1910617952

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://give.unrefugees.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 08 Sep 2022 13:35:27 GMT
content-type: text/plain
access-control-allow-origin: https://give.unrefugees.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 63ms
21ms Image
image/gif 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=710267923&t=pageview&_s=1&dl=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM&ul=en-us&de=UTF-8&dt=Send%20Hope%20Every%20Month%20to%20Strong%20Refugees%20%7C%20USA%20for%20UNHCR&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAiAABR~&jid=449972070&gjid=1538634257&cid=1299266622.1662644127&tid=UA-3754388-9&_gid=1100773642.1662644127&gtm=2wg8v0N9KWLLF&cd1=7011K0000023M9vQAE&cd2=7011K0000023MA0QAM&z=1569932434

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 13:44:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 85879
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 10095779.json Show response
s.yimg.com/wi/config/ 2 B
488 B 179ms
128ms XHR
application/json 2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/config/10095779.json

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-amz-request-id: GSVRTA4MJ09BYGQY
x-amz-id-2: Zr0uzOVzsAILCptaW8DBq2e5+mlJ3uX76qFk4MEqXqBjCJ+Az6nnQJMxzDUQ9CCTyxfI/wVlQ0Q=
referrer-policy: no-referrer-when-downgrade
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: public,max-age=3600
content-length: 22

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 63ms
26ms XHR
text/plain 2a00:1450:400c:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-1473340-18&cid=1299266622.1662644127&jid=85212888&gjid=1783002433&_gid=1100773642.1662644127&_u=aCHAiAABRAAAAE~&z=271613951

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://give.unrefugees.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 08 Sep 2022 13:35:27 GMT
content-type: text/plain
access-control-allow-origin: https://give.unrefugees.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 47ms
21ms Image
image/gif 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=710267923&t=pageview&_s=1&dl=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM&ul=en-us&de=UTF-8&dt=Send%20Hope%20Every%20Month%20to%20Strong%20Refugees%20%7C%20USA%20for%20UNHCR&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCHAiAABRAAAAE~&jid=85212888&gjid=1783002433&cid=1299266622.1662644127&tid=UA-1473340-18&_gid=1100773642.1662644127&gtm=2wg8v0N9KWLLF&cd3=USA&z=1533232683

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 13:44:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 85879
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5612726.js Show response
bat.bing.com/p/action/ 1 KB
861 B 164ms
163ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/5612726.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ARR/3.0

Resource Hash

0b98f9f666599d18f83e72683b9bf54591c01af7dbfffceda491f2dc59195b51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C1D5B770F86B4771AF8410910F5DFBD2 Ref B: FRA31EDGE0718 Ref C: 2022-09-08T13:35:27Z
x-powered-by: ARR/3.0
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private,max-age=60
date: Thu, 08 Sep 2022 13:35:27 GMT
content-length: 666

GET
H3 200 363860773806760 Show response
connect.facebook.net/signals/config/ 476 KB
140 KB 71ms
37ms Script
application/x-javascript 2a03:2880:f080:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/363860773806760?v=2.9.79&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f080:9:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

add985927c08f990ef9d071a7bd567545604e2dd355237034ff1809d8a64ae70

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 143576
x-xss-protection: 0
pragma: public
x-fb-debug: sVBhWcN9gum0rPI94L8Jpl8KqtLT+XYcM5vVxgkO/pyMw8fN0msv6LHi0OUsBJFuoF2EP/Fs7etXgcreC1vi8w==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 08 Sep 2022 13:35:27 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/957115417/ 3 KB
2 KB 125ms
66ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/957115417/?random=1662644127471&cv=9&fst=1662644127471&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg8v0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM&tiba=Send%20Hope%20Every%20Month%20to%20Strong%20Refugees%20%7C%20USA%20for%20UNHCR&auid=2018968887.1662644127&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9bc84b117915b314384a45915bdd2c29ed4edfa4bf6377fb5b695091ea458b06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1207
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 117ms
64ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3754388-9&cid=1299266622.1662644127&jid=449972070&_u=YCDAiAABRAAAAE~&z=520676714

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 66ms
60ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3754388-9&cid=1299266622.1662644127&jid=449972070&_u=YCDAiAABRAAAAE~&z=520676714

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 118ms
66ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-1473340-18&cid=1299266622.1662644127&jid=85212888&_u=aCHAiAABRAAAAE~&z=1710423614

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 65ms
59ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-1473340-18&cid=1299266622.1662644127&jid=85212888&_u=aCHAiAABRAAAAE~&z=1710423614

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sp.pl
sp.analytics.yahoo.com/ 43 B
632 B 156ms
48ms Image
image/gif 212.82.100.181
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/sp.pl?a=10000&d=Thu%2C%2008%20Sep%202022%2013%3A35%3A27%20GMT&n=0&b=Send%20Hope%20Every%20Month%20to%20Strong%20Refugees%20%7C%20USA%20for%20UNHCR&.yp=10095779&f=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM&enc=UTF-8&yv=1.13.0&tagmgr=gtm

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.181 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

spdc.pbp.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:27 GMT
x-content-type-options: nosniff
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 43
referrer-policy: strict-origin-when-cross-origin
expires: Thu, 08 Sep 2022 13:35:27 GMT

GET
H2 200 5612726 Show response
www.clarity.ms/tag/uet/ 2 KB
2 KB 194ms
118ms Script
application/x-javascript 2620:1ec:27::cafe:1995
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/5612726
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/5612726.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1995 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: d23a34dbb1eae10074d494e1b6a8beee6b4cdb647dda79a302b05463d43a98f1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:26 GMT
x-powered-by: ASP.NET
x-azure-ref: 0n+8ZYwAAAAAhiD/K8rRvT7gxOER16OvHUEFSMDJFREdFMDYxOQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
expires: -1
cache-control: no-cache, no-store
request-context: appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8

POST
H2 200 events Show response
lyibja.unrefugees.org/ 0
166 B 764ms
189ms XHR
text/plain 52.25.243.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://lyibja.unrefugees.org/events

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/signals/config/363860773806760?v=2.9.79&r=stable

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.25.243.35 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-25-243-35.us-west-2.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://give.unrefugees.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://give.unrefugees.org
date: Thu, 08 Sep 2022 13:35:28 GMT
access-control-allow-credentials: true
vary: origin
content-length: 0
strict-transport-security: max-age=15724800; includeSubDomains

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 103ms
31ms Image
image/gif 2a03:2880:f173:81:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=363860773806760&ev=PageView&dl=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D_removed_%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM%26_filteredParams%3D%257B%2522unwantedParams%2522%253A%255B%2522utm_cid%2522%255D%252C%2522sensitiveParams%2522%253A%255B%255D%257D&rl=&if=false&ts=1662644127709&sw=1600&sh=1200&v=2.9.79&r=stable&ec=0&o=30&fbp=fb.1.1662644127704.640969038&eid=ob3_plugin-set_8e0fb1eb646b43378e5632919488cfa0ec0b56d6845cff3cc61b1570847d580c&it=1662644127452&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f173:81:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Thu, 08 Sep 2022 13:35:27 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/957115417/ 42 B
64 B 73ms
72ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/957115417/?random=1662644127471&cv=9&fst=1662642000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg8v0&sendb=1&frm=0&url=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM&tiba=Send%20Hope%20Every%20Month%20to%20Strong%20Refugees%20%7C%20USA%20for%20UNHCR&async=1&fmt=3&is_vtc=1&random=1318360386&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/957115417/ 42 B
64 B 80ms
37ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/957115417/?random=1662644127471&cv=9&fst=1662642000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg8v0&sendb=1&frm=0&url=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM&tiba=Send%20Hope%20Every%20Month%20to%20Strong%20Refugees%20%7C%20USA%20for%20UNHCR&async=1&fmt=3&is_vtc=1&random=1318360386&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css.escape.js Show response
app.dafwidget.com/api/js/ 3 KB
3 KB 110ms
109ms Script
application/javascript 54.160.6.45
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.dafwidget.com/api/js/css.escape.js
Requested by: Host: app.dafwidget.com
URL: https://app.dafwidget.com/api/js/source.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.160.6.45 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-160-6-45.compute-1.amazonaws.com
Software: nginx / Express
Resource Hash: 1c1a744432792356c2e9d9abdaa97182f3757a89b4cb5be5a3aa13c20cdd802b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
last-modified: Fri, 16 Jul 2021 11:59:36 GMT
server: nginx
x-powered-by: Express
etag: W/"c51-17aaf2fb1dd"
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 3153

GET
H2 200 source.css
app.dafwidget.com/api/js/ 4 KB
4 KB 110ms
110ms Stylesheet
text/css 54.160.6.45
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.dafwidget.com/api/js/source.css
Requested by: Host: app.dafwidget.com
URL: https://app.dafwidget.com/api/js/source.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.160.6.45 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-160-6-45.compute-1.amazonaws.com
Software: nginx / Express
Resource Hash: eaf0ec8226518eb627f5fade801052a1ea281c506ebce8ce8ae99a27138ba2e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
last-modified: Fri, 16 Jul 2021 11:59:36 GMT
server: nginx
x-powered-by: Express
etag: W/"e14-17aaf2fb115"
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 3604

GET
H2 200 l
use.typekit.net/af/925423/00000000000000003b9b038f/27/ 19 KB
20 KB 72ms
18ms Font
application/font-woff2 2a02:26f0:3500:16::215:148f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/925423/00000000000000003b9b038f/27/l?subset_id=2&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/hrp3szy.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 7c707b4d486575fcdf35497e30073fd70f0a9ea072e4ca1ca724da7fbab22a9b

Request headers

Referer: https://use.typekit.net/hrp3szy.css
Origin: https://give.unrefugees.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
server: nginx
etag: "af967ea1356382090341795946181a15b4b5bcf0"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 19900

GET
H2 200 clarity.js Show response
www.clarity.ms/eus/s/0.6.40/ 54 KB
23 KB 110ms
109ms Script
application/javascript 2620:1ec:27::cafe:1995
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/eus/s/0.6.40/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/5612726
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1995 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: bbffae0d03e6d48b808856596e595ab718c08bbc4476e7323bfcff4a6f833260

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:27 GMT
content-encoding: br
etag: "1d8bd4806fdad30"
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
x-azure-ref: 0n+8ZYwAAAADLlIk2uWo5RZrVlOXxi8naUEFSMDJFREdFMDYxOQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
accept-ranges: bytes
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H2 200 pptm.js Show response
www.paypal.com/tagmanager/ 13 KB
6 KB 22ms
22ms Script
application/x-javascript 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/tagmanager/pptm.js?id=give.unrefugees.org&t=xo&v=5.0.331&source=payments_sdk&client_id=AbIbWRBITO6eG3wyKiWl5Tg03s8mty2ct1y5jK221ZKyJuzQrvBEXWq0916mpH91fZGXlxFY09_R16eo&vault=true

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AbIbWRBITO6eG3wyKiWl5Tg03s8mty2ct1y5jK221ZKyJuzQrvBEXWq0916mpH91fZGXlxFY09_R16eo&vault=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ae1662193e0ecd1f056be27cc9acb52ddae8b158d989f376b592f1eb57065b2b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-td7ghEX7bu1wt9qEbClK+uH7nCg3XYtjRA1OdoD6RfnSPcsc' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://nexus.ensighten.com https://.google-analytics.com 'unsafe-inline' https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-td7ghEX7bu1wt9qEbClK+uH7nCg3XYtjRA1OdoD6RfnSPcsc' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding: gzip
x-content-type-options: nosniff
age: 65099
x-cache: HIT
paypal-debug-id: f1695675eed17
server-timing: "traceparent;desc="00-0000000000000000000f1695675eed17-e56166533a7e162e-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 4743
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4083-HHN
traceparent: 00-0000000000000000000f1695675eed17-219288ce76be1e30-01
x-timer: S1662644128.992693,VS0,VE2
x-frame-options: SAMEORIGIN
date: Thu, 08 Sep 2022 13:35:27 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/x-javascript; charset=utf-8
via: 1.1 varnish
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600
etag: W/"3537-1Oekvl/1ty1+MYlpXAo4iQ658n8"
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/ 392 KB
157 KB 73ms
20ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbea10abc6a4fb6c6db32f7ff91d4e53f496579268f4f28e4e15f14c76cdd088

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://give.unrefugees.org/
Origin: https://give.unrefugees.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 12:11:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5040
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 159560
x-xss-protection: 0
last-modified: Fri, 02 Sep 2022 18:40:58 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 08 Sep 2023 12:11:28 GMT

