www.redpacketsecurity.com Open in urlscan Pro
2606:4700:20::ac43:4810 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
Submission: On February 16 via manual (February 16th 2023, 11:18:09 am UTC) from CH — Scanned from DE

Summary HTTP 195 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 27 IPs in 10 countries across 32 domains to perform 195 HTTP transactions. The main IP is 2606:4700:20::ac43:4810, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.redpacketsecurity.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 17th 2022. Valid for: a year.

This is the only time www.redpacketsecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
49	2606:4700:20:... 2606:4700:20::ac43:4810	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:3865	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	149.154.164.13 149.154.164.13	62041 (TELEGRAM) (TELEGRAM)
20	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1 1	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
2 17	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
6 10	2a00:1450:400... 2a00:1450:400d:80d::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400d:80c::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0b::9b	15169 (GOOGLE) (GOOGLE)
22	149.154.167.99 149.154.167.99	62041 (TELEGRAM) (TELEGRAM)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:80a::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
22	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:400d:803::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:93ca:31d8:d86e:38f6	16509 (AMAZON-02) (AMAZON-02)
2	2a02:fa8:8806... 2a02:fa8:8806:16::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	185.29.132.241 185.29.132.241	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 24	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
4 4	35.204.158.49 35.204.158.49	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	2600:9000:20e... 2600:9000:20eb:7200:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
2 3	51.89.9.252 51.89.9.252	16276 (OVH) (OVH)
4 4	52.223.22.214 52.223.22.214	16509 (AMAZON-02) (AMAZON-02)
1 2	2606:4700::68... 2606:4700::6812:19ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 3	37.157.6.254 37.157.6.254	198622 (ADFORM) (ADFORM)
2 2	192.82.242.209 192.82.242.209	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	185.86.139.102 185.86.139.102	201081 (SMARTADSE...) (SMARTADSERVER)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
2 2	213.155.156.185 213.155.156.185	1299 (TWELVE99 ...) (TWELVE99 Arelion)
2 2	216.52.2.48 216.52.2.48	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
1 2	104.111.217.42 104.111.217.42	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	37.252.171.53 37.252.171.53	29990 (ASN-APPNEX) (ASN-APPNEX)
195	27

49 2606:4700:20::ac43:4810 (United States)

ASN13335 (CLOUDFLARENET, US)

www.redpacketsecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3865 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 149.154.164.13 (London, United Kingdom)

ASN62041 (TELEGRAM, VG)

comments.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.162 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:400d:80d::2004 (Ireland) 6 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:80c::200e (Ireland)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0b::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 149.154.167.99 (London, United Kingdom)

ASN62041 (TELEGRAM, VG)

tg.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
oauth.tg.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:80a::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:400d:803::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:93ca:31d8:d86e:38f6 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:fa8:8806:16::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.241 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 172.217.18.2 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.204.158.49 (Groningen, Netherlands) 4 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.158.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:20eb:7200:1b:5138:8a40:93a1 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.89.9.252 (London, United Kingdom) 2 redirects

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.223.22.214 (United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:19ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.6.254 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.82.242.209 (United States) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.102 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.185 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)
PTR: 213-155-156-185.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.48 (United States) 2 redirects

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.217.42 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-217-42.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.171.53 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
49	redpacketsecurity.com www.redpacketsecurity.com	785 KB
42	doubleclick.net 4 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 41 stats.g.doubleclick.net — Cisco Umbrella Rank: 77 cm.g.doubleclick.net — Cisco Umbrella Rank: 205	126 KB
42	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 101 tpc.googlesyndication.com — Cisco Umbrella Rank: 137	440 KB
22	tg.dev tg.dev — Cisco Umbrella Rank: 80855 oauth.tg.dev — Cisco Umbrella Rank: 81474	347 KB
13	google.com 6 redirects www.google.com — Cisco Umbrella Rank: 2 analytics.google.com — Cisco Umbrella Rank: 315 adservice.google.com — Cisco Umbrella Rank: 72	3 KB
8	comments.app comments.app — Cisco Umbrella Rank: 546890	96 KB
6	gstatic.com www.gstatic.com	38 KB
4	3lift.com 4 redirects eb2.3lift.com — Cisco Umbrella Rank: 337	2 KB
4	simpli.fi 4 redirects um.simpli.fi — Cisco Umbrella Rank: 726	2 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 183	192 KB
4	google.de www.google.de — Cisco Umbrella Rank: 6232 adservice.google.de — Cisco Umbrella Rank: 9006	696 B
3	adform.net 3 redirects c1.adform.net — Cisco Umbrella Rank: 590	2 KB
3	onetag-sys.com 2 redirects onetag-sys.com — Cisco Umbrella Rank: 712	827 B
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 43	3 KB
2	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 385	2 KB
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1222	459 B
2	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 591	1 KB
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 4255	651 B
2	pubmatic.com 2 redirects image6.pubmatic.com — Cisco Umbrella Rank: 731	1 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 734 s.tribalfusion.com — Cisco Umbrella Rank: 1800	1 KB
2	smaato.net 2 redirects s.ad.smaato.net — Cisco Umbrella Rank: 709	877 B
2	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2745	207 B
2	googleadservices.com 1 redirects www.googleadservices.com — Cisco Umbrella Rank: 163 partner.googleadservices.com — Cisco Umbrella Rank: 863	1 KB
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 295	265 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 316	463 B
1	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 1952	173 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 32171	611 B
1	smartadserver.com ssbsync.smartadserver.com — Cisco Umbrella Rank: 788	45 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 460	863 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 643	464 B
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 929	6 KB
0	gemius.pl Failed googlecm.hit.gemius.pl Failed
195	32

	Domain	Requested by
49	www.redpacketsecurity.com	www.redpacketsecurity.com static.cloudflareinsights.com
24	cm.g.doubleclick.net	2 redirects googleads.g.doubleclick.net
22	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net
20	tg.dev	comments.app
20	pagead2.googlesyndication.com	www.redpacketsecurity.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
17	googleads.g.doubleclick.net	2 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net
10	www.google.com	6 redirects tpc.googlesyndication.com googleads.g.doubleclick.net
8	comments.app	www.redpacketsecurity.com comments.app
6	www.gstatic.com	googleads.g.doubleclick.net
4	eb2.3lift.com	4 redirects
4	um.simpli.fi	4 redirects
4	www.googletagservices.com	googleads.g.doubleclick.net
3	c1.adform.net	3 redirects
3	onetag-sys.com	2 redirects
3	fonts.googleapis.com	googleads.g.doubleclick.net
2	secure.adnxs.com	2 redirects
2	sync.teads.tv	1 redirects
2	ap.lijit.com	2 redirects
2	d5p.de17a.com	2 redirects
2	image6.pubmatic.com	2 redirects
2	s.ad.smaato.net	2 redirects
2	dclk-match.dotomi.com	googleads.g.doubleclick.net
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	oauth.tg.dev	comments.app
2	www.google.de
1	match.adsrvr.org	googleads.g.doubleclick.net
1	pixel.rubiconproject.com	1 redirects
1	tr.blismedia.com	googleads.g.doubleclick.net
1	gcm.ctnsnet.com	1 redirects
1	ssbsync.smartadserver.com	googleads.g.doubleclick.net
1	s.tribalfusion.com
1	a.tribalfusion.com	1 redirects
1	sync.mathtag.com	1 redirects
1	cms.quantserve.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	stats.g.doubleclick.net	www.redpacketsecurity.com
1	analytics.google.com	www.redpacketsecurity.com
1	www.googleadservices.com	1 redirects
1	static.cloudflareinsights.com	www.redpacketsecurity.com
0	googlecm.hit.gemius.pl Failed	googleads.g.doubleclick.net
195	41

This site contains links to these domains. Also see Links.

Domain
www.patreon.com
t.me
discord.gg
www.reddit.com
www.linkedin.com
www.buymeacoffee.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-17` - `2023-06-17`	a year	crt.sh
*.comments.app Go Daddy Secure Certificate Authority - G2	`2022-03-30` - `2023-05-01`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.tg.dev Go Daddy Secure Certificate Authority - G2	`2022-04-08` - `2023-05-10`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-02-12` - `2023-05-13`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh

This page contains 25 frames:

Primary Page: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
Frame ID: 456EB52DD82B06762E17C7333B19EBFC
Requests: 66 HTTP requests in this frame

Frame: https://www.redpacketsecurity.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1676534400
Frame ID: D92FCB131A430B8D97B34C5607081403
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20190131/zrt_lookup.html
Frame ID: 92BD164416DDBA4779C60B1DDD673EB8
Requests: 1 HTTP requests in this frame

Frame: https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-stike-beacon-detected-194-165-16-56-port-443%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Cobalt%20Stike%20Beacon%20Detected%20-%20194%5B.%5D165%5B.%5D16%5B.%5D56%3A443%20-%20RedPacket%20Security&limit=5&color=E22F38
Frame ID: 47D23093DC20C88B7AC8F712A45BE2A5
Requests: 14 HTTP requests in this frame

Frame: https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-stike-beacon-detected-194-165-16-56-port-443%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Cobalt%20Stike%20Beacon%20Detected%20-%20194%5B.%5D165%5B.%5D16%5B.%5D56%3A443%20-%20RedPacket%20Security&limit=5&color=E22F38
Frame ID: BD0F39C6E1F7154CC6951B60E5959319
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&adk=1812271804&adf=3025194257&lmt=1676526402&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=128x675_l%7C140x675_r&format=0x0&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-stike-beacon-detected-194-165-16-56-port-443%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676546282089&bpp=7&bdt=747&idt=203&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8642350680103&frm=20&pv=2&ga_vid=1359530084.1676546282&ga_sid=1676546282&ga_hid=2007097179&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071976&oid=2&pvsid=1969479295432491&tmod=783741193&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=251
Frame ID: 2ABF5A9B0A366756C55A6F0BEA65FFCD
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 26D5A07BAAD400938B0C9BD9190F955D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 5D484A48CE8F78CEB0C0F9F1D81A4DA1
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
Frame ID: 4424C2673541C9D052D5CAB3D63D0EE2
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
Frame ID: 048CE4795BFC83CF71A8B4D09DCEC93A
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
Frame ID: 48D14F6A7CA2CD12CE91E7866B1D5FFF
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
Frame ID: 6FCFF19A393ABBD343DA8D98A3BBD0A7
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: F1AB7795905447B59F497B4843BFDB3B
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 127F3835079F9BAFD5210F641F90067D
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: B1E9DCEE983D2B8FE0DD043146FB45E2
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: FB0CCECBC8C68763740A3117B479B905
Requests: 9 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: E6469B5A7E0A30058FDACE9499A14E95
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: DEBD0C6C7BC4246DC53D1290E8A88363
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 2E0B154366AB4F338BF3C20E3710CFB0
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: B84BE101B9C4F0F762FB2B235C2F83D3
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 787B6262A6A8ED80FA438EFE413956F2
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js
Frame ID: 3BEACCAE3E6D2F7FFA8D92D5E9023083
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js
Frame ID: 3DF7BF13F3CA6821A11DA23DE824D563
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js
Frame ID: 9DF298A3546E337B2AAE6AB211929401
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js
Frame ID: 8F115C77136CB6E88A35C7C60B074AA5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cobalt Stike Beacon Detected - 194[.]165[.]16[.]56:443 - RedPacket Security

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

Page Statistics

195
Requests

88 %
HTTPS

50 %
IPv6

32
Domains

41
Subdomains

27
IPs

10
Countries

2037 kB
Transfer

5660 kB
Size

28
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://www.patreon.com/bePatron?u=37301876
Title: <img decoding="async" src="https://www.redpacketsecurity.com/wp-content/uploads/2021/01/Digital-Patreon-Wordmark_FieryCoralv2-1024x209.png" alt="Digital Patreon Wordmark FieryCoralv2" class="wp-image-10717" width="512" height="105" title="Cobalt Stike Beacon Detected - 194[.]165[.]16[.]56:443 2">

Search URL Search Domain Scan URL

URL: https://t.me/RedPacketSecurity
Title: <img decoding="async" src="https://www.redpacketsecurity.com/wp-content/uploads/2022/06/join.png" alt="join" class="wp-image-40311" width="485" height="155" srcset="https://www.redpacketsecurity.com/wp-content/uploads/2022/06/join.png 1146w, https://www.redpacketsecurity.com/wp-content/uploads/2022/06/join-300x96.png 300w, https://www.redpacketsecurity.com/wp-content/uploads/2022/06/join-768x245.png 768w, https://www.redpacketsecurity.com/wp-content/uploads/2022/06/join-1024x327.png 1024w" sizes="(max-width: 485px) 100vw, 485px" title="Cobalt Stike Beacon Detected - 194[.]165[.]16[.]56:443 3">

Search URL Search Domain Scan URL

URL: https://discord.gg/ED6T7awC
Title: <img decoding="async" width="402" height="125" src="https://www.redpacketsecurity.com/wp-content/uploads/2022/06/discord.png" alt="discord" class="wp-image-40367" srcset="https://www.redpacketsecurity.com/wp-content/uploads/2022/06/discord.png 402w, https://www.redpacketsecurity.com/wp-content/uploads/2022/06/discord-300x93.png 300w" sizes="(max-width: 402px) 100vw, 402px" title="Cobalt Stike Beacon Detected - 194[.]165[.]16[.]56:443 4">

Search URL Search Domain Scan URL

URL: https://www.reddit.com/r/RedPacketSecurity/
Title: <img decoding="async" src="https://www.redpacketsecurity.com/wp-content/uploads/2022/06/reddit-2000x690.png" alt="reddit" class="wp-image-40369" width="388" height="133" srcset="https://www.redpacketsecurity.com/wp-content/uploads/2022/06/reddit-2000x690.png 2000w, https://www.redpacketsecurity.com/wp-content/uploads/2022/06/reddit-300x103.png 300w, https://www.redpacketsecurity.com/wp-content/uploads/2022/06/reddit-768x265.png 768w, https://www.redpacketsecurity.com/wp-content/uploads/2022/06/reddit-1536x530.png 1536w, https://www.redpacketsecurity.com/wp-content/uploads/2022/06/reddit-2048x706.png 2048w, https://www.redpacketsecurity.com/wp-content/uploads/2022/06/reddit-1024x353.png 1024w" sizes="(max-width: 388px) 100vw, 388px" title="Cobalt Stike Beacon Detected - 194[.]165[.]16[.]56:443 5">

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/redpacket-security/
Title: <img decoding="async" src="https://www.redpacketsecurity.com/wp-content/uploads/2022/08/hd-linkedin.webp" alt="hd linkedin" class="wp-image-43441" width="390" height="224" title="Cobalt Stike Beacon Detected - 194[.]165[.]16[.]56:443 6">

Search URL Search Domain Scan URL

URL: https://www.buymeacoffee.com/redpacketsec
Title: <img width="300" height="150" src="https://www.redpacketsecurity.com/wp-content/uploads/2022/10/buymeacoffee-300x150.png" class="image wp-image-52196 attachment-medium size-medium" alt="" decoding="async" style="max-width: 100%; height: auto;" srcset="https://www.redpacketsecurity.com/wp-content/uploads/2022/10/buymeacoffee-300x150.png 300w, https://www.redpacketsecurity.com/wp-content/uploads/2022/10/buymeacoffee.png 438w" sizes="(max-width: 300px) 100vw, 300px" />

Search URL Search Domain Scan URL

URL: https://www.patreon.com/RedPacketSecurity?fan_landing=true
Title: <img width="300" height="300" src="https://www.redpacketsecurity.com/wp-content/uploads/2021/05/PATREON-SQUARE-300x300.jpg" class="image wp-image-15749 attachment-medium size-medium" alt="" decoding="async" style="max-width: 100%; height: auto;" srcset="https://www.redpacketsecurity.com/wp-content/uploads/2021/05/PATREON-SQUARE-300x300.jpg 300w, https://www.redpacketsecurity.com/wp-content/uploads/2021/05/PATREON-SQUARE-150x150.jpg 150w, https://www.redpacketsecurity.com/wp-content/uploads/2021/05/PATREON-SQUARE.jpg 500w" sizes="(max-width: 300px) 100vw, 300px" />

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 41

https://www.googleadservices.com/pagead/conversion/4209956877/?guid=ON&random=1676547719003&fst=1676546281675&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-stike-beacon-detected-194-165-16-56-port-443%2F&tiba=Cobalt+Stike+Beacon+Detected+-+194%5B.%5D165%5B.%5D16%5B.%5D56%3A443+-+RedPacket+Security&u_tz=0&u_his=10&ig=1 HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/4209956877/?guid=ON&random=1696210341&fst=1676546281675&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-stike-beacon-detected-194-165-16-56-port-443%2F&tiba=Cobalt+Stike+Beacon+Detected+-+194%5B.%5D165%5B.%5D16%5B.%5D56%3A443+-+RedPacket+Security&u_tz=0&u_his=10&ig=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=6RDuY73yLb7LmLAPq9WByAM&sscte=1&crd= HTTP 302
https://www.google.com/pagead/1p-conversion/4209956877/?guid=ON&random=1696210341&fst=1676546281675&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-stike-beacon-detected-194-165-16-56-port-443%2F&tiba=Cobalt+Stike+Beacon+Detected+-+194%5B.%5D165%5B.%5D16%5B.%5D56%3A443+-+RedPacket+Security&u_tz=0&u_his=10&ig=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=6RDuY73yLb7LmLAPq9WByAM&cid=CAQSKQDUE5ymtQvnjHIlesplTSxrszeGfwbuwCcYdgBkwz7cHwdhmQcaB5HS&random=998893954 HTTP 302
https://www.google.de/pagead/1p-conversion/4209956877/?guid=ON&random=1696210341&fst=1676546281675&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-stike-beacon-detected-194-165-16-56-port-443%2F&tiba=Cobalt+Stike+Beacon+Detected+-+194%5B.%5D165%5B.%5D16%5B.%5D56%3A443+-+RedPacket+Security&u_tz=0&u_his=10&ig=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=6RDuY73yLb7LmLAPq9WByAM&cid=CAQSKQDUE5ymtQvnjHIlesplTSxrszeGfwbuwCcYdgBkwz7cHwdhmQcaB5HS&random=998893954&ipr=y&prhg=0

Request Chain 42

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/4209956877/?guid=ON&random=1676547719003&fst=1676546281675&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-stike-beacon-detected-194-165-16-56-port-443%2F&tiba=Cobalt+Stike+Beacon+Detected+-+194%5B.%5D165%5B.%5D16%5B.%5D56%3A443+-+RedPacket+Security&u_tz=0&u_his=10&ig=1 HTTP 302
https://www.google.com/pagead/1p-user-list/4209956877/?guid=ON&random=1676547719003&fst=1676545200000&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-stike-beacon-detected-194-165-16-56-port-443%2F&tiba=Cobalt+Stike+Beacon+Detected+-+194%5B.%5D165%5B.%5D16%5B.%5D56%3A443+-+RedPacket+Security&u_tz=0&u_his=10&is_vtc=1&random=4235252862 HTTP 302
https://www.google.de/pagead/1p-user-list/4209956877/?guid=ON&random=1676547719003&fst=1676545200000&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-stike-beacon-detected-194-165-16-56-port-443%2F&tiba=Cobalt+Stike+Beacon+Detected+-+194%5B.%5D165%5B.%5D16%5B.%5D56%3A443+-+RedPacket+Security&u_tz=0&u_his=10&is_vtc=1&random=4235252862&ipr=y

Request Chain 150

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEHpqweNMnKSUgpdhC4CGE5k&google_cver=1&google_push=Aa02lx-JBFo_9PJJSR98POo84jv4FkNLVZkox8u4XPsEv-ZAo0Ce4n7L0iR1R4sN1YvfaFGoOjBXyxxfQNYxe8DPe22W99K-CQPeWII HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aa02lx-JBFo_9PJJSR98POo84jv4FkNLVZkox8u4XPsEv-ZAo0Ce4n7L0iR1R4sN1YvfaFGoOjBXyxxfQNYxe8DPe22W99K-CQPeWII

Request Chain 151

https://um.simpli.fi/gp_match?google_gid=CAESELYxCNULBtxrBiELVkfr9LI&google_cver=1&google_push=Aa02lx-YKa0i-iU63h6L9xoq-e_DcEtSS9rGzIICIBuzbWA2vf1lDaACUbTDfOjYv6OCZQbYuHWA5nP9dM6R6-3yPepHIPXkndQBWQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=09F9A40DDA3C45E0B92842E69F9152DD&google_push=Aa02lx-YKa0i-iU63h6L9xoq-e_DcEtSS9rGzIICIBuzbWA2vf1lDaACUbTDfOjYv6OCZQbYuHWA5nP9dM6R6-3yPepHIPXkndQBWQ

Request Chain 152

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEHwbOv53pqHReofQI0x4P4w&google_cver=1&google_push=Aa02lx9mdOIwLBTIXP5Wx4OJQfJty0xKkluEesQr43Cx7gksx-WK8Tq7Kao4pBc63nTgtTPQOeYE_w95iGpky7nrXM4lBSzNCPHPbRk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=Aa02lx9mdOIwLBTIXP5Wx4OJQfJty0xKkluEesQr43Cx7gksx-WK8Tq7Kao4pBc63nTgtTPQOeYE_w95iGpky7nrXM4lBSzNCPHPbRk

Request Chain 153

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEMMqx6KuCBNqUni3gdIQ5as&google_cver=1&google_push=Aa02lx9NLz2Nv0UIU9ODimIDpUGXj2IKijNh7wWqgTXor7MESkPdrBOV6TmQS91uBps8cS-e8UQLVwJF_hMNhUVdk3xzjNxuPCqPuA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx9NLz2Nv0UIU9ODimIDpUGXj2IKijNh7wWqgTXor7MESkPdrBOV6TmQS91uBps8cS-e8UQLVwJF_hMNhUVdk3xzjNxuPCqPuA

Request Chain 154

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEODpWutcMwULJ__ne6xIFv4&google_cver=1&google_push=Aa02lx_veTjYg-VZ_cPp2zN1CDDFH2RT8OjsEQUwaXhkqxZ0aL_9tkmcQe2lNAFbI12WVva9nl1VqfnlkvGR2AisDDwDS-rnSHT9-g HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=Aa02lx_veTjYg-VZ_cPp2zN1CDDFH2RT8OjsEQUwaXhkqxZ0aL_9tkmcQe2lNAFbI12WVva9nl1VqfnlkvGR2AisDDwDS-rnSHT9-g&google_gid=CAESEODpWutcMwULJ__ne6xIFv4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTY0NDQ3NDQyMDIxNDI0NDY5Mjkx&google_push=Aa02lx_veTjYg-VZ_cPp2zN1CDDFH2RT8OjsEQUwaXhkqxZ0aL_9tkmcQe2lNAFbI12WVva9nl1VqfnlkvGR2AisDDwDS-rnSHT9-g

Request Chain 156

https://a.tribalfusion.com/i.match?p=b6&u=CAESEKPupQF4nwGqK352NdoPPlA&google_cver=1&google_push=Aa02lx_nkCFa_GPjxudegCBfFFSl0BOPXA0JiIrp7-BBeneYStNboBwRP3fOKRN6vaJ0MvIRVM41fURPuXAoF_grmansaxOfa1zhxrs&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx_nkCFa_GPjxudegCBfFFSl0BOPXA0JiIrp7-BBeneYStNboBwRP3fOKRN6vaJ0MvIRVM41fURPuXAoF_grmansaxOfa1zhxrs%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEKPupQF4nwGqK352NdoPPlA&google_cver=1&google_push=Aa02lx_nkCFa_GPjxudegCBfFFSl0BOPXA0JiIrp7-BBeneYStNboBwRP3fOKRN6vaJ0MvIRVM41fURPuXAoF_grmansaxOfa1zhxrs&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx_nkCFa_GPjxudegCBfFFSl0BOPXA0JiIrp7-BBeneYStNboBwRP3fOKRN6vaJ0MvIRVM41fURPuXAoF_grmansaxOfa1zhxrs%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 157

https://um.simpli.fi/gp_match?google_gid=CAESELYxCNULBtxrBiELVkfr9LI&google_cver=1&google_push=Aa02lx-Zaf1pKneH9Pg9Pjdb8myB-8PmKZKzUppjElXNUkFLFI05lQIdNU7TBeAkL2PGgpinypg7ZirTXPLWrWu6d7M-YCfuPwcm4Mc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=DFD7CEBD15024F008A0B1D7E64DD836B&google_push=Aa02lx-Zaf1pKneH9Pg9Pjdb8myB-8PmKZKzUppjElXNUkFLFI05lQIdNU7TBeAkL2PGgpinypg7ZirTXPLWrWu6d7M-YCfuPwcm4Mc

Request Chain 158

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESENBFVTUNQLxx3bfNdO3EUCU&google_cver=1&google_push=Aa02lx_OOsjiilzZxibE0eZp6WbAk-KM015jwGlTnO-h2tVayS-yIvxiDxeU-ibO1Ilsvo9eQnx_LFfnmyHa2Lg27QrsJq-IdNKJp4E HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESENBFVTUNQLxx3bfNdO3EUCU&google_cver=1&google_push=Aa02lx_OOsjiilzZxibE0eZp6WbAk-KM015jwGlTnO-h2tVayS-yIvxiDxeU-ibO1Ilsvo9eQnx_LFfnmyHa2Lg27QrsJq-IdNKJp4E HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODc4NjU3NjcyMzcyMjkwNDczOQ&google_push=Aa02lx_OOsjiilzZxibE0eZp6WbAk-KM015jwGlTnO-h2tVayS-yIvxiDxeU-ibO1Ilsvo9eQnx_LFfnmyHa2Lg27QrsJq-IdNKJp4E

Request Chain 159

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEI7a06zO0Ky3KDRfN5v-UM0&google_cver=1&google_push=Aa02lx9E3YzYVYSJ7Rnyiad9yriEqCiGLVg1YgJzo8sfhHxalM4eQyfCW_ilMlmN7G1J0AcwcuFIdNkHINM9tJJ08LrpoeKi8noEP4k HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEI7a06zO0Ky3KDRfN5v-UM0&google_cver=1&google_push=Aa02lx9E3YzYVYSJ7Rnyiad9yriEqCiGLVg1YgJzo8sfhHxalM4eQyfCW_ilMlmN7G1J0AcwcuFIdNkHINM9tJJ08LrpoeKi8noEP4k&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=RsJQM8OcS_SwdpyMKMwMvw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aa02lx9E3YzYVYSJ7Rnyiad9yriEqCiGLVg1YgJzo8sfhHxalM4eQyfCW_ilMlmN7G1J0AcwcuFIdNkHINM9tJJ08LrpoeKi8noEP4k

Request Chain 160

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEODpWutcMwULJ__ne6xIFv4&google_cver=1&google_push=Aa02lx_IFqb1-W8vg-5qJ-VCisuVqsLHEKCD-Ce6n5O2H0-bRO7V0vqiZwUjyUkvyCF7ek_kJq4AAqK0rCjOHd4qocj-A_rXKeoBtQ4 HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=Aa02lx_IFqb1-W8vg-5qJ-VCisuVqsLHEKCD-Ce6n5O2H0-bRO7V0vqiZwUjyUkvyCF7ek_kJq4AAqK0rCjOHd4qocj-A_rXKeoBtQ4&google_gid=CAESEODpWutcMwULJ__ne6xIFv4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTY0NDQ3NDQyMDIxNDI0NDY5Mjkx&google_push=Aa02lx_IFqb1-W8vg-5qJ-VCisuVqsLHEKCD-Ce6n5O2H0-bRO7V0vqiZwUjyUkvyCF7ek_kJq4AAqK0rCjOHd4qocj-A_rXKeoBtQ4

Request Chain 166

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 167

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 170

https://um.simpli.fi/gp_match?google_gid=CAESELYxCNULBtxrBiELVkfr9LI&google_cver=1&google_push=Aa02lx9puSr_zeXSCWORe__RPGrAIUWkiJUKGnVxEd6fjmL0RkKn3sAI1_ys2p1OmiMlcxxt1zZZx2gB9u-InRxB0VvPP0mSeAQirw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=DFD7CEBD15024F008A0B1D7E64DD836B&google_push=Aa02lx9puSr_zeXSCWORe__RPGrAIUWkiJUKGnVxEd6fjmL0RkKn3sAI1_ys2p1OmiMlcxxt1zZZx2gB9u-InRxB0VvPP0mSeAQirw

Request Chain 171

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEGZZFNc2Xg76qQMu5ggQOb4&google_cver=1&google_push=Aa02lx-nXcSPsCPL-pzClkgbvU7xPtP4rbiX8WmTBRLyJZg2jtOsGS8NykJGWkR-y-o2d384TVQYW50_btmAhP8p6mGYi2YS1CYC7x0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aa02lx-nXcSPsCPL-pzClkgbvU7xPtP4rbiX8WmTBRLyJZg2jtOsGS8NykJGWkR-y-o2d384TVQYW50_btmAhP8p6mGYi2YS1CYC7x0&google_hm=c3WpeXkSRQiegnKzkZ5faiw

Request Chain 173

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESENBFVTUNQLxx3bfNdO3EUCU&google_cver=1&google_push=Aa02lx8TqB4PXiIkkruDKz2ATAXfjAdeLooPNFaAZArJEfUWPvKgSKmhNz2ndfYamXfiUe_w7LxxuYVsX_bCnf35cqhi5y7Oo9GU8A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mzk0ODQyMDYwMzIyMjk4MTMwOQ&google_push=Aa02lx8TqB4PXiIkkruDKz2ATAXfjAdeLooPNFaAZArJEfUWPvKgSKmhNz2ndfYamXfiUe_w7LxxuYVsX_bCnf35cqhi5y7Oo9GU8A

Request Chain 174

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEGXg2tNOs7McZnoRnTMpbc0&google_cver=1&google_push=Aa02lx-ulxaQZqGvDDyhK2KPNQhNM_SeM9n3R1AiWzzgRI7-pbmgA84TpFtHkl2X5pL2P2Q5xSNDW32L2b5ia2IGESSrO6DKynZXLg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEU3MERCTDItMjYtQUtKTA==&google_push=Aa02lx-ulxaQZqGvDDyhK2KPNQhNM_SeM9n3R1AiWzzgRI7-pbmgA84TpFtHkl2X5pL2P2Q5xSNDW32L2b5ia2IGESSrO6DKynZXLg

Request Chain 175

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEHwbOv53pqHReofQI0x4P4w&google_cver=1&google_push=Aa02lx87ygHU-9Mo5znoJBngBTu2NY4vFc4nYGYlg83-ydUWe8dt03fn6i8GMz1Z3b_XXt16WvaY8XGomOSfpsUM3SojcgyhYyGBsVc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=Aa02lx87ygHU-9Mo5znoJBngBTu2NY4vFc4nYGYlg83-ydUWe8dt03fn6i8GMz1Z3b_XXt16WvaY8XGomOSfpsUM3SojcgyhYyGBsVc

Request Chain 176

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEMMqx6KuCBNqUni3gdIQ5as&google_cver=1&google_push=Aa02lx-4j8p9aYeRolXZZySjBxr5pL2HxtKo6WGckhsSXVpLI7Pktp6BGex1dv_mAWZTfQHsSXuqmfQx3tXONFwFikNzRe2OrtRog5w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx-4j8p9aYeRolXZZySjBxr5pL2HxtKo6WGckhsSXVpLI7Pktp6BGex1dv_mAWZTfQHsSXuqmfQx3tXONFwFikNzRe2OrtRog5w HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 179

https://um.simpli.fi/gp_match?google_gid=CAESELYxCNULBtxrBiELVkfr9LI&google_cver=1&google_push=Aa02lx9pjpV6bfxTRhbzPHExYKJEJbqu329S7aQVMHqhn5e4TtPvJ1gqGylNi1qGLtG6fmUmHPT5dSpXfc0v-FSrqXXFSB9FeoW66w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=DFD7CEBD15024F008A0B1D7E64DD836B&google_push=Aa02lx9pjpV6bfxTRhbzPHExYKJEJbqu329S7aQVMHqhn5e4TtPvJ1gqGylNi1qGLtG6fmUmHPT5dSpXfc0v-FSrqXXFSB9FeoW66w

Request Chain 181

https://d5p.de17a.com/cookies/google?google_gid=CAESENEutr5BVYZlohgdjgaT3C8&google_cver=1&google_push=Aa02lx9uYu3FNSAX4s4LXmMOZfqsKcBQdlX-a0kRFQwiH34lgt26SmV_JHmo0UNnt8fF0bQzvkeILhrU8Zn7gOK5DwWpa6408NarIA HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESENEutr5BVYZlohgdjgaT3C8&google_cver=1&google_push=Aa02lx9uYu3FNSAX4s4LXmMOZfqsKcBQdlX-a0kRFQwiH34lgt26SmV_JHmo0UNnt8fF0bQzvkeILhrU8Zn7gOK5DwWpa6408NarIA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aa02lx9uYu3FNSAX4s4LXmMOZfqsKcBQdlX-a0kRFQwiH34lgt26SmV_JHmo0UNnt8fF0bQzvkeILhrU8Zn7gOK5DwWpa6408NarIA

Request Chain 182

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEJX3tpNOqxq0eX5RZPZ8EdI&google_cver=1&google_push=Aa02lx99FMKhoSdqihak3xpEhJPBvqHjDI0CEk_vWuVTth1SZHsO1oqNDKztoRQlesvRLzKwVSA05Lqpzfcv_686jLvF1orIZoOV HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEJX3tpNOqxq0eX5RZPZ8EdI&google_cver=1&google_push=Aa02lx99FMKhoSdqihak3xpEhJPBvqHjDI0CEk_vWuVTth1SZHsO1oqNDKztoRQlesvRLzKwVSA05Lqpzfcv_686jLvF1orIZoOV&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aa02lx99FMKhoSdqihak3xpEhJPBvqHjDI0CEk_vWuVTth1SZHsO1oqNDKztoRQlesvRLzKwVSA05Lqpzfcv_686jLvF1orIZoOV&google_hm=GKnmtGZHpk0SW4slTNyXeueS

Request Chain 183

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEEcOkfsgIWm9janLzHC54AY&google_cver=1&google_push=Aa02lx_QoaWdNaQ7iyETmi3z4vykV76C1-rl1RUmEiTk_9NlpnZHn6o0LiDtcGFGWnkpQmV5Kq2MSUEqqrWdvKGD0tNKWwWIg21STyE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=Aa02lx_QoaWdNaQ7iyETmi3z4vykV76C1-rl1RUmEiTk_9NlpnZHn6o0LiDtcGFGWnkpQmV5Kq2MSUEqqrWdvKGD0tNKWwWIg21STyE HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 184

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEE_QV-EmI95MAp2N6dPR6V0&google_cver=1&google_push=Aa02lx-P7uhJQoBIJdGL0hzlppe_gLcp4YHs46tica_3ul03hdsrUBpbKiYb8XzWfhsG10KGLbHvMbW63lYkAb9qfpZTWdtoTZXlsAM HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dxandr_eb%26google_hm%3D%24%7BBASE64_UID_ENC%7D%26google_gid%3DCAESEE_QV-EmI95MAp2N6dPR6V0%26google_cver%3D1%26google_push%3DAa02lx-P7uhJQoBIJdGL0hzlppe_gLcp4YHs46tica_3ul03hdsrUBpbKiYb8XzWfhsG10KGLbHvMbW63lYkAb9qfpZTWdtoTZXlsAM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=MjczOTc5NDMwMTM1NzI1NDM2OA%3D%3D&google_gid=CAESEE_QV-EmI95MAp2N6dPR6V0&google_cver=1&google_push=Aa02lx-P7uhJQoBIJdGL0hzlppe_gLcp4YHs46tica_3ul03hdsrUBpbKiYb8XzWfhsG10KGLbHvMbW63lYkAb9qfpZTWdtoTZXlsAM

Request Chain 187

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 188

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

195 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/ 89 KB
18 KB 281ms
245ms Document
text/html 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.4.33 PleskLin

Resource Hash

e7ff4c16fbfa447f2f2e9f1acadcb900818f75ff93016855c4102cd95996207e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=43200
cf-apo-via: origin,miss
cf-cache-status: STALE
cf-edge-cache: cache,platform=wordpress
cf-ray: 79a5e150eb12698f-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 16 Feb 2023 11:18:01 GMT
last-modified: Thu, 16 Feb 2023 05:46:42 GMT
link: <https://www.redpacketsecurity.com/wp-json/>; rel="https://api.w.org/", <https://www.redpacketsecurity.com/wp-json/wp/v2/posts/64477>; rel="alternate"; type="application/json", <https://www.redpacketsecurity.com/?p=64477>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vEJ%2BP2vq9ZBWH4HLHQ5h%2BBTB%2F05qFpMSg1d1NKEz4C44mDxS11R6dmihjW4wR0pu%2BaVRL73guVWlVRxOxfuZxJH%2Bn3UoiFTCOHLWI%2F0XroUo3e9U18Etmd7%2FWf%2BTA0mlQn4MH1hqillDpra8By9PQf2jURg%2FEsM%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15768000; includeSubDomains
vary: Accept-Encoding
x-html-edge-cache: cache,bypass-cookies=wp-|wordpress|comment_|woocommerce_
x-powered-by: PHP/7.4.33 PleskLin

GET
H2 200 style.min.css
www.redpacketsecurity.com/wp-includes/css/dist/block-library/ 93 KB
13 KB 128ms
126ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-includes/css/dist/block-library/style.min.css?ver=63875d12d742f8f67f51d21069f480d5

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 16 Nov 2022 03:42:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"63745c22-172a9"
x-powered-by: PleskLin
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TtgxglEfqxnFNbt5bNQCB8laBMXp%2FvrKF9bflnoCM4%2BxbjWkWw%2BIwhs4XVAB%2BOfpUHcV3Y5dxsvl6Ejuce2v2v%2FO1uLalf5FeZA9bcZ6xjTXm%2FCc9qdqQU%2FFWUolqLUP4FaknOUarAr9d5KC%2F%2BVhEarF%2B%2BWoOF8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 79a5e1527cfd698f-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 classic-themes.min.css
www.redpacketsecurity.com/wp-includes/css/ 217 B
534 B 118ms
115ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-includes/css/classic-themes.min.css?ver=1

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 08 Nov 2022 08:21:59 GMT
x-accel-version: 0.01
server: cloudflare
etag: W/"d9-5ecf13be0cde7-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9nJkx6Uf4RYsd9bTwOVhyEA%2BiSk%2BNHHdR12PqriCxxF6kx6chStnHg3Nt5blVzeuwHACoBRJ%2FYMAYbQnR4ktjvKCW1Gp06qaNTryiDIk9spQ0n1PXTqMIEVfkhtel%2FhDhyZ8lQlO5HdfvuYBypzHNUNcxCS8uMQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 79a5e1527d01698f-FRA

GET
H2 200 app.css
www.redpacketsecurity.com/wp-content/plugins/patreon-connect/assets/css/ 2 KB
979 B 129ms
127ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/plugins/patreon-connect/assets/css/app.css?ver=63875d12d742f8f67f51d21069f480d5

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

af12f7592b4d8f6b8483bd9bab081ecf35abe485d5315fb0ecf30559ac2bd9cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=3028
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 29 Sep 2022 16:23:49 GMT
server: cloudflare
etag: W/"6335c695-bd4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qyJMfr7VUfpwnrC5zvPOpohyyuMN6dw%2BzFsSg0%2FgG1I%2BAUXodpJInxdYBpAR93jkQTzzpWjeeaHM8wcepWisYy2bd6IwgwXSOQLQ9q0Cut7jGhs9C9%2Ferd3mQZiYCQu75Sph1%2FZlgdNBAy8q5MDYGnGbFB0GWIw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 79a5e1527d02698f-FRA

GET
H2 200 style.css
www.redpacketsecurity.com/wp-content/themes/trendy-news/ 9 KB
4 KB 127ms
125ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/trendy-news/style.css?ver=63875d12d742f8f67f51d21069f480d5

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

500ac7575a41098a65d2cde54a71ccfd3a7ac9b6b6fcfef664371fc00da5f550

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=18905
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 14 Feb 2023 08:19:47 GMT
server: cloudflare
etag: W/"63eb4423-49d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Do6JlGkrBM%2Fkt0A4NdUSq2PRIOPp9enzeMb3XagJ25lc5KEAIjVIGk32RrutqojXyykPeVIjHnJn%2Fk5I7HoCmuJMujkTal5sUrXZ5sgQMnDWpeiAmWikSnNA%2BnDhwYeTWcyIFaBn4FfktGEdxz5HD9OveVPpmKc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 79a5e1527d03698f-FRA

GET
H2 200 all.min.css
www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/lib/fontawesome/css/ 58 KB
13 KB 122ms
120ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/lib/fontawesome/css/all.min.css?ver=5.15.3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

fd493524c8be6d84cf95959f93103680b3faa2a47c92482d43ff1836d8c08055

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 Feb 2023 08:19:47 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"63eb4423-e7d4"
x-powered-by: PleskLin
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zbZDXmXISECneO%2FyiLOuigtRht9Rkq0da9S%2BciNjHqfrpgcj4EIUm5tf%2BO9ZJp55oamTEKcGEPVOTVblXfll%2BJpPYHKCPVdS0pHfONOhRgc3fdohPC0Anch1mk0KYY%2F4aErWV65ZA6Xr5IDSEfuClsBcjR8nw8Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 79a5e1527d06698f-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 slick.css
www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/lib/slick/ 1 KB
787 B 118ms
116ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/lib/slick/slick.css?ver=1.8.1

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

21061765237c66c10b48e236063a3497c22d33629e98f8654d1a3b860fa48700

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=1895
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 14 Feb 2023 08:19:47 GMT
server: cloudflare
etag: W/"63eb4423-767"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D2rsyenBDUWTRGoYOQ4Vvj4sX6fXMPlUXY51MCv1L77uAYWEh4bOMOpm%2FHAklH6rODdYIpWeTkRdzwvZD1PWY1KAJLiWghho0XhSwAEOR6bb463vkhXSUgJcpDfDzn2dySuC5Zzzwu6mH4w85bi6ZTZzEfA77Ps%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 79a5e1527d08698f-FRA