GET
H/1.1 200
OK tv2track.php
collector-3219.tvsquared.com/ 42 B
276 B 116ms
116ms Image
image/gif 3.129.137.210
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://collector-3219.tvsquared.com/tv2track.php?action_name=Send%20Hope%20Every%20Month%20to%20Strong%20Refugees%20%7C%20USA%20for%20UNHCR&idsite=TV-63728109-1&rec=1&r=401082&h=13&m=35&s=27&url=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM&_id=35bfb09150b2e18b&_idts=1662644128&_idvc=0&_idn=1&_viewts=&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=0&java=0&gears=0&ag=0&cookie=1&res=1600x1200&gt_ms=1711
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.129.137.210 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-129-137-210.us-east-2.compute.amazonaws.com
Software: nginx /
Resource Hash: f0c71e3da5b3fcab3c66af1cf0cdbf262c97b9330b7b37116f1ae2ab18bdc660

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 08 Sep 2022 13:35:28 GMT
Server: nginx
Connection: keep-alive
Request-Id: c95c1418-a059-43f6-b234-803f2db496f5
P3p: CP='OTI DSP COR NID STP UNI OTPa OUR'
Content-Length: 42
Content-Type: image/gif

GET
H2 200 muse.js Show response
www.paypalobjects.com/muse/ 55 KB
17 KB 100ms
20ms Script
application/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/muse.js

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/tagmanager/pptm.js?id=give.unrefugees.org&t=xo&v=5.0.331&source=payments_sdk&client_id=AbIbWRBITO6eG3wyKiWl5Tg03s8mty2ct1y5jK221ZKyJuzQrvBEXWq0916mpH91fZGXlxFY09_R16eo&vault=true

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

64b32d14f993564fe182a5690410f7d4aa2ace59934eac09d7dcf03a68ec7566

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT, HIT
paypal-debug-id: 84840867de170
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 16464
x-served-by: cache-sjc10072-SJC, cache-hhn4035-HHN
last-modified: Tue, 03 May 2022 17:28:29 GMT
x-timer: S1662644128.098719,VS0,VE0
etag: W/"6271663d-da91"
strict-transport-security: max-age=31557600
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits: 224096, 398846

GET
H2 200 ts
t.paypal.com/ 42 B
748 B 268ms
183ms Image
image/gif 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3AZXYADENKNJPZE-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3AZXYADENKNJPZE-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3f710125-e254-44cc-ba7e-5d8abc3fb13d&fltp=analytics&mrid=ZXYADENKNJPZE&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Send%20Hope%20Every%20Month%20to%20Strong%20Refugees%20%7C%20USA%20for%20UNHCR&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1662644128008&g=0&completeurl=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frb/66AC) /

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:28 GMT
content-type: image/gif
server: ECAcc (frb/66AC)
traceparent: 00-00000000000000000007b354967444b5-2d7e74116cdb26f8-01
strict-transport-security: max-age=63072000; includeSubDomains; preload
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 7b354967444b5
cache-control: max-age=0, no-cache, no-store, must-revalidate
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=166
timing-allow-origin: *
content-length: 42
expires: Thu, 08 Sep 2022 13:35:28 GMT

GET
H2 200 index.html Show response
www.paypalobjects.com/muse/analytics/ Frame C1F1 54 KB
17 KB 22ms
22ms Document
text/html 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/analytics/index.html

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/muse.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8ae3400104c7b0db11e9fe317236e68a26afba6580192041e87038ceff4db638

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://give.unrefugees.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-encoding: gzip
content-length: 16791
content-type: text/html
date: Thu, 08 Sep 2022 13:35:28 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"6271663d-d994"
last-modified: Tue, 03 May 2022 17:28:29 GMT
paypal-debug-id: 50b39f10d2761
strict-transport-security: max-age=31557600
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
x-cache-hits: 266413, 419844
x-content-type-options: nosniff
x-served-by: cache-sjc10044-SJC, cache-hhn4035-HHN
x-timer: S1662644128.162288,VS0,VE0

POST
H2 204 collect Show response
d.clarity.ms/ 0
179 B 436ms
211ms XHR
text/plain 40.76.174.66
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus/s/0.6.40/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 40.76.174.66 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://give.unrefugees.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-origin: https://give.unrefugees.org
date: Thu, 08 Sep 2022 13:35:27 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 6582 0
18 B 63ms
30ms Document
text/plain 2a03:2880:f173:81:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f173:81:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://give.unrefugees.org
Referer: https://give.unrefugees.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://give.unrefugees.org
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Thu, 08 Sep 2022 13:35:28 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 ts
t.paypal.com/ 42 B
492 B 183ms
183ms Image
image/gif 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3AZXYADENKNJPZE-1&page=muse%3Aoffer%3A%3A%3AZXYADENKNJPZE-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=3f710125-e254-44cc-ba7e-5d8abc3fb13d&es=visitorInfoFlowStarted&mrid=ZXYADENKNJPZE&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Send%20Hope%20Every%20Month%20to%20Strong%20Refugees%20%7C%20USA%20for%20UNHCR&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1662644128307&g=0&completeurl=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frb/6757) /

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:28 GMT
content-type: image/gif
server: ECAcc (frb/6757)
traceparent: 00-0000000000000000000e08b115e0be23-91ea990d7b4f6427-01
strict-transport-security: max-age=63072000; includeSubDomains; preload
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: e08b115e0be23
cache-control: max-age=0, no-cache, no-store, must-revalidate
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=165
timing-allow-origin: *
content-length: 42
expires: Thu, 08 Sep 2022 13:35:28 GMT

POST
H2 200 graphql Show response
www.paypal.com/targeting/ Frame C1F1 435 B
2 KB 290ms
290ms Fetch
application/json 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/targeting/graphql

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

60736035e6f8077fde33436b0b4fce5b54beb1c1fe5a5c5dc3107edd4801046c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; img-src 'self' https:; script-src 'nonce-Hi56C+3OxbA/k9DyJQ/zx2uflmH8il/GwcFWvh+AEKBzA3yV' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; object-src 'none'; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.paypalobjects.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-Hi56C+3OxbA/k9DyJQ/zx2uflmH8il/GwcFWvh+AEKBzA3yV' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
via: 1.1 varnish
vary: Accept-Encoding
x-cache: MISS
paypal-debug-id: f315860e9ce94
date: Thu, 08 Sep 2022 13:35:28 GMT
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4083-HHN
traceparent: 00-0000000000000000000f315860e9ce94-e0aa636883fa4dc5-01
x-timer: S1662644129.580519,VS0,VE259
x-frame-options: SAMEORIGIN
etag: W/W/"1b3-hlppHJR03PsMUUDJRqDs521CHKQ"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypalobjects.com
content-encoding: br
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0

OPTIONS
H2 204 graphql
www.paypal.com/targeting/ Frame 0
0 245ms
200ms Preflight 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/targeting/graphql

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.paypalobjects.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://www.paypalobjects.com
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
date: Thu, 08 Sep 2022 13:35:28 GMT
dc: ccg11-origin-www-1.paypal.com
paypal-debug-id: f8234739fbb35
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f8234739fbb35-4662389f3d789e7e-01
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-hhn4064-HHN
x-timer: S1662644128.367690,VS0,VE182

GET
H3 200 payframe Show response
pay.google.com/gp/p/ui/ Frame 30E2 18 KB
7 KB 277ms
222ms Document
text/html 2a00:1450:400c:c0c::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fgive.unrefugees.org&mid=

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/js/pay.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c0c::5c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

befcb94ffc0236dd141b0f65ad9cc9c23de8adad58af036423832301dac07602

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-BNAvSnAOBbAX4eAvxbYu-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://give.unrefugees.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=3600
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-BNAvSnAOBbAX4eAvxbYu-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin; report-to="InstantbuyFrontendBuyflowPayframeUi"
cross-origin-resource-policy: same-site
date: Thu, 08 Sep 2022 13:35:28 GMT
expires: Thu, 08 Sep 2022 13:35:28 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"InstantbuyFrontendBuyflowPayframeUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendBuyflowPayframeUi/external"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 0

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 7014 43 KB
22 KB 40ms
40ms Document
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdZJnUUAAAAAOw4JvRyjeAl2m7wg02iD6YH5iqm&co=aHR0cHM6Ly9naXZlLnVucmVmdWdlZXMub3JnOjQ0Mw..&hl=de&v=duyHVVR9Brf6N2GewjkPRfsA&size=normal&cb=ne116zirvf1o

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

42c537b7d75a35f4f765fbb803859df131978101e2ffb6ea4a2f20093161a375

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-yh5Y0VUAjciMfe_eKZ60Wg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://give.unrefugees.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 22885
content-security-policy: script-src 'report-sample' 'nonce-yh5Y0VUAjciMfe_eKZ60Wg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 08 Sep 2022 13:35:28 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 204 0
bat.bing.com/action/ 0
176 B 47ms
47ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=5612726&tm=gtm002&Ver=2&mid=3c14844d-47cd-458b-a92c-4cf9849e6ece&sid=1a1687502f7b11ed987d45d63e232635&vid=1a16ad302f7b11edaa379dba66d6ef48&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Send%20Hope%20Every%20Month%20to%20Strong%20Refugees%20%7C%20USA%20for%20UNHCR&p=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM&r=&lt=3981&evt=pageLoad&sv=1&rn=159274

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FFB62197284248729A4E6B99AAAA760B Ref B: FRA31EDGE0718 Ref C: 2022-09-08T13:35:28Z
date: Thu, 08 Sep 2022 13:35:27 GMT
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tc.min.js Show response
c1.rfihub.net/js/ 19 KB
6 KB 95ms
18ms Script
application/x-javascript 2600:9000:223c:c000:1:76cf:fe80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/tc.min.js
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:c000:1:76cf:fe80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 12:48:53 GMT
content-encoding: gzip
last-modified: Thu, 08 Sep 2022 12:48:43 GMT
server: Jetty(9.3.29.v20201019)
age: 2795
x-cache: Hit from cloudfront
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
via: 1.1 7ed0982309781d390a105a3ead66dbfa.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
x-amz-cf-pop: FRA56-P2
content-type: application/x-javascript
content-length: 6162
x-amz-cf-id: vF8TGITNgWenz06bWKXYJa58Fb9dBq-mVw4ahJdECJdzk_TrN9_ZAw==
expires: Thu, 08 Sep 2022 13:48:53 GMT

GET
H/1.1 200
OK event Show response
ad.ipredictive.com/d/track/ Frame 1105 0
327 B 109ms
108ms Document
text/plain 23.22.216.223
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.ipredictive.com/d/track/event?upid=101374&cache_buster=1662644127&url=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM&val=undefined&tn=undefined&itms=undefined
Requested by: Host: js.ipredictive.com
URL: https://js.ipredictive.com/adelphic_universal_pixel.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.22.216.223 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-22-216-223.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://give.unrefugees.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Length: 0
Date: Thu, 08 Sep 2022 13:35:28 GMT
X-CI-RTID: 6158c988-02cf-41f1-a16f-57b806906512

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/ Frame 7014 52 KB
24 KB 57ms
19ms Stylesheet
text/css 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdZJnUUAAAAAOw4JvRyjeAl2m7wg02iD6YH5iqm&co=aHR0cHM6Ly9naXZlLnVucmVmdWdlZXMub3JnOjQ0Mw..&hl=de&v=duyHVVR9Brf6N2GewjkPRfsA&size=normal&cb=ne116zirvf1o

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

caf2650aa985d277b2dd131a6261888bc64e6c9bc15e5564bfb9b380bcf82a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:29:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 341
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24251
x-xss-protection: 0
last-modified: Fri, 02 Sep 2022 18:40:58 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 08 Sep 2023 13:29:47 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/ Frame 7014 392 KB
156 KB 56ms
18ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbea10abc6a4fb6c6db32f7ff91d4e53f496579268f4f28e4e15f14c76cdd088

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 12:11:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5040
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 159560
x-xss-protection: 0
last-modified: Fri, 02 Sep 2022 18:40:58 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 08 Sep 2023 12:11:28 GMT

GET
H/1.1 200
OK ca.html Show response
20826429p.rfihub.com/ Frame 5271 3 KB
4 KB 302ms
53ms Document
text/html 193.0.160.128
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://20826429p.rfihub.com/ca.html?ver=9&rb=9587&ca=20826429&_o=9587&_t=20826429&pe=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM&pf=&ra=25081064198253133
Requested by: Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.128 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 3c4275705417d5c3ecd86a21381cf639f28a11af97be2861e63a3d1d433945e2

Request headers

Referer: https://give.unrefugees.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache
Content-Length: 2857
Content-Type: text/html;charset=utf-8
Date: Thu, 08 Sep 2022 13:35:28 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Jetty(9.3.29.v20201019)

GET
DATA 200
OK truncated
/ Frame 7014 14 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 7014 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 7014 2 KB
2 KB 19ms
18ms Image
image/png 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 18:59:48 GMT
x-content-type-options: nosniff
age: 153340
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Tue, 13 Sep 2022 18:59:48 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 7014 15 KB
16 KB 66ms
20ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 11:18:05 GMT
x-content-type-options: nosniff
age: 181043
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 06 Sep 2023 11:18:05 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 7014 102 B
134 B 29ms
29ms Other
text/javascript 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=duyHVVR9Brf6N2GewjkPRfsA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3444cd05f786fc062fcb5c164604566935c9c5b25706eeab6189b3a0f37d058d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdZJnUUAAAAAOw4JvRyjeAl2m7wg02iD6YH5iqm&co=aHR0cHM6Ly9naXZlLnVucmVmdWdlZXMub3JnOjQ0Mw..&hl=de&v=duyHVVR9Brf6N2GewjkPRfsA&size=normal&cb=ne116zirvf1o
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Thu, 08 Sep 2022 13:35:28 GMT

POST
H3 404 cspreport
pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/ Frame 30E2 2 KB
2 KB 28ms
28ms Other
text/html 2a00:1450:400c:c0c::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400c:c0c::5c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101

Request headers

Referer: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fgive.unrefugees.org&mid=
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Thu, 08 Sep 2022 13:35:28 GMT
referrer-policy: no-referrer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1608
content-type: text/html; charset=UTF-8

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame 5DA5 7 KB
1 KB 30ms
30ms Document
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=de&v=duyHVVR9Brf6N2GewjkPRfsA&k=6LdZJnUUAAAAAOw4JvRyjeAl2m7wg02iD6YH5iqm

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3c0303ff6a16c93c4393b4de6cf9ab459eabbb87444f96fbd80909565a0202ca

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-lYQcSsLTYH0NFjV9zn69sw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://give.unrefugees.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 1113
content-security-policy: script-src 'report-sample' 'nonce-lYQcSsLTYH0NFjV9zn69sw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 08 Sep 2022 13:35:28 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 m=_b,_tp,_r Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.DAbkwspyhJE.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfri... Frame 30E2 153 KB
54 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.DAbkwspyhJE.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrike0CRozUKZOlAXG5oZShvrke3Hw/m=_b,_tp,_r

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fgive.unrefugees.org&mid=

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b559d3220639c53ebea254a363ccb360375bb821f5b7736f43829b498af6bd04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 16:32:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75774
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55212
x-xss-protection: 0
last-modified: Wed, 07 Sep 2022 03:24:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Sep 2023 16:32:34 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/ Frame 5DA5 52 KB
24 KB 19ms
18ms Stylesheet
text/css 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=duyHVVR9Brf6N2GewjkPRfsA&k=6LdZJnUUAAAAAOw4JvRyjeAl2m7wg02iD6YH5iqm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

caf2650aa985d277b2dd131a6261888bc64e6c9bc15e5564bfb9b380bcf82a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:29:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 341
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24251
x-xss-protection: 0
last-modified: Fri, 02 Sep 2022 18:40:58 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 08 Sep 2023 13:29:47 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/ Frame 5DA5 392 KB
156 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=duyHVVR9Brf6N2GewjkPRfsA&k=6LdZJnUUAAAAAOw4JvRyjeAl2m7wg02iD6YH5iqm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbea10abc6a4fb6c6db32f7ff91d4e53f496579268f4f28e4e15f14c76cdd088

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 12:11:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5040
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 159560
x-xss-protection: 0
last-modified: Fri, 02 Sep 2022 18:40:58 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 08 Sep 2023 12:11:28 GMT

GET
H3 200 m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.DAbkwspyhJE.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.VX-... Frame 30E2 78 KB
28 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.DAbkwspyhJE.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.VX-cddxg5yk.L.B1.O/am=B4A/d=1/exm=_b,_r,_tp/excm=_b,_r,_tp,payframeview/ed=1/wt=2/rs=AMitfrhkrKWpfGX6l-CTghOIdH9D_RNINg/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yEQyxe:p8L0ob;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;EmZ2Bf:zr1jrb;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;j7137d:KG2eXe;Oj465e:KG2eXe;ul9GGd:VDovNc;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;SNUn3:ZwDk9d/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.DAbkwspyhJE.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrike0CRozUKZOlAXG5oZShvrke3Hw/m=_b,_tp,_r

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7011f0d772c98a1ad45cdd2dc607da4203957fd6a5e1a0d1473d9af07b4abd61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 16:32:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75773
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28845
x-xss-protection: 0
last-modified: Fri, 26 Aug 2022 02:25:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Sep 2023 16:32:35 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ Frame 30E2 49 KB
20 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.DAbkwspyhJE.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.VX-cddxg5yk.L.B1.O/am=B4A/d=1/exm=_b,_r,_tp/excm=_b,_r,_tp,payframeview/ed=1/wt=2/rs=AMitfrhkrKWpfGX6l-CTghOIdH9D_RNINg/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yEQyxe:p8L0ob;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;EmZ2Bf:zr1jrb;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;j7137d:KG2eXe;Oj465e:KG2eXe;ul9GGd:VDovNc;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;SNUn3:ZwDk9d/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 2008
date: Thu, 08 Sep 2022 13:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 08 Sep 2022 15:02:00 GMT

GET
H3 200 pay Show response
pay.google.com/gp/p/ui/ Frame 30E2 1 MB
353 KB 86ms
86ms XHR
text/html 2a00:1450:400c:c0c::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/pay

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.DAbkwspyhJE.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrike0CRozUKZOlAXG5oZShvrke3Hw/m=_b,_tp,_r

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c0c::5c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b41d2dd955de61763ddf996c38bd4a771b73924d26f6a6094dd6700601e61384

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, script-src 'report-sample' 'nonce-mEvV9OAjGq2_APE53sywzQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport/allowlist
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: same-site
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge
server: ESF
cross-origin-opener-policy: unsafe-none; report-to="InstantbuyFrontendBuyflowPayUi"
date: Thu, 08 Sep 2022 13:35:28 GMT
x-frame-options: DENY
report-to: {"group":"InstantbuyFrontendBuyflowPayUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendBuyflowPayUi/external"}]}
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: private, max-age=3600
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, script-src 'report-sample' 'nonce-mEvV9OAjGq2_APE53sywzQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport/allowlist
expires: Thu, 08 Sep 2022 13:35:28 GMT

GET
H3 200 m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.DAbkwspyhJE.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.VX-... Frame 30E2 18 KB
7 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.DAbkwspyhJE.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.VX-cddxg5yk.L.B1.O/am=B4A/d=1/exm=Das5Le,IZT63,PrPYRd,Ru0Pgb,ZyYHPb,_b,_r,_tp,hc6Ubd,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_r,_tp,payframeview/ed=1/wt=2/rs=AMitfrhkrKWpfGX6l-CTghOIdH9D_RNINg/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yEQyxe:p8L0ob;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;EmZ2Bf:zr1jrb;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;j7137d:KG2eXe;Oj465e:KG2eXe;ul9GGd:VDovNc;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;SNUn3:ZwDk9d/m=Wt6vjf,hhhU8,FCpbqb,WhJNk

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.DAbkwspyhJE.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrike0CRozUKZOlAXG5oZShvrke3Hw/m=_b,_tp,_r

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b9c7d08e4949c587d1bd516628b54456341ddcd177d8b0aa478dd22a6891a1b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 16:32:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75767
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7415
x-xss-protection: 0
last-modified: Fri, 26 Aug 2022 02:25:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Sep 2023 16:32:41 GMT

GET
H3 200 m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.DAbkwspyhJE.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.VX-... Frame 30E2 37 KB
14 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.DAbkwspyhJE.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.VX-cddxg5yk.L.B1.O/am=B4A/d=1/exm=Das5Le,FCpbqb,IZT63,PrPYRd,Ru0Pgb,WhJNk,Wt6vjf,ZyYHPb,_b,_r,_tp,hc6Ubd,hhhU8,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_r,_tp,payframeview/ed=1/wt=2/rs=AMitfrhkrKWpfGX6l-CTghOIdH9D_RNINg/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yEQyxe:p8L0ob;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;EmZ2Bf:zr1jrb;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;j7137d:KG2eXe;Oj465e:KG2eXe;ul9GGd:VDovNc;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;SNUn3:ZwDk9d/m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.DAbkwspyhJE.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrike0CRozUKZOlAXG5oZShvrke3Hw/m=_b,_tp,_r

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aaa258d4bd1a2218fc34a70ada054051c1b5f2f779f284defe21f28815ceb2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 16:32:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75767
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14028
x-xss-protection: 0
last-modified: Fri, 26 Aug 2022 02:25:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 07 Sep 2023 16:32:41 GMT

POST
H3 200 log Show response
play.google.com/ Frame 30E2 131 B
155 B 94ms
55ms XHR
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.DAbkwspyhJE.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrike0CRozUKZOlAXG5oZShvrke3Hw/m=_b,_tp,_r

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Thu, 08 Sep 2022 13:35:28 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Thu, 08 Sep 2022 13:35:28 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 75ms
26ms Preflight
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Thu, 08 Sep 2022 13:35:28 GMT
expires: Thu, 08 Sep 2022 13:35:28 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame 30E2 131 B
155 B 69ms
29ms XHR
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.DAbkwspyhJE.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrike0CRozUKZOlAXG5oZShvrke3Hw/m=_b,_tp,_r

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Thu, 08 Sep 2022 13:35:28 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Thu, 08 Sep 2022 13:35:28 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 70ms
26ms Preflight
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Thu, 08 Sep 2022 13:35:28 GMT
expires: Thu, 08 Sep 2022 13:35:28 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame 30E2 131 B
155 B 68ms
30ms XHR
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.DAbkwspyhJE.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrike0CRozUKZOlAXG5oZShvrke3Hw/m=_b,_tp,_r

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Thu, 08 Sep 2022 13:35:28 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Thu, 08 Sep 2022 13:35:28 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 67ms
26ms Preflight
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Thu, 08 Sep 2022 13:35:28 GMT
expires: Thu, 08 Sep 2022 13:35:28 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H/1.1

200
OK

cm
a.rfihub.com/ Frame 5271
Redirect Chain

https://cm.g.doubleclick.net/pixel?&in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=NTE0MDA4NDkyMTc3MzkyNzA1OA==&forward=
https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEJJE2-Mjfa0ma_J8EdZrcCo&google_cver=1

42 B
1005 B

162ms
42ms

Image
image/gif

193.0.160.128
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEJJE2-Mjfa0ma_J8EdZrcCo&google_cver=1
Protocol: HTTP/1.1
Server: 193.0.160.128 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 08 Sep 2022 13:35:29 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:28 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEJJE2-Mjfa0ma_J8EdZrcCo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 311
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 5271
Redirect Chain

https://ib.adnxs.com/setuid?entity=18&code=5140084921773927058
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D5140084921773927058

43 B
1 KB

42ms
42ms

Image
image/gif

185.89.211.84
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D5140084921773927058

Protocol

HTTP/1.1

Server

185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Sep 2022 13:35:29 GMT
X-Proxy-Origin: 217.114.218.22; 217.114.218.22; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 83196925-f9ef-4e87-8ea4-08cbd8735692
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 08 Sep 2022 13:35:28 GMT
X-Proxy-Origin: 217.114.218.22; 217.114.218.22; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 3c26cf0d-66ad-4884-8116-2dbe568e7b94
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D5140084921773927058
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame 5271 0
239 B 106ms
21ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=5140084921773927058&
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Content-Type: image/gif

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/ Frame 5271
Redirect Chain

https://dpm.demdex.net/ibs:dpid=1121&dpuuid=5140084921773927058&redir=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5140084921773927058&redir=

42 B
942 B

48ms
48ms

Image
image/gif

34.252.39.216
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5140084921773927058&redir=

Protocol

HTTP/1.1

Server

34.252.39.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-252-39-216.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v039-057567d84.edge-irl1.demdex.com 3 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 7IIKuQtETcU=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v039-0f7e61f04.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: xFWj1CRIQKM=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5140084921773927058&redir=
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1

200
OK

match
ps.eyeota.net/ Frame 5271
Redirect Chain

https://p.rfihub.com/cm?pub=24472&in=1
https://ps.eyeota.net/match?uid=5140084921773927058&bid=omt9pi0