GET
H2 200 f42a327af8fec7b4e034d62bd8f98b3b.css
www.redpacketsecurity.com/wp-content/fonts/ 23 KB
1 KB 123ms
122ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/fonts/f42a327af8fec7b4e034d62bd8f98b3b.css

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

8d682cacc363f4e147c5b9cf41b5f62c8614ba28952508b12d559bad92d8647c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=27217
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 15 Dec 2022 08:29:23 GMT
server: cloudflare
etag: W/"639adae3-6a51"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aIrC9mn5otSgwbiIbpQIuQ6vV3mbKxaSlmfAgHeMG0frLpt77Xu5GeITLNnxLvZYZDvPhipA7jzGdUdri6i7bVmLtF0d7LCiHkes2o55tLCaotFCPDNiDPQ7hMdTRLVrLP00RCjgl7Q%2Bzh6lAlXhXK%2FdHUIJ%2Bps%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 79a5e1527d09698f-FRA

GET
H2 200 style.css
www.redpacketsecurity.com/wp-content/themes/trendy-news-child/ 34 B
451 B 125ms
124ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/trendy-news-child/style.css?ver=63875d12d742f8f67f51d21069f480d5

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

9c6da36cea63f11f2eec0b90172b327690999906bab4fd6acefb742a6a934c34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=107
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 34
cf-bgj: minify
last-modified: Thu, 09 Feb 2023 18:56:04 GMT
x-accel-version: 0.01
server: cloudflare
etag: "6b-5f448eecf1a30-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H6a9eGazYR5fG0A7EtDcZtHuFalls0fn2fj7NRjX0d%2FVIYuMoemljQrJbDopyUDjttMZajlZsu9h6ZGk5CREsD13U82zcHxOosjfHomzb%2BDB8b0haFXk2Hfb0XR6ueBUGOee8lNyU%2Fp1Oy31pTTeAwQkajAnP4Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 79a5e1527d0a698f-FRA

GET
H2 200 main.css
www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/css/ 129 KB
21 KB 124ms
123ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/css/main.css?ver=63875d12d742f8f67f51d21069f480d5

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

e1601745519a76243ca6bb102340f8d85ffe8d78e2166ad8820bc45edeb995f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=178516
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 14 Feb 2023 08:19:47 GMT
server: cloudflare
etag: W/"63eb4423-2b954"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6AoxbAxBsQymTIcf%2BJML5dOeb4NUjS213jifia%2FvZ%2BaHaIR9Z%2FpdtnWGyJKco6Q20Th0i9GPoHrw2mt5G1PwPEB8druR2Hy7JvFw6KebKaCt%2BP5z%2BxPTfByvz9Rtrvnf4WpYxP2IsvOPqqh4yrio2hG%2BWf%2BDwGg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 79a5e1527d0b698f-FRA

GET
H2 200 loader.css
www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/css/ 21 KB
3 KB 147ms
145ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/css/loader.css?ver=63875d12d742f8f67f51d21069f480d5

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

24f76018c6bfebc6a17b5a7074fb8673c4fcf72cbd787766a6594da49eda6259

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=28319
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 14 Feb 2023 08:19:47 GMT
server: cloudflare
etag: W/"63eb4423-6e9f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M7XGLGMiB8NRVwtA7lT1NgLtAfctuTsg8z0vYxH3a9ix%2F1SsUgDyD8rvgX9RvVedWY8NR%2BI8rYwkgkxY2%2BXN7pQs5c254mmez6J%2FsFX90JOa8XX5b9gF1hD4zfpC8mzrdFnJVNBB06par4ZcosB6BtEI29SJ%2BxM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 79a5e1527d0d698f-FRA

GET
H2 200 responsive.css
www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/css/ 11 KB
2 KB 144ms
143ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/css/responsive.css?ver=63875d12d742f8f67f51d21069f480d5

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

48fbde4449166e5ac00ca28f5eaf4fd040dd02a68c1b000de088da357e9bdcf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=14063
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 14 Feb 2023 08:19:47 GMT
server: cloudflare
etag: W/"63eb4423-36ef"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nVwMkcfvVosrUyWgs9OZHb2qvTM3E7S2%2Ba0%2BuusN1Tf2pnKHnHuobafiI1xhrtTjIKFSyOchHP6YtZ3lKLsuRwdzACV9k6hgmGDM6FrkpuXzt%2BsQ5E240q5CN%2Fk2VPfTWRPqjXmGXEa63q%2BORhvhgUfw%2BFVpLEU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 79a5e1527d18698f-FRA

GET
H2 200 front.min.css
www.redpacketsecurity.com/wp-content/plugins/cookie-notice/css/ 5 KB
1 KB 125ms
124ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/plugins/cookie-notice/css/front.min.css?ver=63875d12d742f8f67f51d21069f480d5

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

f158b8591a08b6c02bb345ae96dd62f0c632f7f635bb4a5f449fce24bdc11789

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 26 Jan 2023 06:41:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"63d2207c-14d6"
x-powered-by: PleskLin
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M%2F83RNN5DZ0vNiquukCSgzDI%2BZY3KhdWjzRQF7oxVfl1EhKHtggXlm11zVdlkzBpNICFZkEjL8H6xjG0NBHhmCY8pXUg6v2k9IulL8g2%2FWVxWO75h3kKgwEHP3gl8BO%2FfP%2BnCRGHIIdaVypbGQ3wEeekZJKzZhk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 79a5e1527d1a698f-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 rocket-loader.min.js Show response
www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 11ms
11ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 15 Feb 2023 11:11:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"63ecbdcc-302c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2vZ5L4XTrwwiQRYzXwdl17ezzoJIBLKI%2FeM%2BRKjYIJGbeB0dS9K%2BL8yqMmHCPBCQNRsw75aGZLPFmygZyLzVg6tTu1S85zT2r0Y2j0dNbesfCDqWiNQF2kGrJqhVmGK2N1wuOTcTixR69%2FTRxY%2FVXXbeP%2BzXoDI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 79a5e1535936371c-FRA
expires: Sat, 18 Feb 2023 11:18:01 GMT

GET
H2 200 vaafb692b2aea4879b33c060e79fe94621666317369993 Show response
static.cloudflareinsights.com/beacon.min.js/ 17 KB
6 KB 76ms
47ms Script
text/javascript 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
Requested by: Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3

Request headers

Referer: https://www.redpacketsecurity.com/
Origin: https://www.redpacketsecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
content-encoding: gzip
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
server: cloudflare
etag: W/2022.10.1
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 79a5e153a8179118-FRA

GET
H3 200 style.css
www.redpacketsecurity.com/wp-content/themes/trendy-news/ 9 KB
4 KB 110ms
109ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/trendy-news/style.css

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/wp-content/themes/trendy-news-child/style.css?ver=63875d12d742f8f67f51d21069f480d5

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

500ac7575a41098a65d2cde54a71ccfd3a7ac9b6b6fcfef664371fc00da5f550

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/wp-content/themes/trendy-news-child/style.css?ver=63875d12d742f8f67f51d21069f480d5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=18905
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 14 Feb 2023 08:19:47 GMT
server: cloudflare
etag: W/"63eb4423-49d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HVPVpRx6ntO%2FF4BrrIqfgenHV5sJLkgc2Pr8o4OJ0Ub4gnOyS1ro0149l2wFgi5ygArXQtk%2Fx7D%2BO%2BaYxpy4w5Njbw1NDAkntFx4XS5zm1X0F9aRSHF25E7bhPhXVxDHAFVSF6VJUgDi90b5RUBCTBhybI3lB%2Bc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 79a5e153490e371c-FRA

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 j8_16_LD37rqfuwxyIuaZhE6cRXOLtm2gfT2hq-M.woff2
www.redpacketsecurity.com/wp-content/fonts/encode-sans-condensed/ 21 KB
22 KB 121ms
120ms Font
font/woff2 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/fonts/encode-sans-condensed/j8_16_LD37rqfuwxyIuaZhE6cRXOLtm2gfT2hq-M.woff2

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/wp-content/fonts/f42a327af8fec7b4e034d62bd8f98b3b.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

140ee2462b736e743b7f9b2dd82f41ecfa63f17a818739fec426067500edb49c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://www.redpacketsecurity.com/wp-content/fonts/f42a327af8fec7b4e034d62bd8f98b3b.css
Origin: https://www.redpacketsecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 21560
last-modified: Thu, 15 Dec 2022 08:29:22 GMT
server: cloudflare
etag: "639adae2-5438"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rVzSRL4j2DuTUve7ICYE%2BlGbH5qqtR2NPE8gwh%2Fjc%2FqMJw2TIdtY02GGgFJAHb4onAejdlVmmjjW8M6B%2BQvmw9k0DaR1JeAFHY9JBHgziqqMpGLZWcP6%2FUHZ8wy93dmcdn9ePhXWhMKcnU2Pj3JEmrJVeYrRalo%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 79a5e1540a69371c-FRA

GET
H3 200 j8_46_LD37rqfuwxyIuaZhE6cRXOLtm2gfT-PYqZAC4I.woff2
www.redpacketsecurity.com/wp-content/fonts/encode-sans-condensed/ 21 KB
22 KB 123ms
121ms Font
font/woff2 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/fonts/encode-sans-condensed/j8_46_LD37rqfuwxyIuaZhE6cRXOLtm2gfT-PYqZAC4I.woff2

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/wp-content/fonts/f42a327af8fec7b4e034d62bd8f98b3b.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

d52f1f1c0e3e9e237c7604afefa8d784064f688c76293e3f1102dab32a830925

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://www.redpacketsecurity.com/wp-content/fonts/f42a327af8fec7b4e034d62bd8f98b3b.css
Origin: https://www.redpacketsecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 21624
last-modified: Thu, 15 Dec 2022 08:29:23 GMT
server: cloudflare
etag: "639adae3-5478"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9jiHg9sYNmKO8NQx%2FeJ1eej8nJ%2FUW17MzKu%2Fq9el4OjLQq0Zh6tokMpO%2F4FVZwL6Ri2Y6qrLlnkraeLG1w1v7sLVxsKO6Nu2PTBHkZW87stwdAbuD2ehW5bMOqslOqJlFGE91sbQw%2B7uxn1D65cSmwQEpFn2UFE%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 79a5e1540a6b371c-FRA

GET
H3 200 j8_46_LD37rqfuwxyIuaZhE6cRXOLtm2gfT-dYyZAC4I.woff2
www.redpacketsecurity.com/wp-content/fonts/encode-sans-condensed/ 21 KB
22 KB 132ms
130ms Font
font/woff2 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/fonts/encode-sans-condensed/j8_46_LD37rqfuwxyIuaZhE6cRXOLtm2gfT-dYyZAC4I.woff2

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/wp-content/fonts/f42a327af8fec7b4e034d62bd8f98b3b.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

a2123f408e24aef68f451ccbe5370ec3c92354c75d3e58188d31e6b9618edafb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://www.redpacketsecurity.com/wp-content/fonts/f42a327af8fec7b4e034d62bd8f98b3b.css
Origin: https://www.redpacketsecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 21596
last-modified: Thu, 15 Dec 2022 08:29:22 GMT
server: cloudflare
etag: "639adae2-545c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZFb1XtlBLaV22jDBTVz2MECdRA5l0RgyWWcGlyqOGC4IeXS47O9QgEy8Fr8slB1GGNFf7bt4TDOrdrqWc1vS7B3SYaIFg8id3a0FALlQnxMP6t5X0Je%2BqZiW3GF6iRRqNgj0ASMsseHhDo5I0Z9IJk35kKzhwEM%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 79a5e1540a6c371c-FRA

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
www.redpacketsecurity.com/wp-content/fonts/open-sans/ 44 KB
44 KB 111ms
110ms Font
font/woff2 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/fonts/open-sans/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/wp-content/fonts/f42a327af8fec7b4e034d62bd8f98b3b.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://www.redpacketsecurity.com/wp-content/fonts/f42a327af8fec7b4e034d62bd8f98b3b.css
Origin: https://www.redpacketsecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44856
last-modified: Thu, 15 Dec 2022 08:29:23 GMT
server: cloudflare
etag: "639adae3-af38"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f1Tln8ErUnNiSs%2BUDmA1o%2BGTXouZLipeX2MQLmFxLEKfzeHU%2Fa%2BJvhBt8nTCYicbS1ZdzCqFFdlh96BEctPF6JarwBEfsdEUj2%2BUGbkLRmSW3ajt9ckgsYlWpUwQShN13%2BaR4mhvJGmkGbRBg8qZaUpiddfE6Js%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 79a5e1540a6d371c-FRA

GET
H3 200 fa-solid-900.woff2
www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/lib/fontawesome/webfonts/ 76 KB
77 KB 132ms
131ms Font
font/woff2 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/lib/fontawesome/webfonts/fa-solid-900.woff2

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/lib/fontawesome/css/all.min.css?ver=5.15.3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/lib/fontawesome/css/all.min.css?ver=5.15.3
Origin: https://www.redpacketsecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 78196
last-modified: Tue, 14 Feb 2023 08:19:47 GMT
server: cloudflare
etag: "63eb4423-13174"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XWZ0u2iWqYKFsh1uKrB01p67SkU4czF3BfkYqMGykCwTh6f5qu6IWECkW6vijogjNKQd2VJG%2BVCt4hT6czZwTk%2FC5kb4p1fQJQCRYzPr0hoBFDPEbJSbYteimK41cHs9f4gOsOiqZoHJAQM46y4GsOO0aM8lH7I%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 79a5e1540a6e371c-FRA

GET
H3 200 pxiEyp8kv8JHgFVrJJfecg.woff2
www.redpacketsecurity.com/wp-content/fonts/poppins/ 8 KB
8 KB 177ms
176ms Font
font/woff2 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/fonts/poppins/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/wp-content/fonts/f42a327af8fec7b4e034d62bd8f98b3b.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://www.redpacketsecurity.com/wp-content/fonts/f42a327af8fec7b4e034d62bd8f98b3b.css
Origin: https://www.redpacketsecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7884
last-modified: Thu, 15 Dec 2022 08:29:23 GMT
server: cloudflare
etag: "639adae3-1ecc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rbp3DG2u1L%2B1qv5P%2BVChK3r3yGvOF%2BBrBG6HKecoTqGjv%2FFaWMABJMgHu%2FfLMbzaUZtdPLDc1v5A%2BUCMwHfN7xJ0OS21XcTzOKpFRY3mvU76asMOLYogx6iapLt1KVRYiUyyhLG4%2Bk3JQj8vpyMpcRMImwK0ymU%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 79a5e1543aa4371c-FRA

GET
H3 200 fa-regular-400.woff2
www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/lib/fontawesome/webfonts/ 13 KB
14 KB 119ms
118ms Font
font/woff2 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/lib/fontawesome/webfonts/fa-regular-400.woff2

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/lib/fontawesome/css/all.min.css?ver=5.15.3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

8afc6e5e842baab16010c2ce6fcf48ec4ded8e1579a37c1f1bc027e120d04951

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/lib/fontawesome/css/all.min.css?ver=5.15.3
Origin: https://www.redpacketsecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13276
last-modified: Tue, 14 Feb 2023 08:19:47 GMT
server: cloudflare
etag: "63eb4423-33dc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rm5a794xQJX%2BRozA57BcNMuQxi4%2Bh%2FrPBybbf0G2pa%2FBNhoVSUwfovsqJouNy5xkSoyF8AGqmsQY4OgAAomEcpTtfumKbLlzRD5P3%2FhhgolLPgDxdaTmQGj33oWUDr%2BuBjdizlcG7pzOBewOPeHE6LQZNJwc7tA%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 79a5e1543aa6371c-FRA

GET
H3 200 u-4i0qWljRw-PfU81xCKCpdpbgZJl6Xvqdns.woff2
www.redpacketsecurity.com/wp-content/fonts/cabin/ 25 KB
26 KB 114ms
113ms Font
font/woff2 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/fonts/cabin/u-4i0qWljRw-PfU81xCKCpdpbgZJl6Xvqdns.woff2

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/wp-content/fonts/f42a327af8fec7b4e034d62bd8f98b3b.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

979caf94add5b00ec59d8abde43d200523745c2f4b105c2906f4d9dda4afaeec

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://www.redpacketsecurity.com/wp-content/fonts/f42a327af8fec7b4e034d62bd8f98b3b.css
Origin: https://www.redpacketsecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 26100
last-modified: Thu, 15 Dec 2022 08:29:22 GMT
server: cloudflare
etag: "639adae2-65f4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z2ewfEYU7y57CxgUIRk9mn0a2dQCkXeSxif1PNj1pnixnudb2FDH9lwB9%2Flkv4x%2BKiHpOYdMOWtwTXxK%2Fy9kPEQWpBbxDa5jVrskq4%2BweakeGBxRT4Bq6986cn%2BFjS7MjGz%2Br24bwprlhErPI1SwwkQ3qyq0eo4%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 79a5e1543aa7371c-FRA

GET
H3 200 j8_46_LD37rqfuwxyIuaZhE6cRXOLtm2gfT-WYuZAC4I.woff2
www.redpacketsecurity.com/wp-content/fonts/encode-sans-condensed/ 21 KB
22 KB 128ms
127ms Font
font/woff2 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/fonts/encode-sans-condensed/j8_46_LD37rqfuwxyIuaZhE6cRXOLtm2gfT-WYuZAC4I.woff2

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/wp-content/fonts/f42a327af8fec7b4e034d62bd8f98b3b.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

ed81d5248fa368649beafa2654a6dcf3b0fbb083cc1c2dfb18e5aad1d94510e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://www.redpacketsecurity.com/wp-content/fonts/f42a327af8fec7b4e034d62bd8f98b3b.css
Origin: https://www.redpacketsecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 21884
last-modified: Thu, 15 Dec 2022 08:29:23 GMT
server: cloudflare
etag: "639adae3-557c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=izmaXcodABqXfQLqujZuYr8pPgQRHJ8mOZFYDlFpKmUQJ3%2FLqKN3ueGu8AcjGazvvaIwaae%2BmrbP9%2FddRKrbQEEsJu94OlWNnFgUE5xJrApJ7AVOjqpH8J1D9nGoMdYn6BPWt1eCiRghWbhVGfaLLMt07%2BCEtrc%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 79a5e1543aa8371c-FRA

GET
H3 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
www.redpacketsecurity.com/wp-content/fonts/poppins/ 8 KB
8 KB 127ms
126ms Font
font/woff2 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/fonts/poppins/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/wp-content/fonts/f42a327af8fec7b4e034d62bd8f98b3b.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://www.redpacketsecurity.com/wp-content/fonts/f42a327af8fec7b4e034d62bd8f98b3b.css
Origin: https://www.redpacketsecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7748
last-modified: Thu, 15 Dec 2022 08:29:23 GMT
server: cloudflare
etag: "639adae3-1e44"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2NmFwSv%2F9KQ24WuirILLN0LrJo7Pd2vGZ5547O4bA2pCWSnjPJzwzUxncRscMofV5lFsjolCRNzqCO6hdNvMIpDUfFpVKb%2FCHx6SIsoaEGMdCGkrZv8JLuGdAZjCbiPMz%2FKAyyfI4RMTBaBUza4ntFnpGn%2FUNl8%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 79a5e1543aa9371c-FRA

GET
H3 200 smush-lazy-load.min.js Show response
www.redpacketsecurity.com/wp-content/plugins/wp-smushit/app/assets/js/ 8 KB
4 KB 122ms
120ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.12.4

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

f65784e5e7332dc1e4bbeacbec70fdeef4a1bea84f16ce2ee144999719d195ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 22 Nov 2022 14:23:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"637cdb50-1ef2"
x-powered-by: PleskLin
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kWxVe%2Fk6Y%2BNSibkW7EFt4inBKaWXYKeMuY%2BIZcxEzWLRqrU%2FPRfenrHFkKI2ie5N3WMUInw6ivwrHbVA10DPXjggHHrt%2BK9%2B7d95thcq9U37FJsEsNB%2FWQGUBKcg9xhVvT85zjc4qo5Rxw4jSG%2BASgJs0xJlEhs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 79a5e1545ad7371c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 jquery.waypoint.min.js Show response
www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/lib/waypoint/ 9 KB
3 KB 122ms
118ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/lib/waypoint/jquery.waypoint.min.js?ver=4.0.1

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

c86e183995d42d069cdf501e7605562c081cd7aac3b779abe3f69af717d4dd47

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 Feb 2023 08:19:47 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"63eb4423-234a"
x-powered-by: PleskLin
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fBDIq6Ej5lq0s%2BMgu2V1XRSWZVVBTdZpuiGupwn26p%2BCLnMhiBrtqj05fvsaw12tLvZ3D0pDHxiHnuUxPApZk4%2BtbT51shxhMLBAPkX6FCzPhRbY2fLqCmvZ7d5xCjguQkggm1FVDx7G2CkTfkoLpXnhWo8A%2FTY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 79a5e1546ae0371c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 theme.js Show response
www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/js/ 10 KB
3 KB 123ms
119ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/js/theme.js?ver=63875d12d742f8f67f51d21069f480d5