0
344 B

96ms
20ms

Image
text/plain

3.122.214.165
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match?uid=5140084921773927058&bid=omt9pi0
Protocol: HTTP/1.1
Server: 3.122.214.165 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-214-165.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 08 Sep 2022 13:35:29 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

Location: https://ps.eyeota.net/match?uid=5140084921773927058&bid=omt9pi0
Date: Thu, 08 Sep 2022 13:35:28 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 cksync.php
contextual.media.net/ Frame 5271 45 B
630 B 112ms
62ms Image
image/gif 23.35.228.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=rkt&ovsid=5140084921773927058

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-35-228-23.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
server: Apache
date: Thu, 08 Sep 2022 13:35:28 GMT
vary: Accept-Encoding
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 45
x-mnet-hl2: E
expires: Thu, 08 Sep 2022 13:35:28 GMT

GET
H2 200 serving
bs.serving-sys.com/ Frame 5271 0
105 B 84ms
19ms Image
text/plain 3.123.131.103
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bs.serving-sys.com/serving?cn=um&dpid=12&rtu=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D17945%26userid%3D%5B%25tp_UserID%25%5D
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.123.131.103 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-131-103.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:28 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-length: 0
p3p: CP="NOI DEVa OUR BUS UNI"

GET
H3

451

501709.gif
idsync.rlcdn.com/ Frame 5271
Redirect Chain

https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=5140084921773927058&referrer=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031...
https://p.rfihub.com/cm?pub=39342&in=0&userid=8ba5c303-af95-4dd1-9801-e3d71e9fad2f%3A1662644128.9283571&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D8ba5c303-af95-4dd1-9801-e3d71e9...
https://idsync.rlcdn.com/501709.gif?partner_uid=8ba5c303-af95-4dd1-9801-e3d71e9fad2f%3A1662644128.9283571

0
9 B

73ms
31ms

Image
text/plain

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/501709.gif?partner_uid=8ba5c303-af95-4dd1-9801-e3d71e9fad2f%3A1662644128.9283571
Protocol: H3
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:29 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

Redirect headers

Location: https://idsync.rlcdn.com/501709.gif?partner_uid=8ba5c303-af95-4dd1-9801-e3d71e9fad2f%3A1662644128.9283571
Date: Thu, 08 Sep 2022 13:35:29 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 /
bpi.rtactivate.com/tag/ Frame 5271 43 B
109 B 377ms
135ms Image
image/gif 3.224.161.11
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bpi.rtactivate.com/tag/?id=11017&user_id=5140084921773927058
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.224.161.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-224-161-11.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:29 GMT
server: awselb/2.0
content-length: 43
content-type: image/gif

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 5271
Redirect Chain

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5140084921773927058&forward=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5140084921773927058&forward=&C=1

43 B
877 B

92ms
64ms

Image
image/gif

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5140084921773927058&forward=&C=1
Protocol: H3
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray: 7478114db87b9963-FRA
pragma: no-cache
date: Thu, 08 Sep 2022 13:35:28 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vvPC0fCb3HOrzsKil3bTWphfzr4OikaqdBsAB4bm2LkXiPPhgDvNBU%2FvPDl1Gx920cy4r%2F8GOZ7kZHs0P63Vn5Oly0wszKKXL8f810TW37NE%2BFWBtXbIpadVYTvJMh7vjMF27sMcP0quRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:28 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iq9vJo0UMfZNWV%2F8%2FRIZJkCfgMBydeo3zdiHUS6y0wxj1ze2zpGsybejoRlt1vb6Wqw0AFtzGV0vtuDm1W3T60eWIoiUTrH2ndr%2B5rcfjw1UWKHXtBAUDJLxxhUxzQCDdEfs1dA%2BRyFhJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=57&external_user_id=5140084921773927058&forward=&C=1
cache-control: no-cache
cf-ray: 7478114d4b689b94-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H2 451 360947.gif
idsync.rlcdn.com/ Frame 5271 0
98 B 77ms
29ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/360947.gif?partner_uid=5140084921773927058
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:28 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 rocketfuel_sync
x.dlx.addthis.com/e/ Frame 5271 43 B
191 B 236ms
175ms Image
image/gif 69.192.160.219
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://x.dlx.addthis.com/e/rocketfuel_sync?na_exid=5140084921773927058

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

69.192.160.219 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a69-192-160-219.deploy.static.akamaitechnologies.com

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=2628000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:29 GMT
cache-control: max-age=0, no-cache, no-store
expires: Thu, 08 Sep 2022 13:35:29 GMT
content-length: 43
strict-transport-security: max-age=2628000
content-type: image/gif

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 5271
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7180&uid=5140084921773927058&img=1
https://sync.search.spotxchange.com/partner?adv_id=7180&uid=5140084921773927058&img=1&__user_check__=1&sync_id=1a79080a-2f7b-11ed-93e1-141484330106

43 B
548 B

28ms
28ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7180&uid=5140084921773927058&img=1&__user_check__=1&sync_id=1a79080a-2f7b-11ed-93e1-141484330106
Protocol: HTTP/1.1
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 08 Sep 2022 13:35:29 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 72
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Thu, 08 Sep 2022 13:35:28 GMT
Server: nginx
Location: /partner?adv_id=7180&uid=5140084921773927058&img=1&__user_check__=1&sync_id=1a79080a-2f7b-11ed-93e1-141484330106
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 2
Connection: keep-alive
Content-Length: 0

GET
H2 200 sync
partners.tremorhub.com/ Frame 5271 43 B
183 B 336ms
106ms Image
image/gif 2600:1f18:612b:4264:562f:45f1:d263:2a9f
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partners.tremorhub.com/sync?UIRF=5140084921773927058&r=uX0kR5wT_dEB
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4264:562f:45f1:d263:2a9f Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:29 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

GET
H2 200 g.pixel
aa.agkn.com/adscores/ Frame 5271 43 B
377 B 74ms
21ms Image
image/gif 52.59.153.178
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aa.agkn.com/adscores/g.pixel?sid=9212192898&rf=5140084921773927058
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.59.153.178 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-59-153-178.eu-central-1.compute.amazonaws.com
Software: AAWebServer /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:29 GMT
server: AAWebServer
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length: 43
expires: 0

GET
H2 204 usermatch.gif
beacon.krxd.net/ Frame 5271 0
338 B 134ms
41ms Image
text/plain 34.249.119.142
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner_id=rfuel&partner_user_id=5140084921773927058
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.119.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-119-142.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:29 GMT
cache-control: private, no-cache, no-store
x-request-time: D=25 t=1662644129
x-served-by: beacon-n011-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1

200
OK

sync
x.bidswitch.net/ul_cb/ Frame 5271
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=119&user_id=5140084921773927058&expires=30
https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5140084921773927058&expires=30

43 B
495 B

23ms
23ms

Image
image/gif

35.158.225.181
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5140084921773927058&expires=30
Protocol: HTTP/1.1
Server: 35.158.225.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-225-181.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 08 Sep 2022 13:35:29 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

Location: https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5140084921773927058&expires=30
Date: Thu, 08 Sep 2022 13:35:29 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2 503 /
sync-tm.everesttech.net/upi/pid/Mlpt2JaG/ Frame 5271 0
177 B 70ms
18ms Image
text/plain 151.101.130.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:29 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1662644129.179599,VS0,VE0
x-cache: MISS
cache-control: no-cache
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
retry-after: 0
x-served-by: cache-hhn4024-HHN

GET
H2 200 nr-1216.min.js Show response
js-agent.newrelic.com/ 38 KB
14 KB 68ms
20ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1216.min.js
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-version-id: mHHzJIqOizHibcYt0xqAszRr0gQRiNYy
content-encoding: gzip
etag: "9f533d8cd24b2c5e3b4dc886ecbd43e8"
x-amz-request-id: QS55VTZ5KYBT01RF
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 14391
x-amz-id-2: LqMYMQa4YU1cIYkATbA3xCSvsTD2lndpXc+K9jTcrBu4zKcsnQNt7LnOCIo6x7yoHpJFT7uuVmQ=
x-served-by: cache-hhn4035-HHN
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
server: AmazonS3
x-timer: S1662644129.836516,VS0,VE0
date: Thu, 08 Sep 2022 13:35:28 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 17781

GET
H2 200 init Show response
tr.snapchat.com/ 126 B
482 B 83ms
31ms Fetch
application/json 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/init?pids=cda0845c-e241-4b98-8d4b-abdc76d31d9d

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

12508b19faedfa9714a0bf0a82f169ef2ab2643876fe39378238f23269ade7f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:28 GMT
content-encoding: gzip
server: API Gateway
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://give.unrefugees.org
x-envoy-upstream-service-time: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
via: 1.1 google

GET
H2 200 is_enabled Show response
tr.snapchat.com/collector/ 79 B
165 B 83ms
31ms Fetch
application/json 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/collector/is_enabled?pids=cda0845c-e241-4b98-8d4b-abdc76d31d9d&tld=org

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

8a61554434c7128a3a83d11cae561554db4f9790b14a41093314c89ef3403724

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:28 GMT
content-encoding: gzip
server: API Gateway
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://give.unrefugees.org
x-envoy-upstream-service-time: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
via: 1.1 google

GET
H/1.1 200
OK check.js;CIS3SID=057D181EF27EA910679D9E45315AEA0C Show response
h.online-metrix.net/fp/ Frame 60DB 267 KB
46 KB 35ms
35ms Script
text/javascript 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/check.js;CIS3SID=057D181EF27EA910679D9E45315AEA0C?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&nonce=78e9b39f3d6f111d&jb=35392e24687b6f753555696e666f7f73246a7b673d55696e6c6d7573273a30313224687162773f4368726f6d6d24687b623d4b6a726f6f652d323231383d

Requested by

Host: h.online-metrix.net
URL: https://h.online-metrix.net/fp/tags.js?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&pageid=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

41cb486e6d5fbfa124e40c3b5579975cb18561c01bfa5748a53a96d61f279792

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Sep 2022 13:35:28 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
tmx-nonce: 78e9b39f3d6f111d
Connection: Keep-Alive, Keep-Alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=99
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
h.online-metrix.net/fp/ Frame 60DB 81 B
475 B 76ms
25ms Image
image/png 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://h.online-metrix.net/fp/clear.png?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&nonce=78e9b39f3d6f111d&ck=0&m=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Sep 2022 13:35:28 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
h.online-metrix.net/fp/ Frame 60DB 81 B
475 B 75ms
25ms Image
image/png 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://h.online-metrix.net/fp/clear.png?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&nonce=78e9b39f3d6f111d&ck=0&m=2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Sep 2022 13:35:28 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=CBE4708A134D4CEB8BC6A9C85FBD7807&RedC=c.clarity.ms&MXFR=2FACEB675E89630824E4F97E5A896D07
https://c.clarity.ms/c.gif?CtsSyncId=CBE4708A134D4CEB8BC6A9C85FBD7807&MUID=2E485A27A2286C8A258D483EA3846DEA

42 B
391 B

40ms
40ms

Image
image/gif

20.234.93.27
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=CBE4708A134D4CEB8BC6A9C85FBD7807&MUID=2E485A27A2286C8A258D483EA3846DEA
Protocol: H2
Server: 20.234.93.27 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:29 GMT
last-modified: Wed, 17 Aug 2022 23:56:46 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "de363c295b2d81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:28 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 44787DCB2DA7469282AC79DBBBFD4BBF Ref B: FRA31EDGE0718 Ref C: 2022-09-08T13:35:29Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=CBE4708A134D4CEB8BC6A9C85FBD7807&MUID=2E485A27A2286C8A258D483EA3846DEA
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 i Show response
tr.snapchat.com/cm/ Frame 2B6E 0
53 B 78ms
32ms Document
text/html 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/cm/i?pid=cda0845c-e241-4b98-8d4b-abdc76d31d9d&u_scsid=1f11450b-adda-4f4c-8d31-98bef34259b6&u_sclid=204b6aff-41be-40c2-94c6-8c43edf3a3e6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains

Request headers

Referer: https://give.unrefugees.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Thu, 08 Sep 2022 13:35:28 GMT
server: API Gateway
strict-transport-security: max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains
via: 1.1 google
x-envoy-upstream-service-time: 0