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

cb663c80447404f77fc81a5cfa183a73ce0efbede98da0942e7c7f015b124fa5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=15745
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 14 Feb 2023 08:19:47 GMT
server: cloudflare
etag: W/"63eb4423-3d81"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w6bfuqlzh64oBTKIQmWEI0RaFt%2Blq0rg3Ra7QW9Jo%2FXVQXyT2hgTkAmjxbqavg3s75M9wqENJz0GxZNeGezAt0hKoMWrBR%2F6G3vYLaj%2FqYwhT2fDWGNpvSHqr6wRL1S47I%2BII3xvZEx7FEGZOLraplh%2Fcd3GDS8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 79a5e1546ae1371c-FRA

GET
H3 200 navigation.js Show response
www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/js/ 3 KB
2 KB 113ms
110ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/js/navigation.js?ver=63875d12d742f8f67f51d21069f480d5

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

d5fe67baeacc337576517dc182b708ed116ca3282ffdfb15cb18d63c1d573b8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=5693
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 14 Feb 2023 08:19:47 GMT
server: cloudflare
etag: W/"63eb4423-163d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u4Pma6lxn24etIgdkTXWQd9chW0n5vC5LI02H%2BboC%2BejczF%2FY%2BGCk4V%2BEPBzwk98KK8XsuJXsJ8ldRiQj6TYbuXGh54fRX9AhHygmWjh1nnl1V3RcJ3UB9lKDqShTci8T%2FuW%2Fm%2B139jcrGc9eqC%2FaAOVXgE8%2BXk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 79a5e1546ae2371c-FRA

GET
H3 200 jquery.marquee.min.js Show response
www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/lib/js-marquee/ 9 KB
3 KB 122ms
119ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/lib/js-marquee/jquery.marquee.min.js?ver=1.6.0

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

feade23a47f6041e6d1008885642dd7ab7cc4f12d94b0c7191c9cf8ca55df97d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 Feb 2023 08:19:47 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"63eb4423-2345"
x-powered-by: PleskLin
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=19UkLkaM8Lx5warOQsG6JOS0dRxeh2aXngKbxg4MwAH2wb%2BRm3yTc7fUcYMq8h2b%2FUHy3p92G6RLlYknamxpVcRd7AlNYtiYQ2%2FvAj6loQrhjYmtWtRmD1XJ1CfRtGh1G42YuLRN4EhdeJsS4OwoCF6RFQ3HQsU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 79a5e1546ae3371c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 slick.min.js Show response
www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/lib/slick/ 42 KB
11 KB 124ms
122ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/trendy-news/assets/lib/slick/slick.min.js?ver=1.8.1

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

e1a52c0a06fa9f65e015b02e7ec463fd621211a9d2ae44b6660597900e927fbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 Feb 2023 08:19:47 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"63eb4423-a770"
x-powered-by: PleskLin
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xcWv5BUfadtuqPiFg%2FVfhmuMwTJ6b047af4cvRhwzqjk6%2B0i%2FT%2Bko4Xtyuokhzn8J1T95eUNKOZi%2FOOtOCG4NPRyzUhC8eZ2ZM3LBkJoeSjl%2B6%2BtaEhPWzhi1LcT8riwns%2B1nMhmOXQrNALGPzK%2BLLLmRyYDDhI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 79a5e1546ae4371c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 app.js Show response
www.redpacketsecurity.com/wp-content/plugins/patreon-connect/assets/js/ 244 B
743 B 112ms
110ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/plugins/patreon-connect/assets/js/app.js?ver=63875d12d742f8f67f51d21069f480d5

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

7d45256c95c1c245654bf298e27d9c538dc778a2ee050ba4678ac2a07f479869

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=354
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 29 Sep 2022 16:23:49 GMT
x-accel-version: 0.01
server: cloudflare
etag: W/"162-5e9d34d628736-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ziTfrVGbYYgk43mw5bYOMq8t%2BI3Z9SRu78yjDtK%2Fc4mNmvBAGd6GUyU0VZbmKwzR2DAwVWuowybJB4wUqppopISQzrlMEGGhx%2FDBFBqVcnUauhTK2%2Bk%2BiCywEAsiwtsfSyzIdkhm4Pd7f5sF2oKKtRCy9vPn5ag%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 79a5e1546ae5371c-FRA

GET
H2 200 widget.js Show response
comments.app/js/ 9 KB
3 KB 104ms
42ms Script
application/javascript 149.154.164.13
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://comments.app/js/widget.js?2

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.164.13 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.20.1 /

Resource Hash

482f450b7fdbac6f9304643f3e731df20bf66c51fb0599fa9a734e5d102a9e2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Fri, 19 Jun 2020 23:54:45 GMT
server: nginx/1.20.1
etag: W/"5eed5045-2390"
content-type: application/javascript

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 148 KB
50 KB 98ms
59ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1536334219562771

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c125f9df87e03c7f10734df4272ae3d1591fcbb128a67e8d0321c7f185556038

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.redpacketsecurity.com/
Origin: https://www.redpacketsecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50266
x-xss-protection: 0
server: cafe
etag: 2673507429906158757
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 16 Feb 2023 11:18:01 GMT

GET
H3 200 a01b5086.js Show response
www.redpacketsecurity.com/wp-content/uploads/caos/ 214 KB
76 KB 125ms
122ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/uploads/caos/a01b5086.js

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

1ab5022a9d544ad3a4ba79b1cb50c46cfdd741ff9b136e1f787d9dd942961e70

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=220171
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 16 Feb 2023 06:04:07 GMT
server: cloudflare
etag: W/"63edc757-35c0b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sdOulhx748%2BA5IsMypOS24N2C3%2FCnOzHk7aSeOPvUyAYaPUu0gajcJ5vAsmvCgNhz%2B63GroPblB%2BxUDi6xZR1cG6srmUjbxHZ9zbFfKZM6wGCHFxegn886qtEKuF6D5nwPiopg0hW0mcnnIYfuBOpAOWS09YTRk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 79a5e1546ae6371c-FRA

GET
H3 200 front.min.js Show response
www.redpacketsecurity.com/wp-content/plugins/cookie-notice/js/ 9 KB
3 KB 127ms
125ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.6

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

af735813266cdf52a38a6e1583a86066db357469ceded2d7ea8335b298d73d65

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 26 Jan 2023 06:41:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"63d2207c-222e"
x-powered-by: PleskLin
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fj9eZteHm4kv76CLn9RIDWg%2FQpvvP4iSn30fRNF3D6b5JfbPPIpbtf2EVZomYf1NtqloTBgdaZsxU7H7k9ecn7D94cSL1FXJVXd4NMMd1zTc4UJk72MmjsCYhDRS7w4rLSVmavsWA35Uf3UzGhKdddksB6AYKHU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 79a5e1546ae7371c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 jquery-migrate.min.js Show response
www.redpacketsecurity.com/wp-includes/js/jquery/ 11 KB
5 KB 119ms
117ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 22 Dec 2020 15:30:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"5fe21101-2bd8"
x-powered-by: PleskLin
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l3T%2Fwv9XeEjN56lhqbeahRyG%2FF0v%2BE2d9EwalMrsiQQBZfTgLwA53cYjLDrqtXVj66m1V4LeAl58z6L5pnkl49W%2B5xm5WU1F75x48vlO8qD%2Bd%2B28DPJ5dEwk1CVmKi%2FWBOMclDymUeKNHXzJWCyg%2BoSfFwbZr1g%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 79a5e1546ae9371c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 jquery.min.js Show response
www.redpacketsecurity.com/wp-includes/js/jquery/ 88 KB
32 KB 121ms
118ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 08 Nov 2022 08:21:59 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"636a11a7-15e54"
x-powered-by: PleskLin
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8rE18rfo1zra2Z4zkfGDQewuCaaOCcjePcEbz%2BSYtdBunxm83yR5MejVLfOcAWfVbCWHlIuCgYDUHycqtx7x42e2oYHKFHHXLAOamLSa%2FYe2J128Ufo1U7X1s1KxlPmU4yfFGOjOd1Km5RSAhs59huN6HU7NXrM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 79a5e1546aeb371c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 invisible.js Show response
www.redpacketsecurity.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame D92F 38 KB
16 KB 23ms
21ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redpacketsecurity.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1676534400
Requested by: Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ea7d3259409db9df22ce95fc9b9fe3621ab780f8122c808f8390876e50549ee9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B9T%2BU2oEWH7U6GMBwXGqAj1%2F9p6n1guVNXlRfxM%2BTvnxlR5VBaEzs9eg0%2BT5Sb159uUSuw6GoBXPjLrtBFDZfrny6bpX6TV94oSKaH7hnHqBEjYWBAuX1IegeR9fHQfvogN7SK6KAVpGw%2FPVW5iXm5HrJQ7PNK4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 79a5e1546aec371c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 s.js Show response
www.redpacketsecurity.com/cdn-cgi/zaraz/ 7 KB
4 KB 33ms
31ms Script
text/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redpacketsecurity.com/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyQ29iYWx0JTIwU3Rpa2UlMjBCZWFjb24lMjBEZXRlY3RlZCUyMC0lMjAxOTQlNUIuJTVEMTY1JTVCLiU1RDE2JTVCLiU1RDU2JTNBNDQzJTIwLSUyMFJlZFBhY2tldCUyMFNlY3VyaXR5JTIyJTJDJTIyeCUyMiUzQTAuMTQ2MTg2NTQyMzU3NDQ2ODglMkMlMjJ3JTIyJTNBMTYwMCUyQyUyMmglMjIlM0ExMjAwJTJDJTIyaiUyMiUzQTEyMDAlMkMlMjJlJTIyJTNBMTYwMCUyQyUyMmwlMjIlM0ElMjJodHRwcyUzQSUyRiUyRnd3dy5yZWRwYWNrZXRzZWN1cml0eS5jb20lMkZjb2JhbHQtc3Rpa2UtYmVhY29uLWRldGVjdGVkLTE5NC0xNjUtMTYtNTYtcG9ydC00NDMlMkYlMjIlMkMlMjJyJTIyJTNBJTIyJTIyJTJDJTIyayUyMiUzQTI0JTJDJTIybiUyMiUzQSUyMlVURi04JTIyJTJDJTIybyUyMiUzQTAlMkMlMjJxJTIyJTNBJTVCJTVEJTdE
Requested by: Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c83a35c9158ecf90cd3180cf966dae2663a94f5f7453f36d1eb445a01cc2981e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
access-control-max-age: 600
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-allow-origin: https://www.redpacketsecurity.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E2DSTaaC3sZgnWhpkW8ZK5kypk72pldBAsLkkLMIGIDJ1I70OciVqswiyZmkT1CIFaw8ItnRKMxt3HxKA%2Br26Lwx99YHND6L5iQpiZ0YdwSw7ZlHVna%2F4z7rlDe4YRZ9jUvi%2FJLf8hZQaeS0830uAU0%2FWfcwZd4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
access-control-allow-credentials: true
cf-ray: 79a5e1546aee371c-FRA
access-control-allow-headers: Content-Type, Set-Cookie, Cache-Control
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2

200

/
www.google.de/pagead/1p-conversion/4209956877/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/4209956877/?guid=ON&random=1676547719003&fst=1676546281675&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fc...
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/4209956877/?guid=ON&random=1696210341&fst=1676546281675&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecur...
https://www.google.com/pagead/1p-conversion/4209956877/?guid=ON&random=1696210341&fst=1676546281675&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-stik...
https://www.google.de/pagead/1p-conversion/4209956877/?guid=ON&random=1696210341&fst=1676546281675&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-stike...

42 B
0

61ms
26ms

Fetch
image/gif

2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.de/pagead/1p-conversion/4209956877/?guid=ON&random=1696210341&fst=1676546281675&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-stike-beacon-detected-194-165-16-56-port-443%2F&tiba=Cobalt+Stike+Beacon+Detected+-+194%5B.%5D165%5B.%5D16%5B.%5D56%3A443+-+RedPacket+Security&u_tz=0&u_his=10&ig=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=6RDuY73yLb7LmLAPq9WByAM&cid=CAQSKQDUE5ymtQvnjHIlesplTSxrszeGfwbuwCcYdgBkwz7cHwdhmQcaB5HS&random=998893954&ipr=y&prhg=0

Protocol

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:02 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:01 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/4209956877/?guid=ON&random=1696210341&fst=1676546281675&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-stike-beacon-detected-194-165-16-56-port-443%2F&tiba=Cobalt+Stike+Beacon+Detected+-+194%5B.%5D165%5B.%5D16%5B.%5D56%3A443+-+RedPacket+Security&u_tz=0&u_his=10&ig=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=6RDuY73yLb7LmLAPq9WByAM&cid=CAQSKQDUE5ymtQvnjHIlesplTSxrszeGfwbuwCcYdgBkwz7cHwdhmQcaB5HS&random=998893954&ipr=y&prhg=0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/4209956877/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/4209956877/?guid=ON&random=1676547719003&fst=1676546281675&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketse...
https://www.google.com/pagead/1p-user-list/4209956877/?guid=ON&random=1676547719003&fst=1676545200000&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-st...
https://www.google.de/pagead/1p-user-list/4209956877/?guid=ON&random=1676547719003&fst=1676545200000&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-sti...

42 B
0

56ms
21ms

Fetch
image/gif

2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.de/pagead/1p-user-list/4209956877/?guid=ON&random=1676547719003&fst=1676545200000&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-stike-beacon-detected-194-165-16-56-port-443%2F&tiba=Cobalt+Stike+Beacon+Detected+-+194%5B.%5D165%5B.%5D16%5B.%5D56%3A443+-+RedPacket+Security&u_tz=0&u_his=10&is_vtc=1&random=4235252862&ipr=y

Protocol

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:02 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:01 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-user-list/4209956877/?guid=ON&random=1676547719003&fst=1676545200000&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-stike-beacon-detected-194-165-16-56-port-443%2F&tiba=Cobalt+Stike+Beacon+Detected+-+194%5B.%5D165%5B.%5D16%5B.%5D56%3A443+-+RedPacket+Security&u_tz=0&u_his=10&is_vtc=1&random=4235252862&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pica.js
www.redpacketsecurity.com/cdn-cgi/challenge-platform/h/b/scripts/ Frame D92F 18 KB
8 KB 38ms
38ms Other
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redpacketsecurity.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Requested by: Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 112e715bd7cf64fa4db9a86910e5a1c083f5dab7498e0ed6b63121773da49fe1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4dOLtb2Iwui4fTs8HmPfYSSVXZiNrkmWID21mXKGblvGQA00JM8LCNKf74f4squ6J87AhgHt8bEvkRIbiYqbDhwnrGQo0v2lqeGD8nKSuQaScdFlcCxEz1Eipc2SSbJYASYOJGWsV6K3j7sw1ulSU%2BfUqv3aOFI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 79a5e154ab55371c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 wp-emoji-release.min.js Show response
www.redpacketsecurity.com/wp-includes/js/ 18 KB
5 KB 112ms
111ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-includes/js/wp-emoji-release.min.js?ver=63875d12d742f8f67f51d21069f480d5

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:01 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 28 May 2022 21:05:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"62928ea8-48b9"
x-powered-by: PleskLin
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rd%2F2GXoTzINB1ax7TEbpJnsTpWyWNTaFiWcoPLNt5uJA9eUhu7PezRGGn5vAGlgl3vs3VcOwNdQ6nyymIe%2Bk7vpySfrWKuG%2BIoTK6gv76VHY7sX6xf%2FqJyBmmMoQzW1vzp%2FqL8ldgvb6kEHK%2BRtF60aF6Vmemvs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 79a5e1558c84371c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H3 200 79a5e150eb12698f Show response
www.redpacketsecurity.com/cdn-cgi/challenge-platform/h/b/cv/result/ Frame D92F 2 B
688 B 40ms
40ms XHR
text/plain 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redpacketsecurity.com/cdn-cgi/challenge-platform/h/b/cv/result/79a5e150eb12698f
Requested by: Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1676534400
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tS0nfxU7iTLALFsS4LGZNaplbWoG1kqyRS6e%2F91g%2Fq6TZFZuCEx5yeoWBv9QW%2F6G4mUk0eNRyh3pz5o9QNzno01h4Kz%2FksySBJ9h9mAsyS6%2B7PnL7tVmieGBWoLZV29kIMQdt8C7lK6c7IvJrn7pxVKZrLbYPIg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 79a5e156dea1371c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 a01b5086.js Show response
www.redpacketsecurity.com/wp-content/uploads/caos/ 214 KB
76 KB 31ms
29ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/uploads/caos/a01b5086.js

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

1ab5022a9d544ad3a4ba79b1cb50c46cfdd741ff9b136e1f787d9dd942961e70

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1
cf-polished: origSize=220171
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 16 Feb 2023 06:04:07 GMT
server: cloudflare
etag: W/"63edc757-35c0b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kssBviPZXPqTCyBLXhUUdLeZru%2BWjulHtytnWlGG23SiyONW2dHwBN8OsKT%2F%2Bm1qqzxWX5ku36HdPuZ01jla%2BBb%2FQJMQtdQ5ZZwVmKQZEkWnOxBQl5t2NPpEVcbRLDL0FssmwlIp4W7n7kr8MQtALrc%2B4q%2FFHM0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 79a5e156dea4371c-FRA

POST
H2 204 collect
analytics.google.com/g/ 0
261 B 210ms
44ms Ping
text/plain 2a00:1450:400d:80c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-GN0W0LT7ZX&gtm=45je32f0&_p=2007097179&_gaz=1&cid=1359530084.1676546282&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1676546282&sct=1&seg=0&dl=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-stike-beacon-detected-194-165-16-56-port-443%2F&dt=Cobalt%20Stike%20Beacon%20Detected%20-%20194%5B.%5D165%5B.%5D16%5B.%5D56%3A443%20-%20RedPacket%20Security&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.site_speed_sample_rate=1
Requested by: Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/wp-content/uploads/caos/a01b5086.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:80c::200e , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:02 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.redpacketsecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
261 B 64ms
20ms Ping
text/plain 2a00:1450:400c:c0b::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-GN0W0LT7ZX&cid=1359530084.1676546282&gtm=45je32f0&aip=1
Requested by: Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/wp-content/uploads/caos/a01b5086.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0b::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:02 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.redpacketsecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 widget.js Show response
comments.app/js/ 9 KB
3 KB 18ms
15ms Script
application/javascript 149.154.164.13
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://comments.app/js/widget.js?2

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.164.13 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.20.1 /

Resource Hash

482f450b7fdbac6f9304643f3e731df20bf66c51fb0599fa9a734e5d102a9e2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Fri, 19 Jun 2020 23:54:45 GMT
server: nginx/1.20.1
etag: W/"5eed5045-2390"
content-type: application/javascript

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302090101/ 366 KB
120 KB 94ms
74ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1536334219562771&plah=www.redpacketsecurity.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1536334219562771

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

93731dfb508247e0f34f39e0fffbd337711e3a2701854b865a44553090ca3c93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123020
x-xss-protection: 0
server: cafe
etag: 147553358453999090
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 16 Feb 2023 11:18:02 GMT

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230213/r20190131/ Frame 92BD 10 KB
4 KB 13ms
11ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230213/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1536334219562771

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.redpacketsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 9022
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 08:47:40 GMT
etag: 10353107486223812946
expires: Thu, 02 Mar 2023 08:47:40 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 view Show response
comments.app/embed/ Frame 47D2 7 KB
3 KB 48ms
47ms Document
text/html 149.154.164.13
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-stike-beacon-detected-194-165-16-56-port-443%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Cobalt%20Stike%20Beacon%20Detected%20-%20194%5B.%5D165%5B.%5D16%5B.%5D56%3A443%20-%20RedPacket%20Security&limit=5&color=E22F38

Requested by

Host: comments.app
URL: https://comments.app/js/widget.js?2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.164.13 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.20.1 /

Resource Hash

14467e50bdc2caac321ca9c423e7504c913d67044d0af25947d98e0b30ecc33a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.redpacketsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
content-encoding: gzip
content-length: 2529
content-type: text/html; charset=utf-8
date: Thu, 16 Feb 2023 11:18:02 GMT
pragma: no-cache
server: nginx/1.20.1
strict-transport-security: max-age=31536000; includeSubDomains; preload

GET
H2 200 view Show response
comments.app/embed/ Frame BD0F 7 KB
3 KB 43ms
42ms Document
text/html 149.154.164.13
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: comments.app
URL: https://comments.app/js/widget.js?2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.164.13 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.20.1 /

Resource Hash

14467e50bdc2caac321ca9c423e7504c913d67044d0af25947d98e0b30ecc33a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.redpacketsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
content-encoding: gzip
content-length: 2529
content-type: text/html; charset=utf-8
date: Thu, 16 Feb 2023 11:18:02 GMT
pragma: no-cache
server: nginx/1.20.1
strict-transport-security: max-age=31536000; includeSubDomains; preload

GET
H3 200 Redpacketsecurity-small-logo.png
www.redpacketsecurity.com/wp-content/uploads/2022/08/ 9 KB
10 KB 116ms
115ms Image
image/webp 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.redpacketsecurity.com/wp-content/uploads/2022/08/Redpacketsecurity-small-logo.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

a374b168f61d41e1a7feb4a88f4cb9f2bcd169f21ec8ec9b4e572d4130ffb3f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=15768000; includeSubDomains
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origFmt=png, origSize=10327
x-powered-by: PleskLin
content-disposition: inline; filename="Redpacketsecurity-small-logo.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9552
cf-bgj: imgq:100,h2pri
last-modified: Tue, 09 Aug 2022 19:27:12 GMT
server: cloudflare
etag: "62f2b510-2857"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dsxOmSeWOwtXycelotoXtiYHBFeAx1uCsK6ZPM6UVP9eKNLi5E8hmVoEOvJ2D1QfSbY0Z33lNmtXRhuQaxZQnlFk9%2B0GV%2FqLcqt5uQhGTubEl%2BbRId36B%2FZBQVrowRZ7nEY0zqTTUp7fan3%2FNv0qGzC4XYJCDqY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 79a5e1575f5f371c-FRA

GET
H3 200 Cobalt-Strike.jpg
www.redpacketsecurity.com/wp-content/uploads/2021/11/ 145 KB
146 KB 141ms
136ms Image
image/jpeg 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.redpacketsecurity.com/wp-content/uploads/2021/11/Cobalt-Strike.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

00ab36d5573ceab85b1bc2de3ff62f4a9402bdc7c8a9749ac58c7037aa4bd2b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=15768000; includeSubDomains
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=153238, status=webp_bigger
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 148817
cf-bgj: imgq:100,h2pri
last-modified: Tue, 09 Nov 2021 23:11:50 GMT
server: cloudflare
etag: "618b0036-25696"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nGDim5P%2Fie58EXxQlur%2FA5iZok7OCVCutaea0Tb93AE9nns1qxNIQPugsYoRuYh%2Bw8wmGCJ6MhpVFplQSirOrfJ8JGdpkAWgAMdL7O9WmQOfJnUbhTUIlchJne6KyjeYwmt53U2UEI1CmrOWNH8IloOVqgCwipg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 79a5e1576f6b371c-FRA

GET
H3 200 invisible.js Show response
www.redpacketsecurity.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame D92F 38 KB
16 KB 28ms
23ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redpacketsecurity.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1676534400
Requested by: Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ea7d3259409db9df22ce95fc9b9fe3621ab780f8122c808f8390876e50549ee9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ijd9EF6Blhjci8S5ZYiGqKhFgOLVhDOJqerYPBdXyZiV5hFclqdPSCmtFJYHi66V44NT12xBjxQNSl73wnJWr6tujVTmSWDlfyMvOkHRutMhOQrV%2BbiY6QTHQ01K9Qtv9iRHjmyceNATyq9le39iVxvLJa4pY68%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 79a5e1576f6c371c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 smush-placeholder.png
www.redpacketsecurity.com/wp-content/plugins/wp-smushit/app/assets/images/ 136 B
775 B 119ms
117ms Image
image/webp 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.redpacketsecurity.com/wp-content/plugins/wp-smushit/app/assets/images/smush-placeholder.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

ae394bf43bc39f7c6b3f439de04f6b75288d849a0ecae5000a2452546063647c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=15768000; includeSubDomains
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origFmt=png, origSize=995
x-powered-by: PleskLin
content-disposition: inline; filename="smush-placeholder.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 136
cf-bgj: imgq:100,h2pri
last-modified: Tue, 22 Nov 2022 14:23:12 GMT
x-accel-version: 0.01
server: cloudflare
etag: "3e3-5ee0fe97c0e23"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LkaUGw7kmEPR%2FbHrGxBOy9H6mCKXV%2FbjUvhEyo0JHguxf2%2FQePRO2Pt7X6Lvp17m5HyanES4PWLuo3RAmQSsDn80mVZ6wSyY1ol4BkO0WDSCNWb3h92RYUq2B3rZjH8HllXbbDdGu7UnGc21o0mgVy5HtdduV5g%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 79a5e157afb8371c-FRA

POST
H3 204 rum Show response
www.redpacketsecurity.com/cdn-cgi/ 0
148 B 26ms
25ms XHR
text/plain 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
content-type: application/json

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://www.redpacketsecurity.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 79a5e157bfd7371c-FRA

GET
H2 200 font-roboto.css
tg.dev/css/ Frame BD0F 6 KB
894 B 97ms
20ms Stylesheet
text/css 149.154.167.99
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/css/font-roboto.css?1

Requested by

Host: comments.app
URL: https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-stike-beacon-detected-194-165-16-56-port-443%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Cobalt%20Stike%20Beacon%20Detected%20-%20194%5B.%5D165%5B.%5D16%5B.%5D56%3A443%20-%20RedPacket%20Security&limit=5&color=E22F38

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.167.99 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

84b97b3fa8847b64c6d3833561e4b3146530577171e85ad226578a087db70974

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
server: nginx/1.18.0
etag: W/"63512b7d-1816"
content-type: text/css
cache-control: max-age=345600
expires: Mon, 20 Feb 2023 11:18:02 GMT

GET
H2 200 bootstrap.min.css
tg.dev/css/ Frame BD0F 42 KB
10 KB 103ms
25ms Stylesheet
text/css 149.154.167.99
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/css/bootstrap.min.css?3

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.167.99 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
server: nginx/1.18.0
etag: W/"5a05e7c6-a61b"
content-type: text/css
cache-control: max-age=345600
expires: Mon, 20 Feb 2023 11:18:02 GMT

GET
H2 200 bootstrap-extra.css
tg.dev/css/ Frame BD0F 70 KB
13 KB 114ms
37ms Stylesheet
text/css 149.154.167.99
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/css/bootstrap-extra.css?2

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.167.99 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

6342d16a93416b5e826f6d0e0e930ef033efb682851ae46270f3c4f5b4a1c194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
server: nginx/1.18.0
etag: W/"5a05e7c6-11648"
content-type: text/css
cache-control: max-age=345600
expires: Mon, 20 Feb 2023 11:18:02 GMT

GET
H2 200 widget-frame.css
tg.dev/css/ Frame BD0F 81 KB
21 KB 116ms
39ms Stylesheet
text/css 149.154.167.99
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/css/widget-frame.css?64

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.167.99 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

33a2f32349a6984f77f2cd427708c9ae0002bfc90594182bbc809b71ee0cdfde

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Mon, 21 Nov 2022 12:06:59 GMT
server: nginx/1.18.0
etag: W/"637b69e3-14544"
content-type: text/css
cache-control: max-age=345600
expires: Mon, 20 Feb 2023 11:18:02 GMT

GET
H2 200 comments.css
comments.app/css/ Frame BD0F 83 KB
20 KB 60ms
42ms Stylesheet
text/css 149.154.164.13
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://comments.app/css/comments.css?31

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.164.13 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.20.1 /

Resource Hash

e450af4a7c4974ea3ff324b629876380e0ca9605333a57152a953310c4a4661a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-stike-beacon-detected-194-165-16-56-port-443%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Cobalt%20Stike%20Beacon%20Detected%20-%20194%5B.%5D165%5B.%5D16%5B.%5D56%3A443%20-%20RedPacket%20Security&limit=5&color=E22F38
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Fri, 24 Jul 2020 12:57:13 GMT
server: nginx/1.20.1
etag: W/"5f1adaa9-14b98"
content-type: text/css

GET
H2 200 jquery.min.js Show response
tg.dev/js/ Frame BD0F 94 KB
38 KB 132ms
56ms Script
application/javascript 149.154.167.99
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/js/jquery.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.167.99 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
server: nginx/1.18.0
etag: W/"5a05e7c6-1762a"
content-type: application/javascript
cache-control: max-age=345600
expires: Mon, 20 Feb 2023 11:18:02 GMT

GET
H2 200 jquery-ui.min.js Show response
tg.dev/js/ Frame BD0F 96 KB
32 KB 150ms
74ms Script
application/javascript 149.154.167.99
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/js/jquery-ui.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.167.99 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

eb46d82ef6f86859f18e379660e0f45b85c6f69fa97111905f0c125a08506376

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
server: nginx/1.18.0
etag: W/"5a05e7c6-181a9"
content-type: application/javascript
cache-control: max-age=345600
expires: Mon, 20 Feb 2023 11:18:02 GMT

GET
H2 200 bootstrap.min.js Show response
tg.dev/js/ Frame BD0F 31 KB
10 KB 153ms
77ms Script
application/javascript 149.154.167.99
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/js/bootstrap.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.167.99 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

b5e930df6a2976d5df996e18b347e091756699ea32716dc53d0e1c0fd814c526

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
server: nginx/1.18.0
etag: W/"5a05e7c6-7d0d"
content-type: application/javascript
cache-control: max-age=345600
expires: Mon, 20 Feb 2023 11:18:02 GMT

GET
H2 200 main-aj.js Show response
tg.dev/js/ Frame BD0F 35 KB
10 KB 167ms
91ms Script
application/javascript 149.154.167.99
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/js/main-aj.js?67

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.167.99 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

f29b8ecbab4c1e594014a0ab615d1ffd1e9b0441cf76df655af17844de20970a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Sat, 03 Dec 2022 11:05:59 GMT
server: nginx/1.18.0
etag: W/"638b2d97-8d2d"
content-type: application/javascript
cache-control: max-age=345600
expires: Mon, 20 Feb 2023 11:18:02 GMT

GET
H2 200 tgsticker.js Show response
tg.dev/js/ Frame BD0F 24 KB
7 KB 168ms
92ms Script
application/javascript 149.154.167.99
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/js/tgsticker.js?29

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.167.99 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

dd6e691a27d07125e04993917cfb3f75ac9d8926f6b66d7c2e45368aa130e660

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Wed, 29 Jun 2022 21:52:44 GMT
server: nginx/1.18.0
etag: W/"62bcc9ac-5faf"
content-type: application/javascript
cache-control: max-age=345600
expires: Mon, 20 Feb 2023 11:18:02 GMT

GET
H2 200 telegram-widget.js Show response
oauth.tg.dev/js/ Frame BD0F 20 KB
6 KB 275ms
22ms Script
application/javascript 149.154.167.99
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://oauth.tg.dev/js/telegram-widget.js?21

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.167.99 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

edeb2b5e74830903f63699bf4af70856fbb5b8c5e4e5b405113a9dc9930133ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Sun, 09 Oct 2022 00:37:24 GMT
server: nginx/1.18.0
etag: W/"634217c4-4fc8"
content-type: application/javascript
cache-control: max-age=345600
expires: Mon, 20 Feb 2023 11:18:02 GMT

GET
H2 200 widget-frame.js Show response
tg.dev/js/ Frame BD0F 91 KB
25 KB 168ms
93ms Script
application/javascript 149.154.167.99
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/js/widget-frame.js?60

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.167.99 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

b4dc7118464c434f7caac42fd0535dac1102dfcace0feb4c35e3bb29594b14c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Sat, 08 Oct 2022 23:46:30 GMT
server: nginx/1.18.0
etag: W/"63420bd6-16c85"
content-type: application/javascript
cache-control: max-age=345600
expires: Mon, 20 Feb 2023 11:18:02 GMT

GET
H2 200 comments.js Show response
comments.app/js/ Frame BD0F 81 KB
22 KB 59ms
43ms Script
application/javascript 149.154.164.13
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://comments.app/js/comments.js?35

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.164.13 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.20.1 /

Resource Hash

aa441bf5f2ac8c608371513bad73ea45ad6dc8b7c50e3c6841af81147d0b96ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-stike-beacon-detected-194-165-16-56-port-443%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Cobalt%20Stike%20Beacon%20Detected%20-%20194%5B.%5D165%5B.%5D16%5B.%5D56%3A443%20-%20RedPacket%20Security&limit=5&color=E22F38
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Tue, 17 Nov 2020 20:59:36 GMT
server: nginx/1.20.1
etag: W/"5fb439b8-142f4"
content-type: application/javascript

GET
H2 200 font-roboto.css
tg.dev/css/ Frame 47D2 6 KB
893 B 107ms
40ms Stylesheet
text/css 149.154.167.99
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/css/font-roboto.css?1

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.167.99 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

84b97b3fa8847b64c6d3833561e4b3146530577171e85ad226578a087db70974

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
server: nginx/1.18.0
etag: W/"63512b7d-1816"
content-type: text/css
cache-control: max-age=345600
expires: Mon, 20 Feb 2023 11:18:02 GMT

GET
H2 200 bootstrap.min.css
tg.dev/css/ Frame 47D2 42 KB
10 KB 108ms
40ms Stylesheet
text/css 149.154.167.99
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/css/bootstrap.min.css?3

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.167.99 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
server: nginx/1.18.0
etag: W/"5a05e7c6-a61b"
content-type: text/css
cache-control: max-age=345600
expires: Mon, 20 Feb 2023 11:18:02 GMT

GET
H2 200 bootstrap-extra.css
tg.dev/css/ Frame 47D2 70 KB
13 KB 121ms
54ms Stylesheet
text/css 149.154.167.99
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/css/bootstrap-extra.css?2

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.167.99 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

6342d16a93416b5e826f6d0e0e930ef033efb682851ae46270f3c4f5b4a1c194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
server: nginx/1.18.0
etag: W/"5a05e7c6-11648"
content-type: text/css
cache-control: max-age=345600
expires: Mon, 20 Feb 2023 11:18:02 GMT

GET
H2 200 widget-frame.css
tg.dev/css/ Frame 47D2 81 KB
21 KB 122ms
55ms Stylesheet
text/css 149.154.167.99
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/css/widget-frame.css?64

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.167.99 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

33a2f32349a6984f77f2cd427708c9ae0002bfc90594182bbc809b71ee0cdfde

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Mon, 21 Nov 2022 12:06:59 GMT
server: nginx/1.18.0
etag: W/"637b69e3-14544"
content-type: text/css
cache-control: max-age=345600
expires: Mon, 20 Feb 2023 11:18:02 GMT

GET
H2 200 comments.css
comments.app/css/ Frame 47D2 83 KB
20 KB 76ms
58ms Stylesheet
text/css 149.154.164.13
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://comments.app/css/comments.css?31

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.164.13 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.20.1 /

Resource Hash

e450af4a7c4974ea3ff324b629876380e0ca9605333a57152a953310c4a4661a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-stike-beacon-detected-194-165-16-56-port-443%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Cobalt%20Stike%20Beacon%20Detected%20-%20194%5B.%5D165%5B.%5D16%5B.%5D56%3A443%20-%20RedPacket%20Security&limit=5&color=E22F38
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Fri, 24 Jul 2020 12:57:13 GMT
server: nginx/1.20.1
etag: W/"5f1adaa9-14b98"
content-type: text/css

GET
H2 200 jquery.min.js Show response
tg.dev/js/ Frame 47D2 94 KB
38 KB 160ms
96ms Script
application/javascript 149.154.167.99
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/js/jquery.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.167.99 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
server: nginx/1.18.0
etag: W/"5a05e7c6-1762a"
content-type: application/javascript
cache-control: max-age=345600
expires: Mon, 20 Feb 2023 11:18:02 GMT

GET
H2 200 jquery-ui.min.js Show response
tg.dev/js/ Frame 47D2 96 KB
32 KB 162ms
98ms Script
application/javascript 149.154.167.99
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/js/jquery-ui.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.167.99 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

eb46d82ef6f86859f18e379660e0f45b85c6f69fa97111905f0c125a08506376

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
server: nginx/1.18.0
etag: W/"5a05e7c6-181a9"
content-type: application/javascript
cache-control: max-age=345600
expires: Mon, 20 Feb 2023 11:18:02 GMT

GET
H2 200 bootstrap.min.js Show response
tg.dev/js/ Frame 47D2 31 KB
10 KB 163ms
99ms Script
application/javascript 149.154.167.99
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/js/bootstrap.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.167.99 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

b5e930df6a2976d5df996e18b347e091756699ea32716dc53d0e1c0fd814c526

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
server: nginx/1.18.0
etag: W/"5a05e7c6-7d0d"
content-type: application/javascript
cache-control: max-age=345600
expires: Mon, 20 Feb 2023 11:18:02 GMT

GET
H2 200 main-aj.js Show response
tg.dev/js/ Frame 47D2 35 KB
10 KB 163ms
99ms Script
application/javascript 149.154.167.99
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/js/main-aj.js?67

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.167.99 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

f29b8ecbab4c1e594014a0ab615d1ffd1e9b0441cf76df655af17844de20970a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Sat, 03 Dec 2022 11:05:59 GMT
server: nginx/1.18.0
etag: W/"638b2d97-8d2d"
content-type: application/javascript
cache-control: max-age=345600
expires: Mon, 20 Feb 2023 11:18:02 GMT

GET
H2 200 tgsticker.js Show response
tg.dev/js/ Frame 47D2 24 KB
7 KB 163ms
99ms Script
application/javascript 149.154.167.99
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/js/tgsticker.js?29

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.167.99 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

dd6e691a27d07125e04993917cfb3f75ac9d8926f6b66d7c2e45368aa130e660

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Wed, 29 Jun 2022 21:52:44 GMT
server: nginx/1.18.0
etag: W/"62bcc9ac-5faf"
content-type: application/javascript
cache-control: max-age=345600
expires: Mon, 20 Feb 2023 11:18:02 GMT

GET
H2 200 telegram-widget.js Show response
oauth.tg.dev/js/ Frame 47D2 20 KB
6 KB 264ms
23ms Script
application/javascript 149.154.167.99
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://oauth.tg.dev/js/telegram-widget.js?21

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.167.99 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

edeb2b5e74830903f63699bf4af70856fbb5b8c5e4e5b405113a9dc9930133ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Sun, 09 Oct 2022 00:37:24 GMT
server: nginx/1.18.0
etag: W/"634217c4-4fc8"
content-type: application/javascript
cache-control: max-age=345600
expires: Mon, 20 Feb 2023 11:18:02 GMT

GET
H2 200 widget-frame.js Show response
tg.dev/js/ Frame 47D2 91 KB
25 KB 163ms
99ms Script
application/javascript 149.154.167.99
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/js/widget-frame.js?60

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.167.99 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

b4dc7118464c434f7caac42fd0535dac1102dfcace0feb4c35e3bb29594b14c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Sat, 08 Oct 2022 23:46:30 GMT
server: nginx/1.18.0
etag: W/"63420bd6-16c85"
content-type: application/javascript
cache-control: max-age=345600
expires: Mon, 20 Feb 2023 11:18:02 GMT

GET
H2 200 comments.js Show response
comments.app/js/ Frame 47D2 81 KB
22 KB 89ms
75ms Script
application/javascript 149.154.164.13
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://comments.app/js/comments.js?35

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.164.13 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.20.1 /

Resource Hash

aa441bf5f2ac8c608371513bad73ea45ad6dc8b7c50e3c6841af81147d0b96ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-stike-beacon-detected-194-165-16-56-port-443%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Cobalt%20Stike%20Beacon%20Detected%20-%20194%5B.%5D165%5B.%5D16%5B.%5D56%3A443%20-%20RedPacket%20Security&limit=5&color=E22F38
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Tue, 17 Nov 2020 20:59:36 GMT
server: nginx/1.20.1
etag: W/"5fb439b8-142f4"
content-type: application/javascript

GET
H3 200 pica.js
www.redpacketsecurity.com/cdn-cgi/challenge-platform/h/b/scripts/ Frame D92F 22 KB
9 KB 35ms
33ms Other
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redpacketsecurity.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d4dbfc32e8156b42abaf7fec32fb3e6d96ea03aeed1a1f9bc9a132ce94714483

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RZ%2FyfeE8q1U9R3KIYoMEwW1laA0%2B6%2B8kH4%2F%2FthXfYqnIAxbfyzwjAuzWoA8kb5hzVKCkdjmND%2FqVyPOkxNgPFo8P%2F4Q0QlA%2FUzHxRoKEULFuk3XTjnyjHk631MNQzbF5wnTbpbHStSqtMtOwkMmmIEE19KHSBY8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 79a5e157f851371c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 409 B
611 B 86ms
11ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.redpacketsecurity.com&callback=_gfp_s_&client=ca-pub-1536334219562771

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1536334219562771&plah=www.redpacketsecurity.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc03c18785fb9e597451f536e5ec0ad0ade996f9d62dd3fc45a97185be5a21be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 145ms
43ms Script
application/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.redpacketsecurity.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 71ms
21ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.redpacketsecurity.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 46ms
44ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-stike-beacon-detected-194-165-16-56-port-443%2F&tn=DIV&id=cookie-notice&cls=cookie-revoke-hidden%20cn-position-bottom%20cn-effect-fade%20cn-animated%20cookie-notice-visible&ign=false&pw=1600&ph=1200&x=1575&y=1175