GET
H2 200 p
tr.snapchat.com/ 68 B
544 B 76ms
31ms Image
image/png 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tr.snapchat.com/p?trackId=87e29de7-1db5-4f3e-9b32-a611993dc55e&pid=cda0845c-e241-4b98-8d4b-abdc76d31d9d&ev=PAGE_VIEW&pl=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM&ts=1662644128806&rf=&v=1.6.0&if=false&bt=1d53c387&e_tid=undefined&e_pr=undefined&e_ic=undefined&intg=gtm&m_sl=3049&m_rd=4438&m_pi=3964.6000003814697&m_dcl=3980.6000003814697&m_fcps=0&m_pl=4430.10000038147&m_ic=0&m_pv=v2&u_c1=26a9cbe6-55dc-400e-9f88-09e0dbaca720&u_scsid=1f11450b-adda-4f4c-8d31-98bef34259b6&u_sclid=204b6aff-41be-40c2-94c6-8c43edf3a3e6&s_r_ids=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 08 Sep 2022 13:35:28 GMT
via: 1.1 google
server: API Gateway
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, no-transform
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 68

POST
H2 200 log Show response
play.google.com/ Frame 30E2 131 B
671 B 73ms
29ms XHR
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.DAbkwspyhJE.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrike0CRozUKZOlAXG5oZShvrke3Hw/m=_b,_tp,_r

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Thu, 08 Sep 2022 13:35:28 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Thu, 08 Sep 2022 13:35:28 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 27ms
27ms XHR
text/plain 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=710267923&t=event&ni=1&_s=1&dl=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM&ul=en-us&de=UTF-8&dt=Send%20Hope%20Every%20Month%20to%20Strong%20Refugees%20%7C%20USA%20for%20UNHCR&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=%2F210714core_afgmain_p_3000&el=25%25&_u=aCHACEABRAAAAG~&jid=1355165472&gjid=77321148&cid=1299266622.1662644127&tid=UA-3754388-9&_gid=1100773642.1662644127&_r=1&gtm=2wg8v0N9KWLLF&z=1373485492

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://give.unrefugees.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://give.unrefugees.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 20ms
19ms Image
image/gif 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=710267923&t=event&ni=1&_s=1&dl=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM&ul=en-us&de=UTF-8&dt=Send%20Hope%20Every%20Month%20to%20Strong%20Refugees%20%7C%20USA%20for%20UNHCR&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=%2F210714core_afgmain_p_3000&el=50%25&_u=aCHACEABRAAAAG~&jid=&gjid=&cid=1299266622.1662644127&tid=UA-3754388-9&_gid=1100773642.1662644127&gtm=2wg8v0N9KWLLF&z=622548624

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 13:44:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 85880
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 21ms
20ms Image
image/gif 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=710267923&t=event&ni=1&_s=1&dl=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM&ul=en-us&de=UTF-8&dt=Send%20Hope%20Every%20Month%20to%20Strong%20Refugees%20%7C%20USA%20for%20UNHCR&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=%2F210714core_afgmain_p_3000&el=75%25&_u=aCHACEABRAAAAG~&jid=&gjid=&cid=1299266622.1662644127&tid=UA-3754388-9&_gid=1100773642.1662644127&gtm=2wg8v0N9KWLLF&z=1570778024

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 13:44:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 85880
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 22ms
22ms Image
image/gif 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=710267923&t=event&ni=1&_s=1&dl=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM&ul=en-us&de=UTF-8&dt=Send%20Hope%20Every%20Month%20to%20Strong%20Refugees%20%7C%20USA%20for%20UNHCR&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=%2F210714core_afgmain_p_3000&el=100%25&_u=aCHACEABRAAAAG~&jid=&gjid=&cid=1299266622.1662644127&tid=UA-3754388-9&_gid=1100773642.1662644127&gtm=2wg8v0N9KWLLF&z=364584835

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 13:44:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 85880
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fa5b33ed7c80.js Show response
w.usabilla.com/ Frame 42B6 37 KB
11 KB 139ms
43ms Script
text/javascript 3.248.104.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://w.usabilla.com/fa5b33ed7c80.js?lv=1
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.248.104.74 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-104-74.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 12928831b745db2ff5578f78f7e891c857b350fde4dbcaca70af72833412d239

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:28 GMT
content-encoding: gzip
x-widget-server: 2.1
etag: "9738de08fe82463b5123fb62fa59defc"
content-type: text/javascript
cache-control: public,max-age=0
content-length: 11222

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 27ms
27ms XHR
text/plain 2a00:1450:400c:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-3754388-9&cid=1299266622.1662644127&jid=1355165472&gjid=77321148&_gid=1100773642.1662644127&_u=aCHACEABRAAAAG~&z=1055961557

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://give.unrefugees.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 08 Sep 2022 13:35:28 GMT
content-type: text/plain
access-control-allow-origin: https://give.unrefugees.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ 1017 B
2 KB 211ms
210ms XHR
application/json 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AbIbWRBITO6eG3wyKiWl5Tg03s8mty2ct1y5jK221ZKyJuzQrvBEXWq0916mpH91fZGXlxFY09_R16eo&vault=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

bda451d629d11fab44b00f968340a92422e929c2eeffb0b0665a33ebfaa55525

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://give.unrefugees.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
content-type: application/json

Response headers

date: Thu, 08 Sep 2022 13:35:29 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
paypal-debug-id: f315860b43265
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-hhn4064-HHN
traceparent: 00-0000000000000000000f315860b43265-a933e4f759b50223-01
x-timer: S1662644129.075725,VS0,VE177
etag: W/W/"3f9-i9lTVtSHqRub7MXBJfP3nZwtJmc"
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: https://give.unrefugees.org
content-encoding: br
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0

OPTIONS
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 0
0 216ms
214ms Preflight 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://give.unrefugees.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://give.unrefugees.org
cache-control: max-age=0, no-cache, no-store, must-revalidate
date: Thu, 08 Sep 2022 13:35:29 GMT
dc: ccg11-origin-www-1.paypal.com
paypal-debug-id: f3158607b1ad0
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
traceparent: 00-0000000000000000000f3158607b1ad0-514d8db2008cabc5-01
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-content-type-options: nosniff
x-served-by: cache-hhn4064-HHN
x-timer: S1662644129.861580,VS0,VE196

GET
H/1.1 200
OK cf888b8b66 Show response
bam.nr-data.net/1/ 49 B
616 B 322ms
272ms Script
text/javascript 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/cf888b8b66?a=357730915&v=1216.487a282&to=ZFNSZUsADUJYWxFRC10ZfWd6TjFUV1wASilFVXNeVxURXlVUAEpLfllURFUEM1BeXQ%3D%3D&rst=4487&ck=1&ref=https://give.unrefugees.org/210714core_afgmain_p_3000&qt=1&ap=1253&be=2746&fe=4409&dc=3965&perf=%7B%22timing%22:%7B%22of%22:1662644124368,%22n%22:0,%22f%22:612,%22dn%22:612,%22dne%22:631,%22c%22:631,%22s%22:821,%22ce%22:1013,%22rq%22:1013,%22rp%22:2723,%22rpe%22:2724,%22dl%22:2725,%22di%22:3965,%22ds%22:3965,%22de%22:3981,%22dc%22:4409,%22l%22:4409,%22le%22:4430%7D,%22navigation%22:%7B%7D%7D&fp=3445&fcp=3445&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1216.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a83848cf5c3d96caefe490c19e41659609b3691dd4c531cf925016c084d8e1b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 08 Sep 2022 13:35:29 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
access-control-allow-credentials: true
CF-Ray: 7478114dbbdcbb7d-FRA

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 61ms
60ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3754388-9&cid=1299266622.1662644127&jid=1355165472&_u=aCHACEABRAAAAG~&z=2040847239

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 61ms
59ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3754388-9&cid=1299266622.1662644127&jid=1355165472&_u=aCHACEABRAAAAG~&z=2040847239

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK clear.png Show response
h.online-metrix.net/fp/ Frame 60DB 81 B
535 B 78ms
25ms XHR
image/png 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/clear.png

Requested by

Host: h.online-metrix.net
URL: https://h.online-metrix.net/fp/check.js;CIS3SID=057D181EF27EA910679D9E45315AEA0C?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&nonce=78e9b39f3d6f111d&jb=35392e24687b6f753555696e666f7f73246a7b673d55696e6c6d7573273a30313224687162773f4368726f6d6d24687b623d4b6a726f6f652d323231383d

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*, zrtzph91/78e9b39f3d6f111de1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e
Referer: https://give.unrefugees.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 08 Sep 2022 13:35:28 GMT
Last-Modified: Thu, 08 Sep 2022 13:35:28 GMT
Server: Apache
Etag: d7bd12abbcb8447c841ba780db335f40
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Access-Control-Allow-Origin: https://give.unrefugees.org
Cache-Control: private, must-revalidate, max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
Expires: Tue, 07 Sep 2027 13:35:28 GMT

GET
H/1.1 200
OK ls_fp.html;CIS3SID=057D181EF27EA910679D9E45315AEA0C Show response
h.online-metrix.net/fp/ Frame 8B74 91 KB
14 KB 27ms
26ms Document
text/html 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/ls_fp.html;CIS3SID=057D181EF27EA910679D9E45315AEA0C?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&nonce=78e9b39f3d6f111d

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

4db5f1cb76b7ba70943e4cc80fc765401fddd166584fffa141b90e73d9691572

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://give.unrefugees.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Thu, 08 Sep 2022 13:35:28 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=98
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

GET
H/1.1 204
No Content clear.png Show response
h.online-metrix.net/fp/ Frame 60DB 0
387 B 25ms
25ms Script
text/javascript 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/clear.png?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&nonce=78e9b39f3d6f111d&jb=33362e6e71693d383933393630383e393632383c336637626d3a3665616c36643261353a333036

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Sep 2022 13:35:28 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK es.js Show response
h.online-metrix.net/fp/ Frame 60DB 104 B
626 B 27ms
27ms Script
text/javascript 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/es.js?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&nonce=78e9b39f3d6f111d&cb=td_4d

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

f3d0e520d439056ba4c62521de31cfde4eeec29a3bb2dbc3d85c3792efb23196

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Sep 2022 13:35:28 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
Connection: Keep-Alive, Keep-Alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=99
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sid_fp.html;CIS3SID=057D181EF27EA910679D9E45315AEA0C Show response
h.online-metrix.net/fp/ Frame D81B 102 KB
15 KB 56ms
29ms Document
text/html 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=057D181EF27EA910679D9E45315AEA0C?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&nonce=78e9b39f3d6f111d

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

baedd7044952150591e3d083d488b73b572605709113d59b81a4805bb57e91f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://give.unrefugees.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Thu, 08 Sep 2022 13:35:28 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=98
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

GET
H/1.1 204
No Content clear.png Show response
h.online-metrix.net/fp/ Frame 60DB 0
387 B 25ms
25ms Script
text/javascript 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/clear.png?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&nonce=78e9b39f3d6f111d&jd=35362e24686e6e3d3b246a666a3d313934313f39666066393f313565313e37626335373662603139626334326b3a24626674663f303a31363a3a31

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Sep 2022 13:35:29 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=97
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET page_embed_script.js
ghbmnnjooekpmoecnnnilnnbdlolhkhi/ Frame 60DB 0
0

GET
H/1.1 200
OK top_fp.html;CIS3SID=057D181EF27EA910679D9E45315AEA0C Show response
h.online-metrix.net/fp/ Frame 75A7 88 KB
13 KB 27ms
26ms Document
text/html 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/top_fp.html;CIS3SID=057D181EF27EA910679D9E45315AEA0C?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&nonce=78e9b39f3d6f111d

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

80e386a296eb200d74f38a01e1af26bef8402f46ea011e8f34982235d23c9ddf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://give.unrefugees.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Thu, 08 Sep 2022 13:35:29 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=97
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

GET
H/1.1 204
204 clear.png Show response
h.online-metrix.net/fp/ Frame 60DB 0
218 B 28ms
27ms Script
text/javascript 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/clear.png?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&nonce=78e9b39f3d6f111d&ja=32323f3b242e633d38247a3d32266e3d3336383878333230382463663f393630327a33303032247378793d307032246c707235332c313430382c333238382c333630382e333232382c313432322e313032302c313630382e333a303024322c30246d7c3d6338303a616063646b353564666e64663b67633a343333343730366231633569266d663f342671636c3d30342e64683f68747c7271253149253244273044676b74652e756e726d64776f65657b2c6f7265253a463031383f3136636f7a675d61646f6d616b6c5d725f313230302533467d766f576d656c6b756d27334c656f616164253036757c6f5d636b6c2533463232313149323030303343624952605141462732367774655f716f7d7a636725334c7736752f69707067636e27323477746d5f636165726361676e2d314455515f58535d4546574144535f4952524543445f5f5d30303239323a2532367574655d61676e746d6c742531446e756e6c6e616c6725323e51445f6d6665746b6f67273346353031314b30383232383233453b765143452d3234534e576d6d6e74606e7b25314c3730333349323032323032334d413853434526647a3f687476707b2531412d3a462732466f6b74652c7d6e72676477656567712e6f7267253a44303930373936636f7065576164676569696c5f7057313230322d334677766f5d6d676669756d25334c676f69696c2d303675766d57636b642d3b4432303339493230323833436849526a51434c2532367574655d716775726b67253346753c752f61787865636c253a3477746f5763616f72636b676c27334455535f58515d4d4e5f4944535f43505845434c57575f30323031323a25303e75746f5d616d6e76676e742533446e776e6466696467253234534e5f6d6e6d7c696f65253b46353033394b303232323232314f39765141452d30345b465f656d6e746a6c712531443f3831334b3038323230303b4d413253434f26726e3d3326706835353a6e32386963366261666a6533313b6a3731383769673264316a646230663624686a3f39336331313164363836656e61386661363a3134656d3c6335613130646065612e6a736d3f556b6e666d7773253230393224627362354168726d6d6d253030393835246a7367773f576b66646f757124687360773d4368726f6567246668633536266e666d35382474726c3d4774632d3044556c636e6f756c246f61766a723d3430303b66336b32626d61303267366b633736383838306164393737343239666436373a3a31363364366561613a36666b39346964626435323b313131313e6124703d786e77676b665f666e63716a25374766616c736529726e7d6769665d77696c646777715f656d646b615f786e6379677a25354764636e736723706c756769665d636c6f626d5d6163706f6a6176253d4d66636c736d23726c776f696e5d73776b636976696d6525354d646364736529726c756569665f7168676b6b7561766d27374564696c736723726e75656b6e5f72656164726e6979657a27354564616473672178647565696e57746e635d786c617b677027354764616c736521786e776f696e57666576636c7e7227354d6e616e736529726e7565616e5f7174655d766b6777657225354d646364736529726c756569665f68617e6925374566696e7165246f6c5f613f756762656e576562474c2d3032392e302d3030284d706d6e454c2d3a304753253a32302e322d3230416a706d6d6b776d295765624f4e273a304744514c2530304d53273238392e322532382a4d706766474c2730324753273030474c534c2d30324d53253a32312e32253a3041687a676d6b756d21556762496174576760496b742730305765624744434c4f4c45576b6e737661666367645769727061797b273142273a30455a565d606c676c645f6d696e65637a2d33422d3030455a5457636d6c677a5f6075666e67705f6a696c665d646e6d61762733422532304d5a5657666c6763745f606c6d6e66253b4a2530304550565d667069675f66677276682731422532304550565d7b68616c67725f7665707477726d576c6d64253b402732324d58545d76677a747770655f636f6d7870677b7369676c5f6272746b2531422d3a3047585457766778767d72655d616d6f7070677373696f6e5770657c63253b402532324550545d746d707477726557646b6c766d725f636c6b716f76706f706963253b40273a304550565f7350474a2531422d3a304d455357676e656f6d6e745d6b6c66657a5d75696e74253b40273a304f4d515f66606f5772676e6c6d725d6d69786f6370273b422530324d47535d7174616e64617a665d6c6572617461746b766d7327334a2d32324f455b5d76657a7c7572675d646e6f63762533422532384d475b5f746d7a7475706557666e6f697c5f6e696e6d637025314a2532324d47515f76677874757265576a6364665f6e6e6f6176253b422732384745515f746d7a7675706d5f68636e645d666e6d61745f6c696667637a25334a2732304d455b5f74657a7c657a5f617a7063795d67626a6761762733402732305745424f4e5d6b6f6c67705f6277666e65705f6e646f6374253b402732325f4542454e5d616f6f7272657373656c5d766d78747d70655f63737c6327334a2d323257454a454e5f61676d707067717165665d74657874757a675d6d74632d31422530305f4540474457636d6d707a677173676c5f74677a767772675d65746331253b40273a30574d40474c5d63676d72726d7b7367645f7c677a74777a655f7131766125314025323057454a454e57636f6572726571736d645d746d70747772655771317461577372656027314227303057454247445d666d62756f5d72656c646d72677257616e646f253b402732325f4542454e5d66657276685f7465787c77706d25334a27323055454a474e5f6c7a61755f627d646465707b253340273032574740474c5f6c6f7b675d6b6f6e7c67787427334a2530305f4d42454c5f65776e746b5764726375333426656e5f683d33666e37666e66343f36306466633c3035653e3a626730653f366632373d343633323666343037392677676c7e3f4b667465642732304b6e6b2e24776f64723f496e7c676e25303849726b712730304d72656e474c253a32476667696667266361643531&jb=31353d246e793d4d6778696c6e612d3244352638253030285f6b6c646d7f732530324c5625303231302e30253b40273a3057616c363427334a253030703e342b2532384372706e6d576560496b762530443533372e333e273038284b40564d4c27324b25303064616b67253238456763696729253032416a726d6f652532463138372c382e35393b352e33303a2530305b69666372692d304435313f2e3334

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 08 Sep 2022 13:35:29 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8

GET
H/1.1 200
OK clear.png
zrtzph91cdi6pkob2zj7zodriqgfsdlttihmoerl78e9b39f3d6f111dam1.e.aa.online-metrix.net/fp/ Frame 60DB 81 B
438 B 92ms
25ms Image
image/png 91.235.134.131
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zrtzph91cdi6pkob2zj7zodriqgfsdlttihmoerl78e9b39f3d6f111dam1.e.aa.online-metrix.net/fp/clear.png?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&nonce=78e9b39f3d6f111d&di=yes

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.131 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Sep 2022 13:35:29 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 204 collect Show response
d.clarity.ms/ 0
48 B 108ms
108ms XHR
text/plain 40.76.174.66
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus/s/0.6.40/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 40.76.174.66 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://give.unrefugees.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-origin: https://give.unrefugees.org
date: Thu, 08 Sep 2022 13:35:28 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H/1.1 204
No Content clear.png Show response
h.online-metrix.net/fp/ Frame 8B74 0
387 B 24ms
24ms Script
text/javascript 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/clear.png?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&nonce=78e9b39f3d6f111d&jf=33362e6e716a3d623a30336666613a6331393b3c336661626d673734663a39373b323330633331

Requested by

Host: h.online-metrix.net
URL: https://h.online-metrix.net/fp/ls_fp.html;CIS3SID=057D181EF27EA910679D9E45315AEA0C?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&nonce=78e9b39f3d6f111d

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://h.online-metrix.net/fp/ls_fp.html;CIS3SID=057D181EF27EA910679D9E45315AEA0C?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&nonce=78e9b39f3d6f111d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Sep 2022 13:35:29 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=96
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK es.js Show response
h.online-metrix.net/fp/ Frame 8B74 104 B
626 B 26ms
26ms Script
text/javascript 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/es.js?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&nonce=78e9b39f3d6f111d&cb=td_4d&fr

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

5d46ae9a0b46cd4bc4d21f167ae39729eae0663780e4c5bf1a3231e1087d1467

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://h.online-metrix.net/fp/ls_fp.html;CIS3SID=057D181EF27EA910679D9E45315AEA0C?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&nonce=78e9b39f3d6f111d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Sep 2022 13:35:29 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
Connection: Keep-Alive, Keep-Alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=97
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK unhcr-button-ca8fba580979f02c2694fa49ed8ef52a.png
d6tizftlrpuof.cloudfront.net/themes/production/ Frame 3599 2 KB
2 KB 69ms
20ms Image
image/png 52.222.206.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d6tizftlrpuof.cloudfront.net/themes/production/unhcr-button-ca8fba580979f02c2694fa49ed8ef52a.png
Requested by: Host: give.unrefugees.org
URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.206.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-206-19.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 90b232dae4b3477832ee21493d7558ace8cf6e9b8bc97f9c552f301da013f1da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 24 Nov 2021 01:35:11 GMT
Via: 1.1 5c79308f72e53cdf81a950b478a7e144.cloudfront.net (CloudFront)
Connection: keep-alive
Last-Modified: Tue, 05 Feb 2019 19:50:28 GMT
Server: AmazonS3
Age: 24926419
ETag: "ca8fba580979f02c2694fa49ed8ef52a"
X-Cache: Hit from cloudfront
x-amz-version-id: .SrcatzoiMfoqGSBwRAbfAVYaagZkb9i
Cache-Control: max-age=315360000, no-transform, public
X-Amz-Cf-Pop: FRA56-P3
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 1768
X-Amz-Cf-Id: E-vBMEF6AjMbM2MJXzRTMNWo73w-2kn92DHGtYHPJk-os3IqeG0hhw==

GET
H/1.1 204
204 clear1.png;CIS3SID=057D181EF27EA910679D9E45315AEA0C
h.online-metrix.net/fp/ Frame 60DB 0
400 B 28ms
28ms Image
image/png 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://h.online-metrix.net/fp/clear1.png;CIS3SID=057D181EF27EA910679D9E45315AEA0C?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&nonce=78e9b39f3d6f111d&jf=343130247161645f7a6c643d76647a5f5570405176325030317b61555751634b24716b665f666374653d31363e30343c34313a3b26736b6457747b706d357767623a6d616673632e7369665d6967793f3130353933303931323e30373a63383636386b653164383a30333036383a30613a3e34386167316630313231303730333c30323830346a3b663437623c633a666a3e653336306e643131333d32663066643b66353732373337356e643a6c35613b31333533376b6431386d38383461373a376134303933326367316639633230646131636d31313e33643b3b373064373f613462303a3763613038326030613e30633433603237303334636138333936356a32343f3226736b6457736b67353b303636303a303330326a323537616437303b3261626364356b37376c62323a3035613532316260323b6b646638363e373331633e35366130306461303b35363966343f37663a33303a323232333038653261396d3530656639676735676e3533603166643233633232346436393a636d34396935633433366c3132303069633638663964346460693833313764663424716966723d30

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Sep 2022 13:35:29 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=96
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
204 clear1.png;CIS3SID=057D181EF27EA910679D9E45315AEA0C
h.online-metrix.net/fp/ Frame D81B 0
400 B 26ms
26ms Image
image/png 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://h.online-metrix.net/fp/clear1.png;CIS3SID=057D181EF27EA910679D9E45315AEA0C?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&nonce=78e9b39f3d6f111d&jf=34313e247161645f7a6c643d76647a5f7a4d6263596a73483e4d3a5a6d30686924716b665f666374653d31363e30343c34313a3b26736b6457747b706d357767623a6d616673632e7369665d6967793f3130353933303931323e30373a63383636386b653164383a30333036383a30613a3e34386167316630313231303730333c30323830346a3330383a666c3260333f38613439636b303661316c61623032353632343536363765326d633b3a63646a60333933366a626763316e6331343931673a62343f38653133323130633539666265613e30373b38346c6038313636396166656a306460643969303263633064653a34346363603a64396364383d33346b3933696626736b6457736b67353b303635303a303330326e64633463376033666666646538633d67323a34376c31633334386a3935326b3e6230393931323039323e35666163363a36606365383934316964336a39343c3232323233306361616e69373464613e366734636a30386360336030646630383138636960336a37326e34626364363c6663633e3d386637653d323437373c313266603b24736b64723d31

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=057D181EF27EA910679D9E45315AEA0C?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&nonce=78e9b39f3d6f111d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Sep 2022 13:35:29 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=95
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content clear.png Show response
h.online-metrix.net/fp/ Frame 60DB 0
387 B 26ms
25ms Script
text/javascript 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/clear.png?org_id=zrtzph91&session_id=e1873-a48fddf5-e718-4b0a-bbd6-012b7c5f640e&nonce=78e9b39f3d6f111d&jac=1&je=32303c24247f6569353031372c3139342c3239302e303226786f3f79677b2662637671763d2735422532326c6d74676425323a273341332e383027324b2d3230737469767773273a32253143273032616a617267696e6f27303a25374c2461756668356363376a316534653630336163636b366630633561313b3039333633343e60376b33313f3b3662366430646634303e303233386e673666323b6663663a363739246778333d62373932366a31323131383966343f3631336b6b3437363130346733306e65633460643b34333565

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 08 Sep 2022 13:35:29 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=95
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 204 collect Show response
d.clarity.ms/ 0
48 B 105ms
105ms XHR
text/plain 40.76.174.66
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus/s/0.6.40/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 40.76.174.66 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://give.unrefugees.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-origin: https://give.unrefugees.org
date: Thu, 08 Sep 2022 13:35:30 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