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2ABF 507 KB
99 KB 537ms
518ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&adk=1812271804&adf=3025194257&lmt=1676526402&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=128x675_l%7C140x675_r&format=0x0&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fcobalt-stike-beacon-detected-194-165-16-56-port-443%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676546282089&bpp=7&bdt=747&idt=203&shv=r20230213&mjsv=m202302090101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8642350680103&frm=20&pv=2&ga_vid=1359530084.1676546282&ga_sid=1676546282&ga_hid=2007097179&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31071976&oid=2&pvsid=1969479295432491&tmod=783741193&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=251

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

caf942691bd22e99c3fb0519aa919c354ed4ea91006f3b0260a7dd605722cd0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.redpacketsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 101197
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 11:18:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 78ms
55ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230213&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c68dcae9351a6711f4fe98e26ea0cacdea3637dd30066e474b35819b53977941

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11394
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 69ms
26ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Feb 2023 11:18:02 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 26D5 13 KB
5 KB 11ms
7ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.redpacketsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2815
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 10:31:07 GMT
expires: Fri, 16 Feb 2024 10:31:07 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5D48 783 B
955 B 45ms
43ms Document
text/html 2a00:1450:400d:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3d0bc70c532adb12e961ccc186ea1d1b59ec9a2ecf9554f2de8d932e3cd72966

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-e46XQR4Bbo6zod7DE4HPkQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.redpacketsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-e46XQR4Bbo6zod7DE4HPkQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 11:18:02 GMT
expires: Thu, 16 Feb 2023 11:18:02 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H3 200 79a5e150eb12698f Show response
www.redpacketsecurity.com/cdn-cgi/challenge-platform/h/b/cv/result/ Frame D92F 2 B
692 B 25ms
25ms XHR
text/plain 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redpacketsecurity.com/cdn-cgi/challenge-platform/h/b/cv/result/79a5e150eb12698f
Requested by: Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1676534400
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O6S70FVCJGVTjgDF3cXgFlnKdi7w13rAylX%2BpJygNYYx944Vsm2vOx068xMZh0zNIQd0xM0qznaF%2FR0oMV63GibyN%2Fy8IDKp8D6d6apZ6Oy8xN2feDDQdePMJKSQC3g8cFpyvP30DbC%2BTzyczHOfdboXfDnw3SA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 79a5e15aac20371c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5D48 0
0 41ms
41ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230213&jk=1969479295432491&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H3 200 6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 26D5 36 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebe9819db65901730f1d3de1cefc5e502a42c1bdb3aae520c1374015a28e4e34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:32:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49530
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14458
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 21:32:32 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 26D5 0
10 B 7ms
7ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?pgBNvg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302090101/ 150 KB
51 KB 72ms
71ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302090101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7c4d4ebcfa4f78eaaceee66e35d9966c10551fee602ebde00065ea76b98eed8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52311
x-xss-protection: 0
server: cafe
etag: 4080422748757589028
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 16 Feb 2023 11:18:02 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=rasra::pm&rt=8%2C3%2C4%2C2&c=ca-pub-1536334219562771&eid=44759875%2C44759926%2C44759842%2C31071976

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 68ms
67ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_success&c=0&wpc=ca-pub-1536334219562771&warn=13&w=1600&h=1200&pp=0&ppp=0&eatf=false&eatfAbg=false&reatf=false&a=6%2C1%2C5%2C7&apv=20230213_093457&sat=1676373425954&afm=0&as_count=0&d_count=0&ng_count=0&am_count=0&atf_count=0&mdns=0&alldns=0&allp=14&fd=(0%2C8%2C0)%2C(1%2C0%2C0)%2C(2%2C0%2C0)&pgh=7465&abl=false&rr=n&su=www.redpacketsecurity.com&pvc=1969479295432491&r=0.1&eid=44759875%2C44759926%2C44759842%2C31071976

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=rasra::pr&rt=8%2C3%2C4%2C2&c=ca-pub-1536334219562771&eid=44759875%2C44759926%2C44759842%2C31071976

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 43ms
42ms Script
application/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.redpacketsecurity.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 17ms
16ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.redpacketsecurity.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/ Frame 4424 10 KB
4 KB 15ms
14ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.redpacketsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 60696
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 18:26:27 GMT
etag: 10353107486223812946
expires: Wed, 01 Mar 2023 18:26:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/ Frame 048C 10 KB
4 KB 17ms
7ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.redpacketsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 60696
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 18:26:27 GMT
etag: 10353107486223812946
expires: Wed, 01 Mar 2023 18:26:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/ Frame 48D1 10 KB
4 KB 16ms
7ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.redpacketsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 60696
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 18:26:27 GMT
etag: 10353107486223812946
expires: Wed, 01 Mar 2023 18:26:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/ Frame 6FCF 10 KB
4 KB 16ms
8ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.redpacketsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 60696
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 18:26:27 GMT
etag: 10353107486223812946
expires: Wed, 01 Mar 2023 18:26:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame 4424 4 KB
1 KB 65ms
17ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 16 Feb 2023 11:18:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 09:49:23 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Feb 2023 11:18:03 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4424 205 B
519 B 112ms
39ms Image
image/png 2a00:1450:400d:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 05:16:54 GMT
x-content-type-options: nosniff
age: 21669
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 16 Feb 2024 05:16:54 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4424 604 B
694 B 112ms
40ms Image
image/png 2a00:1450:400d:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 09:16:06 GMT
x-content-type-options: nosniff
age: 7317
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 16 Feb 2024 09:16:06 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/elements/html/ Frame 4424 19 KB
8 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

61cfe1e4bad8332eaf07240b9a18cd9c20f55c526e9c0b9ad9bf3255265c695d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:15:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 158
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8280
x-xss-protection: 0
server: cafe
etag: 4522959314154213365
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 11:15:25 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/ Frame 048C 22 KB
9 KB 22ms
17ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0e4d1d7a07ea6fddd6ab116e27bc0e074f5fe6ad6c89f719a515ae9c80436b6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 12:32:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81928
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8846
x-xss-protection: 0
server: cafe
etag: 8106178524699001248
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 12:32:35 GMT

GET
H3 200 4046432858841453622
tpc.googlesyndication.com/simgad/ Frame 048C 7 KB
7 KB 26ms
21ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4046432858841453622?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qlISSC8931KxpSsI5UaM6fs23ucuA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e282ff98a776f4ff686166aa65025c15a81095fbe620e1c3c566041735468ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 13 Feb 2023 04:17:36 GMT
x-content-type-options: nosniff
age: 284427
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7506
x-xss-protection: 0
last-modified: Fri, 10 Feb 2023 15:01:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 13 Feb 2024 04:17:36 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 048C 3 KB
1 KB 24ms
19ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 10:28:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2965
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 10:28:38 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 048C 20 KB
8 KB 23ms
17ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 01:23:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35654
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8316
x-xss-protection: 0
server: cafe
etag: 7067238764211672077
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 01:23:49 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 048C 0
0 52ms
47ms Image
text/html 2a00:1450:400d:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaStNxdjFGTZURaYPke9dvtZclFgoL9mz9Nlfhgi0zPlsMcPtB6rKB3uiHTC5jJd-NepkQRyXRyY7WK_ogIWjDNGOLQXLQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80d::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 048C 156 KB
48 KB 123ms
69ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Feb 2023 11:18:03 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 048C 33 KB
13 KB 24ms
19ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f31c7dc9765953db99dff9cc7952ae286aefc34533d8e69de6b5c967ab801c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 02:38:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13410
x-xss-protection: 0
server: cafe
etag: 7296281482470171408
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 02:38:03 GMT

GET
H3 200 4046432858841453622
tpc.googlesyndication.com/simgad/ Frame 48D1 7 KB
7 KB 19ms
19ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4046432858841453622?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qlISSC8931KxpSsI5UaM6fs23ucuA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e282ff98a776f4ff686166aa65025c15a81095fbe620e1c3c566041735468ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 13 Feb 2023 04:17:36 GMT
x-content-type-options: nosniff
age: 284427
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7506
x-xss-protection: 0
last-modified: Fri, 10 Feb 2023 15:01:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 13 Feb 2024 04:17:36 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/ Frame 48D1 22 KB
9 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0e4d1d7a07ea6fddd6ab116e27bc0e074f5fe6ad6c89f719a515ae9c80436b6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 12:32:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81928
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8846
x-xss-protection: 0
server: cafe
etag: 8106178524699001248
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 12:32:35 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 48D1 3 KB
1 KB 23ms
7ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 10:28:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2965
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 10:28:38 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 48D1 20 KB
8 KB 23ms
7ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 01:23:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35654
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8316
x-xss-protection: 0
server: cafe
etag: 7067238764211672077
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 01:23:49 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 48D1 0
0 56ms
40ms Image
text/html 2a00:1450:400d:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRSPomOERxxMT44B2WD7LN2Fs8EF7BKE9zsMqUW-HIDZ97n6CVcG7xJHMpLvqAAYQgCnh2usGgY7T9u9-qQwoYfqoJMrA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80d::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 48D1 156 KB
48 KB 96ms
53ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Feb 2023 11:18:03 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 48D1 33 KB
13 KB 31ms
15ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f31c7dc9765953db99dff9cc7952ae286aefc34533d8e69de6b5c967ab801c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 02:38:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13410
x-xss-protection: 0
server: cafe
etag: 7296281482470171408
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 02:38:03 GMT

GET
H2 200 7f18ca2d5e76e6394611c7986e4bc896.js Show response
www.gstatic.com/mysidia/ Frame 6FCF 10 KB
5 KB 60ms
20ms Script
text/javascript 2a00:1450:400d:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/7f18ca2d5e76e6394611c7986e4bc896.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

765d7308ebd55d0d2e9babfd37e30335be02efbbf3d3176f3e1f730cc4177045

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 11:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87094
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4353
x-xss-protection: 0
last-modified: Wed, 08 Feb 2023 01:42:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 16 May 2023 11:06:29 GMT

GET
H2 200 bc63e283f37018142f1a6ba7254ba7c6.js Show response
www.gstatic.com/mysidia/ Frame 6FCF 10 KB
5 KB 60ms
20ms Script
text/javascript 2a00:1450:400d:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/bc63e283f37018142f1a6ba7254ba7c6.js?tag=text/vanilla_highlight

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8c2eb4bd436a068318ae842919d15610711964b98cf65a76c3cabf176a1cf98e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 04:32:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 110744
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4610
x-xss-protection: 0
last-modified: Fri, 10 Feb 2023 00:05:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 16 May 2023 04:32:19 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 6FCF 8 KB
968 B 32ms
18ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 16 Feb 2023 11:18:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 09:29:43 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Feb 2023 11:18:03 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 6FCF 2 KB
765 B 29ms
16ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 01:29:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35303
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 01:29:40 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/ Frame 6FCF 22 KB
9 KB 26ms
17ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0e4d1d7a07ea6fddd6ab116e27bc0e074f5fe6ad6c89f719a515ae9c80436b6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 12:32:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81928
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8846
x-xss-protection: 0
server: cafe
etag: 8106178524699001248
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 12:32:35 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 6FCF 3 KB
1 KB 30ms
21ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 10:28:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2965
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 10:28:38 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 6FCF 20 KB
8 KB 29ms
21ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 01:23:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35654
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8316
x-xss-protection: 0
server: cafe
etag: 7067238764211672077
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 01:23:49 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6FCF 156 KB
48 KB 104ms
69ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Feb 2023 11:18:03 GMT

GET
H2 200 3fa5291869997d20adf47a02a7a75d04.js Show response
www.gstatic.com/mysidia/ Frame 6FCF 34 KB
14 KB 58ms
24ms Script
text/javascript 2a00:1450:400d:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/3fa5291869997d20adf47a02a7a75d04.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68e1fe5f35b4b0131be24086e7de0e04291d335c32ac4868bf0803abe50a862e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 06:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16101
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14191
x-xss-protection: 0
last-modified: Tue, 14 Feb 2023 00:07:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 17 May 2023 06:49:42 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F1AB 143 B
166 B 23ms
7ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2656
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=ISO-8859-1
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 10:33:47 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 127F 1 KB
643 B 23ms
7ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 74086
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 14:43:17 GMT
etag: 48472445140208031
expires: Thu, 16 Feb 2023 14:43:17 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B1E9 143 B
166 B 21ms
7ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2656
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=ISO-8859-1
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 10:33:47 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame FB0C 1 KB
643 B 21ms
8ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 74086
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 14:43:17 GMT
etag: 48472445140208031
expires: Thu, 16 Feb 2023 14:43:17 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame E646 8 KB
968 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 16 Feb 2023 11:18:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 10:57:40 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Feb 2023 11:18:03 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame E646 2 KB
765 B 8ms
8ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 01:29:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35303
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 01:29:40 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/ Frame E646 22 KB
9 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0e4d1d7a07ea6fddd6ab116e27bc0e074f5fe6ad6c89f719a515ae9c80436b6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 12:32:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81928
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8846
x-xss-protection: 0
server: cafe
etag: 8106178524699001248
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 12:32:35 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame E646 3 KB
1 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 10:28:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2965
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 10:28:38 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame E646 20 KB
8 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 01:23:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35654
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8316
x-xss-protection: 0
server: cafe
etag: 7067238764211672077
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 01:23:49 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame E646 0
0 42ms
41ms Image
text/html 2a00:1450:400d:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTIS99VjvjZMWGOP5MW0ep5sxa0HtrY-4-yVW4I1sdzBuv0L68wJu5k9_OfE1FrXTVY6bllgWutiHjzW4JLNjmE3Glzww
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80d::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E646 156 KB
48 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Feb 2023 11:18:03 GMT

GET
H2 200 3fa5291869997d20adf47a02a7a75d04.js Show response
www.gstatic.com/mysidia/ Frame E646 34 KB
14 KB 30ms
29ms Script
text/javascript 2a00:1450:400d:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/3fa5291869997d20adf47a02a7a75d04.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68e1fe5f35b4b0131be24086e7de0e04291d335c32ac4868bf0803abe50a862e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 06:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16101
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14191
x-xss-protection: 0
last-modified: Tue, 14 Feb 2023 00:07:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 17 May 2023 06:49:42 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 127F 35 B
464 B 45ms
10ms Image
image/gif 2620:116:800d:21:93ca:31d8:d86e:38f6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELS7iL0I4cOBSnHmklyhbao&google_cver=1&google_push=Aa02lx-dZqWHXQiSY-L4QC-xVBtLDyfFQPhkwoMnLxAKUCn5F7Z8egsd9SU3oKa3-dx3YIaE6CVXdHWQjYUx9MtO1Sc1um1QkMd7gAA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:93ca:31d8:d86e:38f6 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 127F 0
104 B 108ms
27ms Image
text/plain 2a02:fa8:8806:16::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESELqohm_edZ5KXyEFHFdp2Hw&google_cver=1&google_push=Aa02lx9blWQhlomIbHzkDgW_mkTmaDZiBRrLj3H0HM1hFixXGoaWVxIwjZ6Q9B9HIeO5Ljnw02-LkO-cRz-yExu0Mi9ze1PboPu6Hw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 127F
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEHpqweNMnKSUgpdhC4CGE5k&google_cver=1&google_push=Aa02lx-JBFo_9PJJSR98POo84jv4FkNLVZkox8u4XPsEv-ZAo0Ce4n7L0iR1R4sN1YvfaFGoOjBXyxxfQNYxe8DP...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aa02lx-JBFo_9PJJSR98POo84jv4FkNLVZkox8u4XPsEv-ZAo0Ce4n7L0iR1R4sN1YvfaFGoOjBXyxxfQNYxe8DPe22W99K-CQPeWII

170 B
188 B

18ms
18ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aa02lx-JBFo_9PJJSR98POo84jv4FkNLVZkox8u4XPsEv-ZAo0Ce4n7L0iR1R4sN1YvfaFGoOjBXyxxfQNYxe8DPe22W99K-CQPeWII

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 16 Feb 2023 11:18:03 GMT
Server: MT3 457 2362390 master zrh-pixel-x2 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=Aa02lx-JBFo_9PJJSR98POo84jv4FkNLVZkox8u4XPsEv-ZAo0Ce4n7L0iR1R4sN1YvfaFGoOjBXyxxfQNYxe8DPe22W99K-CQPeWII
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 16 Feb 2023 11:18:02 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 127F
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESELYxCNULBtxrBiELVkfr9LI&google_cver=1&google_push=Aa02lx-YKa0i-iU63h6L9xoq-e_DcEtSS9rGzIICIBuzbWA2vf1lDaACUbTDfOjYv6OCZQbYuHWA5nP9dM6R6-3yPepHIPXkndQBWQ
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=09F9A40DDA3C45E0B92842E69F9152DD&google_push=Aa02lx-YKa0i-iU63h6L9xoq-e_DcEtSS9rGzIICIBuzbWA2vf1lDaACUbTDfOjYv6OCZQbYuHWA5nP9dM6R6-3...

170 B
188 B

18ms
18ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=09F9A40DDA3C45E0B92842E69F9152DD&google_push=Aa02lx-YKa0i-iU63h6L9xoq-e_DcEtSS9rGzIICIBuzbWA2vf1lDaACUbTDfOjYv6OCZQbYuHWA5nP9dM6R6-3yPepHIPXkndQBWQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 16 Feb 2023 11:18:03 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=09F9A40DDA3C45E0B92842E69F9152DD&google_push=Aa02lx-YKa0i-iU63h6L9xoq-e_DcEtSS9rGzIICIBuzbWA2vf1lDaACUbTDfOjYv6OCZQbYuHWA5nP9dM6R6-3yPepHIPXkndQBWQ
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 15 Feb 2023 11:18:03 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 127F
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEHwbOv53pqHReofQI0x4P4w&google_cver=1&google_push=Aa02lx9mdOIwLBTIXP5Wx4OJQfJty0xKkluEesQr43Cx7gksx-WK8Tq7Kao4pBc63nTgtTPQOeYE_w95iGpky7nr...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=Aa02lx9mdOIwLBTIXP5Wx4OJQfJty0xKkluEesQr43Cx7gksx-WK8Tq7Kao4pBc63nTgtTPQOeYE_w95iGpky7nrXM4lBSzNCPHPbRk

170 B
329 B

111ms
110ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=Aa02lx9mdOIwLBTIXP5Wx4OJQfJty0xKkluEesQr43Cx7gksx-WK8Tq7Kao4pBc63nTgtTPQOeYE_w95iGpky7nrXM4lBSzNCPHPbRk

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 16 Feb 2023 11:18:03 GMT
via: 1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA2-C1
x-cache: GeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=Aa02lx9mdOIwLBTIXP5Wx4OJQfJty0xKkluEesQr43Cx7gksx-WK8Tq7Kao4pBc63nTgtTPQOeYE_w95iGpky7nrXM4lBSzNCPHPbRk
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: FtkXb5R3yajFXieX-EIAdJUREIqkW8zpfnBGXdLL8hDQZdyOdvkxGw==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 127F
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEMMqx6KuCBNqUni3gdIQ5as&google_cver=1&google_push=Aa02lx9NLz2Nv0UIU9ODimIDpUGXj2IKijNh7wWqgTXor7MESkPdrBOV6TmQS91uBps8cS-e8UQLVwJF_hMN...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx9NLz2Nv0UIU9ODimIDpUGXj2IKijNh7wWqgTXor7MESkPdrBOV6TmQS91uBps8cS-e8UQLVwJF_hMNhUVdk3xzjNxuPCqPuA

170 B
188 B

114ms
113ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx9NLz2Nv0UIU9ODimIDpUGXj2IKijNh7wWqgTXor7MESkPdrBOV6TmQS91uBps8cS-e8UQLVwJF_hMNhUVdk3xzjNxuPCqPuA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx9NLz2Nv0UIU9ODimIDpUGXj2IKijNh7wWqgTXor7MESkPdrBOV6TmQS91uBps8cS-e8UQLVwJF_hMNhUVdk3xzjNxuPCqPuA
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 127F
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEODpWutcMwULJ__ne6xIFv4&google_cver=1&google_push=Aa02lx_veTjYg-VZ_cPp2zN1CDDFH2RT8OjsEQUwaXhkqxZ0aL_9tkmcQe2lNAFbI12WVva9nl1VqfnlkvGR2AisDDwDS-rnSH...
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=Aa02lx_veTjYg-VZ_cPp2zN1CDDFH2RT8OjsEQUwaXhkqxZ0aL_9tkmcQe2lNAFbI12WVva9nl1VqfnlkvGR2AisDDwDS-rnSHT...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTY0NDQ3NDQyMDIxNDI0NDY5Mjkx&google_push=Aa02lx_veTjYg-VZ_cPp2zN1CDDFH2RT8OjsEQUwaXhkqxZ0aL_9tkmcQe2lNAFb...