POST
H3 204 collect
region1.analytics.google.com/g/ 0
17 B 67ms
26ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-P9YZZV758Y&gtm=2oe8v0&_p=710267923&cid=1299266622.1662644127&ul=en-us&sr=1600x1200&_z=ccd.v9B&_s=2&sid=1662644127&sct=1&seg=0&dl=https%3A%2F%2Fgive.unrefugees.org%2F210714core_afgmain_p_3000%3Futm_medium%3Demail%26utm_cid%3D0031K00003CjKPhQAN%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220908%26utm_content%3Dfullfile%26SF_onetime%3D7011K0000023M9vQAE%26SF_monthly%3D7011K0000023MA0QAM&dt=Send%20Hope%20Every%20Month%20to%20Strong%20Refugees%20%7C%20USA%20for%20UNHCR&en=scroll&epn.percent_scrolled=90&_et=9
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P9YZZV758Y&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://give.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Sep 2022 13:35:32 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://give.unrefugees.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ghbmnnjooekpmoecnnnilnnbdlolhkhi
URL: chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi/page_embed_script.js

Verdicts & Comments Add Verdict or Comment

140 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

66 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
sc-static.net/scevent.min.js	1970-01-20 05:52:10	Name: X-AB Value: 0d6e407936704bd380072f5891d28b0e
h.online-metrix.net/	1970-01-20 15:26:44	Name: thx_guid Value: d91d026448204bb1ba64fdd5398a2741
h.online-metrix.net/	1970-01-20 15:26:44	Name: tmx_guid Value: AAyFUeb9oq_wVVrvIk4Y47cKg7rEFJq0_2gadl2M0KPY2sVDad-bKjsEzbXzYA11Mbw8Nz1ve3oTuh1RJuwjpRRMJl_Zxg
.unrefugees.org/	1970-01-20 08:00:20	Name: _gcl_au Value: 1.1.2018968887.1662644127
.google.com/	1970-01-20 10:14:15	Name: NID Value: 511=dzbVI3ftbHJmU2SLMjX07LRs83F6IfZVoxVqq1XggdR2bGNILkszcf4HUbn3d8xLeTvMlBbcSAWGJKdwmGm4hpvvSkM-7zq-F-K3NjVtq_hES4QQG_slT1iFJABRtaRJJDXlQEO2SMen4XiNzc-_jOcQwqYFP9jhV6kvxTACh-Y
.unrefugees.org/	1970-01-20 15:26:44	Name: _ga_P9YZZV758Y Value: GS1.1.1662644127.1.0.1662644127.60.0.0
.bing.com/	1970-01-20 15:12:20	Name: MUID Value: 2E485A27A2286C8A258D483EA3846DEA
.give.unrefugees.org/	1970-01-20 15:26:44	Name: _ga Value: GA1.3.1299266622.1662644127
.give.unrefugees.org/	1970-01-20 05:52:10	Name: _gid Value: GA1.3.1100773642.1662644127
.give.unrefugees.org/	1970-01-20 05:50:44	Name: _dc_gtm_UA-3754388-9 Value: 1
.give.unrefugees.org/	1970-01-20 05:50:44	Name: _dc_gtm_UA-1473340-18 Value: 1
.unrefugees.org/	1970-01-20 08:00:20	Name: _fbp Value: fb.1.1662644127704.640969038
give.unrefugees.org/	1970-01-20 06:00:48	Name: AWSALB Value: /3w9Jd9lAeEtm75PqUon3oLIa1G9kBBa6z1oSQzinS7u97cT5TDhKiDlQRqDRpAI5L53crZR173Bcaq6SzGfHZP0STdEvePsGXBPrYSXW/QtRpf9jHz3UVWK/w/Z
give.unrefugees.org/	1970-01-20 06:00:48	Name: AWSALBCORS Value: /3w9Jd9lAeEtm75PqUon3oLIa1G9kBBa6z1oSQzinS7u97cT5TDhKiDlQRqDRpAI5L53crZR173Bcaq6SzGfHZP0STdEvePsGXBPrYSXW/QtRpf9jHz3UVWK/w/Z
.yahoo.com/	1970-01-20 14:36:41	Name: A3 Value: d=AQABBJ_vGWMCEEDEzg8sEaIhmiaG_0sx9vQFEgEBAQFBG2MjYwAAAAAA_eMAAA&S=AQAAAh7W3HWg6W2ETaIZhZigXlA
www.clarity.ms/	1970-01-20 14:36:20	Name: CLID Value: 2089cfbca30c461aaaf935f31114b7fb.20220908.20230908
.trkn.us/	1970-01-20 14:36:20	Name: barometric[cuid] Value: cuid_fdb04513-63ee-4d41-9aa0-f509975800e5
.ipredictive.com/	1970-01-20 07:17:08	Name: ci_rtc Value: _uts=1662644127
.ipredictive.com/	1970-01-20 14:36:20	Name: cu Value: 389b0743-a3b8-4038-a5b0-52b825cb2430\|1662644127863
give.unrefugees.org/	1970-01-20 15:26:44	Name: _tq_id.TV-63728109-1.addf Value: 35bfb09150b2e18b.1662644128.0.1662644128..
.unrefugees.org/	1970-01-20 14:36:20	Name: _clck Value: abzzvr\|1\|f4p\|0
.paypal.com/	1970-01-20 15:26:44	Name: ts_c Value: vr%3D1d5009c01830a465698112d7ffffffff%26vt%3D1d5009c01830a465698112d7fffffffe
.unrefugees.org/	1970-01-20 05:52:10	Name: _uetsid Value: 1a1687502f7b11ed987d45d63e232635
.unrefugees.org/	1970-01-20 15:12:20	Name: _uetvid Value: 1a16ad302f7b11edaa379dba66d6ef48
.unrefugees.org/	1970-01-20 05:52:10	Name: _clsk Value: lvip7m\|1662644128639\|1\|1\|d.clarity.ms/collect
.rfihub.com/	1970-01-20 15:12:20	Name: rud Value: H4sIAAAAAAAA_-MSNjU0MTCwMLE0MjQ3N7Y0MjcwtRDiM9RNSjd0iqwqcg8PdDMCAN_Nr-ElAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNjU0MTCwMLE0MjQ3N7Y0MjcwtRDiM9RNSjd0iqwqcg8PdDMCAN_Nr-ElAAAA
.unrefugees.org/	1970-01-20 15:20:30	Name: _scid Value: 26a9cbe6-55dc-400e-9f88-09e0dbaca720
.unrefugees.org/	1970-01-20 15:26:44	Name: _ga Value: GA1.2.1299266622.1662644127
.unrefugees.org/	1970-01-20 05:52:10	Name: _gid Value: GA1.2.1100773642.1662644127
.unrefugees.org/	1970-01-20 05:50:44	Name: _gat_UA-3754388-9 Value: 1
.paypal.com/	1970-01-20 14:36:20	Name: enforce_policy Value: gdpr_v2.1
.paypal.com/	1970-01-20 05:51:15	Name: LANG Value: de_DE%3BDE
.paypal.com/	1969-12-31 23:59:59	Name: x-pp-s Value: eyJ0IjoiMTY2MjY0NDEyODc2MCIsImwiOiIwIiwibSI6IjAifQ
.paypal.com/	1970-01-20 05:55:03	Name: tsrce Value: targetingnodeweb
www.paypal.com/	1969-12-31 23:59:59	Name: nsid Value: s%3A5PNPFaeXakWuRscvrRKr3pQuCviQSRsG.H8earglcxD4QQjPxTLJnnBksC4IEzd0rp%2BtGzKllqAg
.paypal.com/	1970-01-20 05:50:45	Name: l7_az Value: dcg15.slc
.paypal.com/	1970-01-20 15:26:44	Name: ts Value: vreXpYrS%3D1757338528%26vteXpYrS%3D1662645928%26vr%3D1d5009c01830a465698112d7ffffffff%26vt%3D1d5009c01830a465698112d7fffffffe%26vtyp%3D
.paypalobjects.com/	1970-01-20 05:52:10	Name: paypal-offers--cust Value: null:null:null
.doubleclick.net/	1970-01-20 15:12:20	Name: IDE Value: AHWqTUl4GGUC-L4HMlYMjK9fxTTspbD8AJLfNiA60bvagV1bsQ7VCGiJJV1f8Fv3Fe4
.casalemedia.com/	1970-01-20 14:36:20	Name: CMID Value: YxnvoJrz9S4cphNoz-0OqQAA
.casalemedia.com/	1970-01-20 08:00:20	Name: CMPS Value: 1103
.casalemedia.com/	1970-01-20 08:00:20	Name: CMPRO Value: 1103
.snapchat.com/	1970-01-20 15:12:20	Name: sc_at Value: v2\|H4sIAAAAAAAAAAXBgQkAMAgDsIsElVK7c0S2Kzx+iXTQ6c+KU4ZomO7AokYvr5zs3SCTQKTWPwuSxmQyAAAA
.media.net/	1970-01-20 14:36:20	Name: visitor-id Value: 3056457288280680000V10
.media.net/	1970-01-20 14:34:53	Name: data-rk Value: 5140084921773927058~~3
.adnxs.com/	1970-01-20 08:00:20	Name: uuid2 Value: 1582925099355708780
.casalemedia.com/	1970-01-20 08:00:20	Name: CMTS Value: 1191
.demdex.net/	1970-01-20 10:09:56	Name: demdex Value: 10051204924833316811815198233712236911
.spotxchange.com/	1970-01-20 06:31:03	Name: audience Value: 1a7907c9-2f7b-11ed-93e1-141484330106
.rezync.com/	1970-01-20 10:09:30	Name: zync-uuid Value: 8ba5c303-af95-4dd1-9801-e3d71e9fad2f:1662644128.9283571
live.rezync.com/	1970-01-20 10:09:56	Name: sd-session-id Value: .eJwNyksOgyAQANC7zFoaZvgOlzFUhoS00kZ0U-Pd6_Il74T5K9uau_Qd0r4dMsHybrcGpBNG-63yggQOrdbRMmEIhiloF-GaYMgY7dPnVu4Tn9ktRhuVKztlS0HFUaMSUwIK11yoJvSevLVI8cEUjQsI1x-8yyYC.YxnvoA.HxGSnklRq8dJT3Qa_kFOr0b-C9c
.bidswitch.net/	1970-01-20 14:36:20	Name: tuuid Value: 44e617cf-0816-4a97-990d-413877cef9cb
.bidswitch.net/	1970-01-20 14:36:20	Name: c Value: 1662644129
.bidswitch.net/	1970-01-20 14:36:20	Name: tuuid_lu Value: 1662644129
.krxd.net/	1970-01-20 10:09:56	Name: _kuid_ Value: PERiywaV
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 99101339e728800e
.adnxs.com/	1970-01-20 08:00:20	Name: anj Value: dTM7k!M4/YErk#WF']wIg2E>8mye9t!]tbPl1MNu::wpAk`W=icvim-ieFjoly>(wlvdI.D/d*M4^@wn!_6-zQEVk`!))0UjKtVP
.c.bing.com/	1970-01-20 15:12:20	Name: SRM_B Value: 2E485A27A2286C8A258D483EA3846DEA
.rfihub.com/	1970-01-20 15:12:20	Name: eud Value: H4sIAAAAAAAA_-OSMXR2dA129fJyNdL1zUpLNMhNjPeycE2JKkp2zg_iNTQzMzIzMTE0sjQwNJ3FiOBbmJsYrELjn0Ljv0Lj_0LjT2JC5c9C4y9C469C429C4-9CV8-Cyr-Fxt_EiqafG829aPxJwuYWSYmmycYGxrqJaZamuiYpKYa6lhYGhrqpxinmhqmWaYkpRmlWCE16lkYWxqbmhrOEkULS2Nh8kTCqyY_Q-AD9CZX6lwEAAA
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAA_-OSMXR2dA129fJyNdL1zUpLNMhNjPeycE2JKkp2zm9iMbdISjRNNjYw1k1MszTVNUlJMdS1tDAw1E01TjE3TLVMS0wxSrMyNDMzMjMxMTSy0LM0sjA2NTcEAD2-PfxYAAAA
.dpm.demdex.net/	1970-01-20 10:09:56	Name: dpm Value: 10051204924833316811815198233712236911
.eyeota.net/	1970-01-20 05:50:44	Name: SERVERID Value: 16564~DM
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 15:12:20	Name: MUID Value: 2E485A27A2286C8A258D483EA3846DEA
.c.clarity.ms/	1970-01-20 05:50:44	Name: ANONCHK Value: 0