170 B
188 B

18ms
18ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTY0NDQ3NDQyMDIxNDI0NDY5Mjkx&google_push=Aa02lx_veTjYg-VZ_cPp2zN1CDDFH2RT8OjsEQUwaXhkqxZ0aL_9tkmcQe2lNAFbI12WVva9nl1VqfnlkvGR2AisDDwDS-rnSHT9-g

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTY0NDQ3NDQyMDIxNDI0NDY5Mjkx&google_push=Aa02lx_veTjYg-VZ_cPp2zN1CDDFH2RT8OjsEQUwaXhkqxZ0aL_9tkmcQe2lNAFbI12WVva9nl1VqfnlkvGR2AisDDwDS-rnSHT9-g
date: Thu, 16 Feb 2023 11:18:03 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 127F 0
139 B 67ms
15ms Image
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JKhqN7lNQANMpsxJVoPqO2dmosR-8oZx_SO9Dh1P9rCZKJ4XxdwtGs5c_XtmgxoHqsHOHh

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:03 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame FB0C
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEKPupQF4nwGqK352NdoPPlA&google_cver=1&google_push=Aa02lx_nkCFa_GPjxudegCBfFFSl0BOPXA0JiIrp7-BBeneYStNboBwRP3fOKRN6vaJ0MvIRVM41fURPuXAoF_grmansaxOfa1zhx...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEKPupQF4nwGqK352NdoPPlA&google_cver=1&google_push=Aa02lx_nkCFa_GPjxudegCBfFFSl0BOPXA0JiIrp7-BBeneYStNboBwRP3fOKRN6vaJ0MvIRVM41fURPuXAoF_grmansaxOfa1z...

43 B
416 B

184ms
166ms

Image
image/gif

2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEKPupQF4nwGqK352NdoPPlA&google_cver=1&google_push=Aa02lx_nkCFa_GPjxudegCBfFFSl0BOPXA0JiIrp7-BBeneYStNboBwRP3fOKRN6vaJ0MvIRVM41fURPuXAoF_grmansaxOfa1zhxrs&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx_nkCFa_GPjxudegCBfFFSl0BOPXA0JiIrp7-BBeneYStNboBwRP3fOKRN6vaJ0MvIRVM41fURPuXAoF_grmansaxOfa1zhxrs%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol: H2
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 79a5e15fae003a43-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 162
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEKPupQF4nwGqK352NdoPPlA&google_cver=1&google_push=Aa02lx_nkCFa_GPjxudegCBfFFSl0BOPXA0JiIrp7-BBeneYStNboBwRP3fOKRN6vaJ0MvIRVM41fURPuXAoF_grmansaxOfa1zhxrs&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx_nkCFa_GPjxudegCBfFFSl0BOPXA0JiIrp7-BBeneYStNboBwRP3fOKRN6vaJ0MvIRVM41fURPuXAoF_grmansaxOfa1zhxrs%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 79a5e15e3bfc3a43-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FB0C
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESELYxCNULBtxrBiELVkfr9LI&google_cver=1&google_push=Aa02lx-Zaf1pKneH9Pg9Pjdb8myB-8PmKZKzUppjElXNUkFLFI05lQIdNU7TBeAkL2PGgpinypg7ZirTXPLWrWu6d7M-YCfuPwcm4Mc
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=DFD7CEBD15024F008A0B1D7E64DD836B&google_push=Aa02lx-Zaf1pKneH9Pg9Pjdb8myB-8PmKZKzUppjElXNUkFLFI05lQIdNU7TBeAkL2PGgpinypg7ZirTXPLWrWu...

170 B
188 B

35ms
35ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=DFD7CEBD15024F008A0B1D7E64DD836B&google_push=Aa02lx-Zaf1pKneH9Pg9Pjdb8myB-8PmKZKzUppjElXNUkFLFI05lQIdNU7TBeAkL2PGgpinypg7ZirTXPLWrWu6d7M-YCfuPwcm4Mc

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 16 Feb 2023 11:18:03 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=DFD7CEBD15024F008A0B1D7E64DD836B&google_push=Aa02lx-Zaf1pKneH9Pg9Pjdb8myB-8PmKZKzUppjElXNUkFLFI05lQIdNU7TBeAkL2PGgpinypg7ZirTXPLWrWu6d7M-YCfuPwcm4Mc
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 15 Feb 2023 11:18:03 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FB0C
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESENBFVTUNQLxx3bfNdO3EUCU&google_cver=1&google_push=Aa02lx_OOsjiilzZxibE0eZp6WbAk-KM015jwGlTnO-h2tVayS-yIvxiDxeU-ibO1Ilsvo9eQnx_LFfn...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESENBFVTUNQLxx3bfNdO3EUCU&google_cver=1&google_push=Aa02lx_OOsjiilzZxibE0eZp6WbAk-KM015jwGlTnO-h2tVayS-yIvxiDxeU-ibO1Ilsvo9eQnx...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODc4NjU3NjcyMzcyMjkwNDczOQ&google_push=Aa02lx_OOsjiilzZxibE0eZp6WbAk-KM015jwGlTnO-h2tVayS-yIvxiDxeU-ibO1Ilsvo9eQnx_LF...

170 B
188 B

20ms
18ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODc4NjU3NjcyMzcyMjkwNDczOQ&google_push=Aa02lx_OOsjiilzZxibE0eZp6WbAk-KM015jwGlTnO-h2tVayS-yIvxiDxeU-ibO1Ilsvo9eQnx_LFfnmyHa2Lg27QrsJq-IdNKJp4E

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODc4NjU3NjcyMzcyMjkwNDczOQ&google_push=Aa02lx_OOsjiilzZxibE0eZp6WbAk-KM015jwGlTnO-h2tVayS-yIvxiDxeU-ibO1Ilsvo9eQnx_LFfnmyHa2Lg27QrsJq-IdNKJp4E
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FB0C
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=RsJQM8OcS_SwdpyMKMwMvw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

17ms
16ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=RsJQM8OcS_SwdpyMKMwMvw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aa02lx9E3YzYVYSJ7Rnyiad9yriEqCiGLVg1YgJzo8sfhHxalM4eQyfCW_ilMlmN7G1J0AcwcuFIdNkHINM9tJJ08LrpoeKi8noEP4k

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=RsJQM8OcS_SwdpyMKMwMvw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aa02lx9E3YzYVYSJ7Rnyiad9yriEqCiGLVg1YgJzo8sfhHxalM4eQyfCW_ilMlmN7G1J0AcwcuFIdNkHINM9tJJ08LrpoeKi8noEP4k
date: Thu, 16 Feb 2023 11:18:04 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FB0C
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEODpWutcMwULJ__ne6xIFv4&google_cver=1&google_push=Aa02lx_IFqb1-W8vg-5qJ-VCisuVqsLHEKCD-Ce6n5O2H0-bRO7V0vqiZwUjyUkvyCF7ek_kJq4AAqK0rCjOHd4qocj-A_rXKe...
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=Aa02lx_IFqb1-W8vg-5qJ-VCisuVqsLHEKCD-Ce6n5O2H0-bRO7V0vqiZwUjyUkvyCF7ek_kJq4AAqK0rCjOHd4qocj-A_rXKeo...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTY0NDQ3NDQyMDIxNDI0NDY5Mjkx&google_push=Aa02lx_IFqb1-W8vg-5qJ-VCisuVqsLHEKCD-Ce6n5O2H0-bRO7V0vqiZwUjyUkv...

170 B
188 B

34ms
33ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTY0NDQ3NDQyMDIxNDI0NDY5Mjkx&google_push=Aa02lx_IFqb1-W8vg-5qJ-VCisuVqsLHEKCD-Ce6n5O2H0-bRO7V0vqiZwUjyUkvyCF7ek_kJq4AAqK0rCjOHd4qocj-A_rXKeoBtQ4

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=OTY0NDQ3NDQyMDIxNDI0NDY5Mjkx&google_push=Aa02lx_IFqb1-W8vg-5qJ-VCisuVqsLHEKCD-Ce6n5O2H0-bRO7V0vqiZwUjyUkvyCF7ek_kJq4AAqK0rCjOHd4qocj-A_rXKeoBtQ4
date: Thu, 16 Feb 2023 11:18:03 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame FB0C 0
45 B 197ms
20ms Image
text/plain 185.86.139.102
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEID5iYoX1Z5iR_DhQWkbthk&google_cver=1&google_push=Aa02lx-qsRbD1kGi2LTu5RubCxcOQm_RxB5VhBHBNlnP9Ouc-4SONvGT-FLqjyQqHHFvu6jv7Ks2Q23AH927j1bRp_GZrzQXi89ZYFE
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.102 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:02 GMT
content-length: 0

GET googleredir
googlecm.hit.gemius.pl/ Frame FB0C 0
0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame FB0C 0
49 B 83ms
34ms Image
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KSff-kryZXjqkKvOhE6c4-_bRernXvScZFelRuqYP-w5k45nyKS7c5TN16BwI2QI3B8oqP3g

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:03 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame DEBD 143 B
166 B 19ms
8ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2656
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=ISO-8859-1
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 10:33:47 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2E0B 1 KB
643 B 19ms
9ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 74086
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 14:43:17 GMT
etag: 48472445140208031
expires: Thu, 16 Feb 2023 14:43:17 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F1AB
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

25ms
25ms

Document
text/html

2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 11:18:03 GMT
expires: Thu, 16 Feb 2023 11:18:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 11:18:03 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B1E9
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

25ms
22ms

Document
text/html

2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 11:18:03 GMT
expires: Thu, 16 Feb 2023 11:18:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 11:18:03 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B84B 143 B
166 B 13ms
8ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2656
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=ISO-8859-1
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 10:33:47 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 787B 1 KB
643 B 16ms
13ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 74086
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 14:43:17 GMT
etag: 48472445140208031
expires: Thu, 16 Feb 2023 14:43:17 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2E0B
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESELYxCNULBtxrBiELVkfr9LI&google_cver=1&google_push=Aa02lx9puSr_zeXSCWORe__RPGrAIUWkiJUKGnVxEd6fjmL0RkKn3sAI1_ys2p1OmiMlcxxt1zZZx2gB9u-InRxB0VvPP0mSeAQirw
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=DFD7CEBD15024F008A0B1D7E64DD836B&google_push=Aa02lx9puSr_zeXSCWORe__RPGrAIUWkiJUKGnVxEd6fjmL0RkKn3sAI1_ys2p1OmiMlcxxt1zZZx2gB9u-InRx...

170 B
188 B

22ms
17ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=DFD7CEBD15024F008A0B1D7E64DD836B&google_push=Aa02lx9puSr_zeXSCWORe__RPGrAIUWkiJUKGnVxEd6fjmL0RkKn3sAI1_ys2p1OmiMlcxxt1zZZx2gB9u-InRxB0VvPP0mSeAQirw

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 16 Feb 2023 11:18:03 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=DFD7CEBD15024F008A0B1D7E64DD836B&google_push=Aa02lx9puSr_zeXSCWORe__RPGrAIUWkiJUKGnVxEd6fjmL0RkKn3sAI1_ys2p1OmiMlcxxt1zZZx2gB9u-InRxB0VvPP0mSeAQirw
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 15 Feb 2023 11:18:03 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2E0B
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEGZZFNc2Xg76qQMu5ggQOb4&google_cver=1&google_push=Aa02lx-nXcSPsCPL-pzClkgbvU7xPtP4rbiX8WmTBRLyJZg2jtOsGS8NykJGWkR-y-o2d384TVQYW50_btm...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aa02lx-nXcSPsCPL-pzClkgbvU7xPtP4rbiX8WmTBRLyJZg2jtOsGS8NykJGWkR-y-o2d384TVQYW50_btmAhP8p6mGYi2YS1CYC7x0&google_hm=c3WpeXkSRQiegnKzk...

170 B
188 B

118ms
114ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aa02lx-nXcSPsCPL-pzClkgbvU7xPtP4rbiX8WmTBRLyJZg2jtOsGS8NykJGWkR-y-o2d384TVQYW50_btmAhP8p6mGYi2YS1CYC7x0&google_hm=c3WpeXkSRQiegnKzkZ5faiw

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aa02lx-nXcSPsCPL-pzClkgbvU7xPtP4rbiX8WmTBRLyJZg2jtOsGS8NykJGWkR-y-o2d384TVQYW50_btmAhP8p6mGYi2YS1CYC7x0&google_hm=c3WpeXkSRQiegnKzkZ5faiw
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 2E0B 0
173 B 42ms
18ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEEgpdYd68Yjg1nsV7jQ4LMg&google_cver=1&google_push=Aa02lx-dBzEUOqu2CSuQ_vdLm3hFXkFg6rWoeJY6Q1En7siHICPO5ARJhj4BlnzXX0rT6rS7P_6TDWn3xHJ4Kd_sAj1fB8cZPsq_dYo
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:03 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2E0B
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESENBFVTUNQLxx3bfNdO3EUCU&google_cver=1&google_push=Aa02lx8TqB4PXiIkkruDKz2ATAXfjAdeLooPNFaAZArJEfUWPvKgSKmhNz2ndfYamXfiUe_w7LxxuYVs...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mzk0ODQyMDYwMzIyMjk4MTMwOQ&google_push=Aa02lx8TqB4PXiIkkruDKz2ATAXfjAdeLooPNFaAZArJEfUWPvKgSKmhNz2ndfYamXfiUe_w7LxxuY...

170 B
188 B

22ms
17ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mzk0ODQyMDYwMzIyMjk4MTMwOQ&google_push=Aa02lx8TqB4PXiIkkruDKz2ATAXfjAdeLooPNFaAZArJEfUWPvKgSKmhNz2ndfYamXfiUe_w7LxxuYVsX_bCnf35cqhi5y7Oo9GU8A

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mzk0ODQyMDYwMzIyMjk4MTMwOQ&google_push=Aa02lx8TqB4PXiIkkruDKz2ATAXfjAdeLooPNFaAZArJEfUWPvKgSKmhNz2ndfYamXfiUe_w7LxxuYVsX_bCnf35cqhi5y7Oo9GU8A
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2E0B
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEGXg2tNOs7McZnoRnTMpbc0&google_cver=1&google_push=Aa02lx-ulxaQZqGvDDyhK2KPNQhNM_SeM9n3R1AiWzzgRI7-pbmgA84TpFtHkl2X5pL2P2Q5xSN...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEU3MERCTDItMjYtQUtKTA==&google_push=Aa02lx-ulxaQZqGvDDyhK2KPNQhNM_SeM9n3R1AiWzzgRI7-pbmgA84TpFtHkl2X5pL2P2Q5xSNDW32L2b5ia2IGESSrO6DKynZXLg

170 B
188 B

22ms
21ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEU3MERCTDItMjYtQUtKTA==&google_push=Aa02lx-ulxaQZqGvDDyhK2KPNQhNM_SeM9n3R1AiWzzgRI7-pbmgA84TpFtHkl2X5pL2P2Q5xSNDW32L2b5ia2IGESSrO6DKynZXLg

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEU3MERCTDItMjYtQUtKTA==&google_push=Aa02lx-ulxaQZqGvDDyhK2KPNQhNM_SeM9n3R1AiWzzgRI7-pbmgA84TpFtHkl2X5pL2P2Q5xSNDW32L2b5ia2IGESSrO6DKynZXLg
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2E0B
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEHwbOv53pqHReofQI0x4P4w&google_cver=1&google_push=Aa02lx87ygHU-9Mo5znoJBngBTu2NY4vFc4nYGYlg83-ydUWe8dt03fn6i8GMz1Z3b_XXt16WvaY8XGomOSfpsUM...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=Aa02lx87ygHU-9Mo5znoJBngBTu2NY4vFc4nYGYlg83-ydUWe8dt03fn6i8GMz1Z3b_XXt16WvaY8XGomOSfpsUM3SojcgyhYyGBsVc

170 B
188 B

22ms
20ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=Aa02lx87ygHU-9Mo5znoJBngBTu2NY4vFc4nYGYlg83-ydUWe8dt03fn6i8GMz1Z3b_XXt16WvaY8XGomOSfpsUM3SojcgyhYyGBsVc

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 16 Feb 2023 11:18:03 GMT
via: 1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA2-C1
x-cache: GeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=Aa02lx87ygHU-9Mo5znoJBngBTu2NY4vFc4nYGYlg83-ydUWe8dt03fn6i8GMz1Z3b_XXt16WvaY8XGomOSfpsUM3SojcgyhYyGBsVc
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: Yj7k-wJnbTzaVlXsulCVFhzmgoNJCgDbL0gRCEI2Ahic6CEM_IDCHA==

GET
H2

200

/
onetag-sys.com/match/ Frame 2E0B
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEMMqx6KuCBNqUni3gdIQ5as&google_cver=1&google_push=Aa02lx-4j8p9aYeRolXZZySjBxr5pL2HxtKo6WGckhsSXVpLI7Pktp6BGex1dv_mAWZTfQHsSXuqmfQx3tX...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=Aa02lx-4j8p9aYeRolXZZySjBxr5pL2HxtKo6WGckhsSXVpLI7Pktp6BGex1dv_mAWZTfQHsSXuqmfQx3tXONFwFikNzRe2OrtRog5w
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

11ms
9ms

Image
text/plain

51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Protocol

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 2E0B 0
12 B 15ms
15ms Image
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J4QcZcQ31qesRjI81I_Ed2KkTIkEkqtFbRXiXPIq1JMqyV3H3KwxMt_lJeICg77ES3wWvv8g

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:03 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 787B 0
103 B 14ms
12ms Image
text/plain 2a02:fa8:8806:16::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESELqohm_edZ5KXyEFHFdp2Hw&google_cver=1&google_push=Aa02lx9QyxmZm1hfYmiFYqxRRUWuAA_0PZEMOVdSpb0e7ukWWkNn0VGqLkiXlRhsZYCdTRm91HsB2418R-R8NuNQO9j5CSd9JcIB0Q
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 787B
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESELYxCNULBtxrBiELVkfr9LI&google_cver=1&google_push=Aa02lx9pjpV6bfxTRhbzPHExYKJEJbqu329S7aQVMHqhn5e4TtPvJ1gqGylNi1qGLtG6fmUmHPT5dSpXfc0v-FSrqXXFSB9FeoW66w
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=DFD7CEBD15024F008A0B1D7E64DD836B&google_push=Aa02lx9pjpV6bfxTRhbzPHExYKJEJbqu329S7aQVMHqhn5e4TtPvJ1gqGylNi1qGLtG6fmUmHPT5dSpXfc0v-FS...

170 B
188 B

40ms
35ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=DFD7CEBD15024F008A0B1D7E64DD836B&google_push=Aa02lx9pjpV6bfxTRhbzPHExYKJEJbqu329S7aQVMHqhn5e4TtPvJ1gqGylNi1qGLtG6fmUmHPT5dSpXfc0v-FSrqXXFSB9FeoW66w

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 16 Feb 2023 11:18:03 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=DFD7CEBD15024F008A0B1D7E64DD836B&google_push=Aa02lx9pjpV6bfxTRhbzPHExYKJEJbqu329S7aQVMHqhn5e4TtPvJ1gqGylNi1qGLtG6fmUmHPT5dSpXfc0v-FSrqXXFSB9FeoW66w
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 15 Feb 2023 11:18:03 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 787B 70 B
265 B 107ms
34ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEDHkgmNNVpx7mmiGKGLxwew&google_cver=1&google_push=Aa02lx9umo7hgso0xrjUtHkddXb798xaFJUiH7RqAsSAJ-8FMcwz56PhAl2bOGyaG7BNewY-cs5p-npCdqObw00oe7aoLSYyqQGm
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 787B
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESENEutr5BVYZlohgdjgaT3C8&google_cver=1&google_push=Aa02lx9uYu3FNSAX4s4LXmMOZfqsKcBQdlX-a0kRFQwiH34lgt26SmV_JHmo0UNnt8fF0bQzvkeILhrU8Zn7gOK5DwWpa64...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESENEutr5BVYZlohgdjgaT3C8&google_cver=1&google_push=Aa02lx9uYu3FNSAX4s4LXmMOZfqsKcBQdlX-a0kRFQwiH34lgt26SmV_JHmo0UNnt8fF0bQzvkeILhrU8Zn7gOK5DwWpa...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aa02lx9uYu3FNSAX4s4LXmMOZfqsKcBQdlX-a0kRFQwiH34lgt26SmV_JHmo0UNnt8fF0bQzvkeILhrU8Zn7gOK5DwWpa6408NarIA

170 B
188 B

35ms
34ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aa02lx9uYu3FNSAX4s4LXmMOZfqsKcBQdlX-a0kRFQwiH34lgt26SmV_JHmo0UNnt8fF0bQzvkeILhrU8Zn7gOK5DwWpa6408NarIA

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=Aa02lx9uYu3FNSAX4s4LXmMOZfqsKcBQdlX-a0kRFQwiH34lgt26SmV_JHmo0UNnt8fF0bQzvkeILhrU8Zn7gOK5DwWpa6408NarIA
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 787B
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEJX3tpNOqxq0eX5RZPZ8EdI&google_cver=1&google_push=Aa02lx99FMKhoSdqihak3xpEhJPBvqHjDI0CEk_vWuVTth1SZHsO1oqNDKztoRQlesvRLzKwVSA05Lqpzfcv_686j...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEJX3tpNOqxq0eX5RZPZ8EdI&google_cver=1&google_push=Aa02lx99FMKhoSdqihak3xpEhJPBvqHjDI0CEk_vWuVTth1SZHsO1oqNDKztoRQlesvRLzKwVSA05Lqpzfcv_686j...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aa02lx99FMKhoSdqihak3xpEhJPBvqHjDI0CEk_vWuVTth1SZHsO1oqNDKztoRQlesvRLzKwVSA05Lqpzfcv_686jLvF1orIZoOV&google_hm=GKnmtGZHpk0SW4slTNyXeueS

170 B
188 B

50ms
49ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aa02lx99FMKhoSdqihak3xpEhJPBvqHjDI0CEk_vWuVTth1SZHsO1oqNDKztoRQlesvRLzKwVSA05Lqpzfcv_686jLvF1orIZoOV&google_hm=GKnmtGZHpk0SW4slTNyXeueS

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 16 Feb 2023 11:18:03 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=Aa02lx99FMKhoSdqihak3xpEhJPBvqHjDI0CEk_vWuVTth1SZHsO1oqNDKztoRQlesvRLzKwVSA05Lqpzfcv_686jLvF1orIZoOV&google_hm=GKnmtGZHpk0SW4slTNyXeueS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2

200

report
sync.teads.tv/um/ Frame 787B
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEEcOkfsgIWm9janLzHC54AY&...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=Aa02lx_QoaWdNaQ7iyETmi3z4vykV76C1-rl1RUmEiTk_9NlpnZHn6o0LiDtcGFGWnkpQmV5Kq2MSUEqqrWdvKGD0tNKWwWIg21STyE
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
172 B

34ms
33ms

Image
image/gif

104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Protocol: H2
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

expires: Thu, 16 Feb 2023 11:18:03 GMT
pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 787B
Redirect Chain

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEE_QV-EmI95MAp2N6dPR6V0&google_cver=1&google_push=Aa02lx-P7uhJQoBIJ...
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dxandr_eb%26google_hm%3D%24%7BBASE64_UID_ENC%7D%26google_gid%3DCAESEE_QV-EmI95MAp2N6dPR6V0%26goo...
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=MjczOTc5NDMwMTM1NzI1NDM2OA%3D%3D&google_gid=CAESEE_QV-EmI95MAp2N6dPR6V0&google_cver=1&google_push=Aa02lx-P7uhJQoBIJdGL0hzlppe_gLcp4Y...