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://give.unrefugees.org/scripts/lib/commerce.min.js?v=5_1 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://give.unrefugees.org/img/lock-secure-donation.png Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://give.unrefugees.org/css/plyr.css Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://give.unrefugees.org/css/index.css?v=5 Message: Failed to load resource: the server responded with a status of 403 ()
rendering	warning	URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM(Line 412) Message: [.WebGL-0x3fac02431c00]GL Driver Message (OpenGL, Performance, GL_CLOSE_PATH_NV, High): GPU stall due to ReadPixels
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
network	error	URL: https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://idsync.rlcdn.com/360947.gif?partner_uid=5140084921773927058 Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D Message: Failed to load resource: the server responded with a status of 503 ()
javascript	error	URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=email&utm_cid=0031K00003CjKPhQAN&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220908&utm_content=fullfile&SF_onetime=7011K0000023M9vQAE&SF_monthly=7011K0000023MA0QAM Message: Access to XMLHttpRequest at 'chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi/page_embed_script.js' from origin 'https://give.unrefugees.org' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-untrusted, https.
network	error	URL: chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi/page_embed_script.js Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://idsync.rlcdn.com/501709.gif?partner_uid=8ba5c303-af95-4dd1-9801-e3d71e9fad2f%3A1662644128.9283571 Message: Failed to load resource: the server responded with a status of 451 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20826429p.rfihub.com
a.rfihub.com
aa.agkn.com
ad.doubleclick.net
ad.ipredictive.com
adservice.google.com
adservice.google.de
app.dafwidget.com
bam.nr-data.net
bat.bing.com
beacon.krxd.net
bpi.rtactivate.com
bs.serving-sys.com
c.bing.com
c.clarity.ms
c1.rfihub.net
cdn.plyr.io
cdn.unrefugees.org
click.e.unrefugees.org
cm.g.doubleclick.net
code.jquery.com
collector-3219.tvsquared.com
connect.facebook.net
contextual.media.net
d.clarity.ms
d6tizftlrpuof.cloudfront.net
data.adxcel-ec2.com
dpm.demdex.net
dsum-sec.casalemedia.com
fonts.gstatic.com
g1782759016.co
g792337342.co
ghbmnnjooekpmoecnnnilnnbdlolhkhi
give.unrefugees.org
googleads.g.doubleclick.net
h.online-metrix.net
ib.adnxs.com
idsync.rlcdn.com
js-agent.newrelic.com
js.ipredictive.com
live.rezync.com
lyibja.unrefugees.org
p.rfihub.com
p.typekit.net
partners.tremorhub.com
pay.google.com
pixel.rubiconproject.com
play.google.com
ps.eyeota.net
region1.analytics.google.com
s.yimg.com
sc-static.net
sp.analytics.yahoo.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.search.spotxchange.com
t.paypal.com
tr.snapchat.com
trkn.us
use.typekit.net
w.usabilla.com
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.paypal.com
www.paypalobjects.com
www.tp88trk.com
x.bidswitch.net
x.dlx.addthis.com
zrtzph91cdi6pkob2zj7zodriqgfsdlttihmoerl78e9b39f3d6f111dam1.e.aa.online-metrix.net
ghbmnnjooekpmoecnnnilnnbdlolhkhi
104.18.18.126
108.138.17.118
13.111.228.216
13.32.99.114
142.250.186.130
142.250.186.70
151.101.130.49
151.101.194.133
151.101.65.21
151.101.66.137
162.247.241.14
172.217.18.98
18.66.112.72
18.66.120.247
185.89.211.84
185.94.180.126
192.229.221.25
193.0.160.128
20.234.93.27
2001:4860:4802:32::36
2001:4de0:ac18::1:a:1b
212.82.100.181
23.22.216.223
23.35.228.23
2600:1901:0:7d2::
2600:1f18:612b:4264:562f:45f1:d263:2a9f
2600:9000:223c:c000:1:76cf:fe80:93a1
2606:4700:21::681b:c258
2620:1ec:27::cafe:1995
2620:1ec:c11::200
2a00:1288:80:807::2
2a00:1450:4001:801::2002
2a00:1450:4001:803::2002
2a00:1450:4001:806::2004
2a00:1450:4001:809::2003
2a00:1450:4001:809::200e
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:811::2003
2a00:1450:4001:82a::2008
2a00:1450:4001:830::200e
2a00:1450:400c:c08::9a
2a00:1450:400c:c0c::5c
2a02:26f0:3500:16::215:148f
2a02:26f0:3500:16::215:1495
2a03:2880:f080:9:face:b00c:0:3
2a03:2880:f173:81:face:b00c:0:25de
3.122.214.165
3.123.131.103
3.129.137.210
3.224.161.11
3.226.0.49
3.248.104.74
34.249.119.142
34.252.39.216
35.158.225.181
35.190.43.134
35.190.72.228
35.244.174.68
40.76.174.66
52.200.167.175
52.222.206.19
52.25.243.35
52.59.153.178
54.160.6.45
54.200.66.202
69.173.144.139
69.192.160.219
91.235.132.130
91.235.134.131
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e
0b98f9f666599d18f83e72683b9bf54591c01af7dbfffceda491f2dc59195b51
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12508b19faedfa9714a0bf0a82f169ef2ab2643876fe39378238f23269ade7f7
12928831b745db2ff5578f78f7e891c857b350fde4dbcaca70af72833412d239
1ad2c17d074acf6294285ccca5e31aa0ba3c00e08be8b28226b5620609fbe9fe
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1c1a744432792356c2e9d9abdaa97182f3757a89b4cb5be5a3aa13c20cdd802b
249c4eba880cfb74e1b6e1d1048def310636dc3b1ce5b3fe525703fd4025238f
25cf0f0ce42f8acd9ea6facc223f54105c7fd0cce63fb7bb5d83e6600100acbd
2a72806e7ecf829960274016cfa7c3b84dd3f89fbba960f8e0e2b2fddfa743df
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
30153b15b4cb898c421e657f6de21dc27435cb990e7888367bdee12e06398da7
3444cd05f786fc062fcb5c164604566935c9c5b25706eeab6189b3a0f37d058d
35e56359a3010d1973d3505a00c79e1cef65219cbf6f74d0516ba255bad73be1
394e68bb96ac874b1a9f9b39286a16349ab781c8513ce632ce5c7ba8bb2ba0ab
3c0303ff6a16c93c4393b4de6cf9ab459eabbb87444f96fbd80909565a0202ca
3c1f4aefc4f1f802130a9ae4de294d8518ee59464736f12f89e42b82ed1713bd
3c4275705417d5c3ecd86a21381cf639f28a11af97be2861e63a3d1d433945e2
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3ff51e150abff1149cc414fe10b223a4c9e51ed8bea22b95d3dbd095408e55a0
41cb486e6d5fbfa124e40c3b5579975cb18561c01bfa5748a53a96d61f279792
42c537b7d75a35f4f765fbb803859df131978101e2ffb6ea4a2f20093161a375
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4db5f1cb76b7ba70943e4cc80fc765401fddd166584fffa141b90e73d9691572
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
53b492f729960ead9c5779dc772534e0f00e2dcdbd1687a0d236af95417549b5
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5724d0a6b8275081f82365c2b45868ed38b780c32c94a56b76d9829372605ac9
5ae95e748ad12444cd760e245c02264cea3e8deb41fabd95f1e0784b81f72783
5d46ae9a0b46cd4bc4d21f167ae39729eae0663780e4c5bf1a3231e1087d1467
60736035e6f8077fde33436b0b4fce5b54beb1c1fe5a5c5dc3107edd4801046c
64b32d14f993564fe182a5690410f7d4aa2ace59934eac09d7dcf03a68ec7566
693d949d8c3fdc7fd4ace7c340b5f177a9f0c5be7bafee8bc93a7d88b7523d75
6bfbae61daf6218548d35bd824d5299e6f0517f156050c302ddd83fa0e8abdc8
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6f51dad406beee43735b9f413ccc4915d6f19e3ac44f979260011f2f4e6ced6b
6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708
7011f0d772c98a1ad45cdd2dc607da4203957fd6a5e1a0d1473d9af07b4abd61
772672dbc458cf7b5c5dab121ddb8ec978f8b437c5b9ca29ad9d95b23f99421f
7bbc0a1a176faba3ab4ef9aebd61fbc1fd8afc56ce0ed7f7183d8256a57bb024
7c707b4d486575fcdf35497e30073fd70f0a9ea072e4ca1ca724da7fbab22a9b
7cb56da908e94235a698c35dac8162e57993bfceefba669afddc29bd866b97f8
7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f
80e386a296eb200d74f38a01e1af26bef8402f46ea011e8f34982235d23c9ddf
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8608c7129a24079dd332403d0aef583dcefdf0bfc02914d626a6559a3ac049ad
8a61554434c7128a3a83d11cae561554db4f9790b14a41093314c89ef3403724
8aaa258d4bd1a2218fc34a70ada054051c1b5f2f779f284defe21f28815ceb2e
8ae3400104c7b0db11e9fe317236e68a26afba6580192041e87038ceff4db638
90b232dae4b3477832ee21493d7558ace8cf6e9b8bc97f9c552f301da013f1da
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
97880bcd7fcc199a008ea736ab008f7f92e9cf6c0addc2afb6c92b3e70d9c9a5
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
99cfc4243966e15543b705ea90968933600645a2735f5d2daec0087cc039695f
9bc84b117915b314384a45915bdd2c29ed4edfa4bf6377fb5b695091ea458b06
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a463aa6666ce0abcabf8033013cfe881fdbfb570389aff471d400a45b3a496d4
a83848cf5c3d96caefe490c19e41659609b3691dd4c531cf925016c084d8e1b0
add985927c08f990ef9d071a7bd567545604e2dd355237034ff1809d8a64ae70
ae1662193e0ecd1f056be27cc9acb52ddae8b158d989f376b592f1eb57065b2b
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d
b41d2dd955de61763ddf996c38bd4a771b73924d26f6a6094dd6700601e61384
b559d3220639c53ebea254a363ccb360375bb821f5b7736f43829b498af6bd04
b9c7d08e4949c587d1bd516628b54456341ddcd177d8b0aa478dd22a6891a1b4
baedd7044952150591e3d083d488b73b572605709113d59b81a4805bb57e91f1
bbffae0d03e6d48b808856596e595ab718c08bbc4476e7323bfcff4a6f833260
bda451d629d11fab44b00f968340a92422e929c2eeffb0b0665a33ebfaa55525
befcb94ffc0236dd141b0f65ad9cc9c23de8adad58af036423832301dac07602
c55f527e536de44c7980fecece7428ae5a765647495e47008a8a54fa1e434736
c6d91e5e9a9ef535438dd4e9d741b557d288712b8e544c6fd86b28ef79e4cd74
caf2650aa985d277b2dd131a6261888bc64e6c9bc15e5564bfb9b380bcf82a10
cbe4470dca37a1878c3c6b6c8f14c69d415d0a2bc81233eb3a377d47e9b7ab4c
cbea10abc6a4fb6c6db32f7ff91d4e53f496579268f4f28e4e15f14c76cdd088
d23a34dbb1eae10074d494e1b6a8beee6b4cdb647dda79a302b05463d43a98f1
d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
eaf0ec8226518eb627f5fade801052a1ea281c506ebce8ce8ae99a27138ba2e7
eb57fee8660ece126dfed8fae968e5bc2136d7929b22d888cbeec26708c6f6a7
eb7e68073ee5ed998d26671859e008697e757f3276759a8ec173e5a62d34a404
ee7e19a624f35cb6cb7d8c149b63b9d0117e569032b291f4fa1c7e17319a9fdd
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c71e3da5b3fcab3c66af1cf0cdbf262c97b9330b7b37116f1ae2ab18bdc660
f13f98e520f9dc93425fcc355818a48e869864c61a744587d41675d0abd5316d
f3d0e520d439056ba4c62521de31cfde4eeec29a3bb2dbc3d85c3792efb23196
f6200e00f9bcf9a324c8c1a046c6bc624ebcaf1379faf13e4d76ae56ea0d1a11

give.unrefugees.org Open in urlscan Pro 54.200.66.202 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

163 Requests

92 %HTTPS

36 %IPv6

54 Domains

75 Subdomains

66 IPs

7 Countries

2867 kBTransfer

6978 kBSize

66 Cookies

4 Outgoing links

Page URL History

Redirected requests

163 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

give.unrefugees.org Open in urlscan Pro
54.200.66.202 Public Scan

Screenshot
Live screenshot

Full Image

163
Requests

92 %
HTTPS

36 %
IPv6

54
Domains

75
Subdomains

66
IPs

7
Countries

2867 kB
Transfer

6978 kB
Size

66
Cookies

163 HTTP transactions
2 data transactions