170 B
188 B

49ms
49ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=MjczOTc5NDMwMTM1NzI1NDM2OA%3D%3D&google_gid=CAESEE_QV-EmI95MAp2N6dPR6V0&google_cver=1&google_push=Aa02lx-P7uhJQoBIJdGL0hzlppe_gLcp4YHs46tica_3ul03hdsrUBpbKiYb8XzWfhsG10KGLbHvMbW63lYkAb9qfpZTWdtoTZXlsAM

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 16 Feb 2023 11:18:03 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 81.95.5.44; 81.95.5.44; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: fcb4915c-4125-4fe8-a0ea-87392c40510f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=MjczOTc5NDMwMTM1NzI1NDM2OA%3D%3D&google_gid=CAESEE_QV-EmI95MAp2N6dPR6V0&google_cver=1&google_push=Aa02lx-P7uhJQoBIJdGL0hzlppe_gLcp4YHs46tica_3ul03hdsrUBpbKiYb8XzWfhsG10KGLbHvMbW63lYkAb9qfpZTWdtoTZXlsAM
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 787B 0
12 B 28ms
27ms Image
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IyQ8pslnSv_5LyvrYxPnC5O2C8lqOt3W-I4g3LuIkSaNvNs2njV3ms3IykhXx5kRoycFa6GIM

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 11:18:03 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame 48D1 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c7824cfe7010b188db89f9f9ae0f49b75d67e5d52299e7ddbb20e7455319d5a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame DEBD
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

21ms
20ms

Document
text/html

2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 11:18:03 GMT
expires: Thu, 16 Feb 2023 11:18:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 11:18:03 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B84B
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

15ms
15ms

Document
text/html

2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 11:18:03 GMT
expires: Thu, 16 Feb 2023 11:18:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 11:18:03 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 3BEA 36 KB
14 KB 12ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebe9819db65901730f1d3de1cefc5e502a42c1bdb3aae520c1374015a28e4e34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:32:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49531
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14458
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 21:32:32 GMT

GET
H3 200 6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 3DF7 36 KB
14 KB 13ms
9ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebe9819db65901730f1d3de1cefc5e502a42c1bdb3aae520c1374015a28e4e34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:32:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49531
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14458
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 21:32:32 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 48ms
43ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230213&jk=1969479295432491&bg=!LC-lL3vNAAYuhb89DoU7ADkAdvg8Wh1Yf63dd-E0ir3kt_01P5rZQqkw58xoGp9EnVWRv7UmjQH8YEoizrfhB5TeopTSkCh4YpUCAAAAUVIAAAACaAEHmQLSx1pBTjHT26siRMX5D8HtGozYwMy-4JyxT1FAEl9-1y5kMBAM6PFrXhm5tVD7je2NDWT_QqBfmxNjJxhjNl8VNFCC6ieshaOREwxauNO4A6rAAYgi1GDkMOLxSixmfFr-dEsr4y0_vBrXuipZ-TASpoK3ecKpxWFLmJMKYVBhdurj8F7PO2lc3b1LhfIlK7x15Fs2s19rnlXfljKJqE_gQAMGBTYL2WI8SfY6-atp6zSjKtvwGsvX5HV81J0-j5LHIhoIKCFdlWLD2DKeKBJ9ZBxyP78oZqzAA0eeOYN9NIp-h5U0CczwBgR-kkrhls_GToduMIr6MLnI-xzkd8Ax9CQr75XlYB92LNSc4XIeFERXj7LevB5rJn5v-mKCIq7n88nstp_QbDn3hilvqTmepNUDgEXPmk4UaRbcca9rBUsDayTP7VrBNEMPtzz6OBQl5PNz6cDikmuN3EzMLzBsJPCwCPy5Zm1sZt3Pocx_S6vM7G1FyOKJpwR2Mk3HNQt90QLCrGlTUZjTThIzUgHIfZSEpU08M6OvQDSdJRcTaeeNhUouTxDjetbkojUo9x74I2VX0P9643YEXLNjkzzhWULOUQq7cky-QZsG5xFHHrZi5dlXP5_v7q0TyMguJVDX1BDdZpqKccBA7inVYqyyk57Pte1em7KvKpS09rxp8h7-Q1VM9r8AlOtkcDqXPbZ6EZzey2QVWYOu4z62feZgxvPh-66QqxzFVtyS3HPj1z-4TsMJe4XVKt55Y49n31ekwre8rQ-uHDJjChUIojLPzs6Fh30ZjyBgeS9sg-Nalxu69E11RmlMvHhspf_aCGEeCFJXizGNjUppfdlyFqWV-J6grgxuMS-n1fiVmnYro8jEetcMQwovABjAuVx3gtIgrtNII3dWenEV2eBGgYQTERHCCuRgWxI6rktL6IgF6TpoBq95RwCiPd_i-NRRePCKihs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H3 200 6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 9DF2 36 KB
14 KB 14ms
9ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebe9819db65901730f1d3de1cefc5e502a42c1bdb3aae520c1374015a28e4e34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:32:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49531
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14458
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 21:32:32 GMT

GET
H3 200 6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 8F11 36 KB
14 KB 15ms
10ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebe9819db65901730f1d3de1cefc5e502a42c1bdb3aae520c1374015a28e4e34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 21:32:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49531
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14458
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 21:32:32 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 48D1 0
18 B 55ms
51ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=COhT06hDuY43jGI33tgehyptA3fXh9m7_qNuTkBGop5_2gjkQASC1r6AnYJX68IGMB6ABmKqOtQHIAQKpAsaDUlW29rE-qAMByAPJBKoElQJP0Dt3s6y0qXhTpZ6c_2D0pf2zhg16w4NsFYbe96I62VqdFscn0wyd0zKk7oHCL0glNlXD9TKlXglEsBcz2gNVmGYm2mop9mn8la98zRNDOWfLeyLwohiHCfvD-eU8NSVWZ-z24pKbe2NYds_wV0W7flNVyHyrCRdo69xeCpvso809Ru_I0uQp_14m6rRnrLFeI2CuH7Sbs-JYw2dOs_1JZV7zAna4CGVmNZpFh3Xe9_L1hFcgsGjEAXWFuURskmRS5ftMp_WHJrrG9O0b7xa6ppXuZyzLtgR6UOqvmlRUWM_MHM7-GQMiBB1fJRndD-sYJ00bXJ9jcxKnI8uufFY7Fk78idLGCjBkB2qckdwbPtJK_oWrwASxwfaMqgSSBQQIBBgBkgUECAUYBKAGAoAHxLfO8gOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBDksALSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTAtAVAYAXAbIXHAoaCAASFHB1Yi0xNTM2MzM0MjE5NTYyNzcxGAA&sigh=x9TTNFIlfgw&uach_m=[UACH]&cid=CAQSKQDUE5ymooluB8pcokQBn3bPPSK9wxcs1da1oTbcS8npAVGgl1E-CnzxGAE&vis=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 16 Feb 2023 11:18:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 48D1 42 B
64 B 51ms
51ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvVrepilI8zS-FyP0s0whUWSxph0sWkXvey9tsHJwa_au-J-gl3yXL_jQdThbggxI-9J2a8FcrGQTIzRFBk7PFyKWxIKXdx56XDLdpTzvKkmCtXNhvlk9FYGgm7GUEKDlLBnVUUDGDeR_SQ_4tCR82xAVO5hq5-KRsN&sai=AMfl-YRyJhN9eNHFFXoEIohpzapbOyk3mJDrwe7mo7TINGnvP6cqZhpj5bdcc0UZd7jMdpQMIc300SYAiqVcjgH-XDNVyeF5SvSjKfM&sig=Cg0ArKJSzN7YW3Ns_8CDEAE&cid=CAQSKQDUE5ymooluB8pcokQBn3bPPSK9wxcs1da1oTbcS8npAVGgl1E-CnzxGAE&id=lidar2&mcvt=1000&p=0,0,600,120&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230215&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1676546283032&rpt=231&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 11:18:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: googlecm.hit.gemius.pl
URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEGw6MwC-CRDEA_mZ7cAHv_w&google_cver=1&google_push=Aa02lx_qVTi9XI3aA5EihcsA2erB26Non5NWKqOafV2_xBsUbyBa1nWQd1mf618pxZm-XYiHenCoDm788EQ7mVIsDo47vFhXkZQRXLs

Verdicts & Comments Add Verdict or Comment

72 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

28 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443	1969-12-31 23:59:59	Name: _ga4s Value: 1
www.redpacketsecurity.com/cobalt-stike-beacon-detected-194-165-16-56-port-443	1969-12-31 23:59:59	Name: _ga4sid Value: 2146421579
.redpacketsecurity.com/	1970-01-20 19:18:26	Name: _ga4 Value: 69491f61-7973-4c5c-af60-8de8a2c8ebdf
.doubleclick.net/	1970-01-20 19:04:02	Name: IDE Value: AHWqTUnVz0Ohw4Eq-q3zIiPdQRkYoit1RoisN87mNFQc6XBq68II7B0rsEgIK9kj
.www.redpacketsecurity.com/	1970-01-20 10:25:38	Name: CaosGtag_ga_GN0W0LT7ZX Value: GS1.3.1676546282.1.0.1676546282.60.0.0
.www.redpacketsecurity.com/	1970-01-20 10:25:38	Name: CaosGtag_ga Value: GA1.3.1359530084.1676546282
comments.app/	1970-01-20 18:34:29	Name: bcom_on Value: 1
.redpacketsecurity.com/	1970-01-20 19:04:02	Name: __gads Value: ID=89a3d39478622265-22178124a8dc003b:T=1676546282:RT=1676546282:S=ALNI_MZoOmXQEEvtKaQa1Zs2KHEEYnxwrg
.redpacketsecurity.com/	1970-01-20 19:04:02	Name: __gpi Value: UID=00000bb75873bebd:T=1676546282:RT=1676546282:S=ALNI_MZy6yvo4wS9HupM64EmVRHpmfWPZA
.redpacketsecurity.com/	1970-01-20 09:42:28	Name: __cf_bm Value: SMvIwp8BXP3tWe.OgKLgognKxnscPLUZHkrQI8BBW.o-1676546282-0-ARduXxFWBLq9RcOyvUCKWv+Bk5hnPQn+m+B09kS6OiyGijXx3KL5MsWkmvPVqUL9JYUBXb9MCOgeNHt96Q3PM/IuN4F2m1Zxctuf25MjXpuojUqRZCcT6wqQEyNepaQA19r3mdjXmXk2YByht3uqre8=
.quantserve.com/	1970-01-20 11:52:02	Name: d Value: EBcBCQGnKIEA
.quantserve.com/	1970-01-20 19:12:40	Name: mc Value: 63ee10eb-3a3b9-696b6-9d376
.simpli.fi/	1970-01-20 18:29:28	Name: suid Value: DFD7CEBD15024F008A0B1D7E64DD836B
.adform.net/	1970-01-20 10:22:45	Name: C Value: 1
.mathtag.com/	1970-01-20 19:08:21	Name: uuid Value: 689c63ee-10eb-4900-bbd3-85b76abbe010
.mathtag.com/	1970-01-20 10:25:38	Name: mt_mop Value: 4:1676546283
.doubleclick.net/	1970-01-20 09:42:29	Name: DSID Value: NO_DATA
.adform.net/	1970-01-20 11:08:50	Name: uid Value: 3948420603222981309
.blismedia.com/	1970-01-20 18:28:06	Name: b Value: 63EE10EB55B48FBB2D34511FBLIS
.adnxs.com/	1970-01-20 11:52:02	Name: uuid2 Value: 2739794301357254368
.ctnsnet.com/	1970-01-20 18:28:02	Name: cid_7375a979791245089e8272b3919e5f6a Value: 1
.ctnsnet.com/	1970-01-20 18:28:02	Name: gid_CAESEGZZFNc2Xg76qQMu5ggQOb4 Value: 1
.lijit.com/	1970-01-20 18:28:02	Name: ljt_reader Value: GKnmtGZHpk0SW4slTNyXeueS
.de17a.com/	1970-01-20 18:20:50	Name: guid Value: 1.8899304464424768910
.3lift.com/	1970-01-20 11:52:02	Name: tluid Value: 964447442021424469291
.tribalfusion.com/	1970-01-20 11:52:02	Name: ANON_ID Value: annseFoZdUQcR2Hp9vcghPCHj6jADtu5wcXxbAx8DGuQhak38ZaZaPV9HoIxQJNCMD1ZbG1RfU0EQINSQAtemUQ6
.pubmatic.com/	1970-01-20 09:43:52	Name: KTPCACOOKIE Value: YES
.pubmatic.com/	1970-01-20 18:28:02	Name: KADUSERCOOKIE Value: 46C25033-C39C-4BF4-B076-9C8C28CC0CBF

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEGw6MwC-CRDEA_mZ7cAHv_w&google_cver=1&google_push=Aa02lx_qVTi9XI3aA5EihcsA2erB26Non5NWKqOafV2_xBsUbyBa1nWQd1mf618pxZm-XYiHenCoDm788EQ7mVIsDo47vFhXkZQRXLs Message: Failed to load resource: net::ERR_ADDRESS_UNREACHABLE
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20110914/zrt_lookup.html?fsb=1#RS-3-&adk=1812271802&client=ca-pub-1536334219562771&fa=2&ifi=5&uci=a!5&btvi=3&xpc=XesdaHGiLx&p=https%3A//www.redpacketsecurity.com Message: The resource https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
adservice.google.com
adservice.google.de
analytics.google.com
ap.lijit.com
c1.adform.net
cm.g.doubleclick.net
cms.quantserve.com
comments.app
d5p.de17a.com
dclk-match.dotomi.com
eb2.3lift.com
fonts.googleapis.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
image6.pubmatic.com
match.adsrvr.org
oauth.tg.dev
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
s.ad.smaato.net
s.tribalfusion.com
secure.adnxs.com
ssbsync.smartadserver.com
static.cloudflareinsights.com
stats.g.doubleclick.net
sync.mathtag.com
sync.teads.tv
tg.dev
tpc.googlesyndication.com
tr.blismedia.com
um.simpli.fi
www.google.com
www.google.de
www.googleadservices.com
www.googletagservices.com
www.gstatic.com
www.redpacketsecurity.com
googlecm.hit.gemius.pl
104.111.217.42
142.250.186.162
149.154.164.13
149.154.167.99
172.217.18.2
185.29.132.241
185.86.139.102
192.82.242.209
213.155.156.185
216.52.2.48
2600:9000:20eb:7200:1b:5138:8a40:93a1
2606:4700:20::ac43:4810
2606:4700::6810:3865
2606:4700::6812:19ad
2620:116:800d:21:93ca:31d8:d86e:38f6
2a00:1450:4001:806::2002
2a00:1450:4001:806::200a
2a00:1450:4001:808::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:830::2001
2a00:1450:4001:830::2003
2a00:1450:400c:c0b::9b
2a00:1450:400d:803::2003
2a00:1450:400d:80a::2002
2a00:1450:400d:80c::200e
2a00:1450:400d:80d::2004
2a02:fa8:8806:16::1370
34.96.105.8
35.186.193.173
35.204.158.49
35.71.131.137
37.157.6.254
37.252.171.53
51.89.9.252
52.223.22.214
69.173.144.165
00ab36d5573ceab85b1bc2de3ff62f4a9402bdc7c8a9749ac58c7037aa4bd2b8
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e4d1d7a07ea6fddd6ab116e27bc0e074f5fe6ad6c89f719a515ae9c80436b6d
0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3
112e715bd7cf64fa4db9a86910e5a1c083f5dab7498e0ed6b63121773da49fe1
140ee2462b736e743b7f9b2dd82f41ecfa63f17a818739fec426067500edb49c
14467e50bdc2caac321ca9c423e7504c913d67044d0af25947d98e0b30ecc33a
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1ab5022a9d544ad3a4ba79b1cb50c46cfdd741ff9b136e1f787d9dd942961e70
1e282ff98a776f4ff686166aa65025c15a81095fbe620e1c3c566041735468ca
21061765237c66c10b48e236063a3497c22d33629e98f8654d1a3b860fa48700
24f76018c6bfebc6a17b5a7074fb8673c4fcf72cbd787766a6594da49eda6259
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
33a2f32349a6984f77f2cd427708c9ae0002bfc90594182bbc809b71ee0cdfde
3d0bc70c532adb12e961ccc186ea1d1b59ec9a2ecf9554f2de8d932e3cd72966
482f450b7fdbac6f9304643f3e731df20bf66c51fb0599fa9a734e5d102a9e2a
48fbde4449166e5ac00ca28f5eaf4fd040dd02a68c1b000de088da357e9bdcf3
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
500ac7575a41098a65d2cde54a71ccfd3a7ac9b6b6fcfef664371fc00da5f550
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61cfe1e4bad8332eaf07240b9a18cd9c20f55c526e9c0b9ad9bf3255265c695d
6342d16a93416b5e826f6d0e0e930ef033efb682851ae46270f3c4f5b4a1c194
68e1fe5f35b4b0131be24086e7de0e04291d335c32ac4868bf0803abe50a862e
6f31c7dc9765953db99dff9cc7952ae286aefc34533d8e69de6b5c967ab801c6
765d7308ebd55d0d2e9babfd37e30335be02efbbf3d3176f3e1f730cc4177045
7c4d4ebcfa4f78eaaceee66e35d9966c10551fee602ebde00065ea76b98eed8d
7d45256c95c1c245654bf298e27d9c538dc778a2ee050ba4678ac2a07f479869
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
84b97b3fa8847b64c6d3833561e4b3146530577171e85ad226578a087db70974
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
8afc6e5e842baab16010c2ce6fcf48ec4ded8e1579a37c1f1bc027e120d04951
8c2eb4bd436a068318ae842919d15610711964b98cf65a76c3cabf176a1cf98e
8d682cacc363f4e147c5b9cf41b5f62c8614ba28952508b12d559bad92d8647c
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
93731dfb508247e0f34f39e0fffbd337711e3a2701854b865a44553090ca3c93
979caf94add5b00ec59d8abde43d200523745c2f4b105c2906f4d9dda4afaeec
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c6da36cea63f11f2eec0b90172b327690999906bab4fd6acefb742a6a934c34
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a2123f408e24aef68f451ccbe5370ec3c92354c75d3e58188d31e6b9618edafb
a374b168f61d41e1a7feb4a88f4cb9f2bcd169f21ec8ec9b4e572d4130ffb3f2
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0
aa441bf5f2ac8c608371513bad73ea45ad6dc8b7c50e3c6841af81147d0b96ce
ae394bf43bc39f7c6b3f439de04f6b75288d849a0ecae5000a2452546063647c
af12f7592b4d8f6b8483bd9bab081ecf35abe485d5315fb0ecf30559ac2bd9cd
af735813266cdf52a38a6e1583a86066db357469ceded2d7ea8335b298d73d65
b4dc7118464c434f7caac42fd0535dac1102dfcace0feb4c35e3bb29594b14c3
b5e930df6a2976d5df996e18b347e091756699ea32716dc53d0e1c0fd814c526
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc03c18785fb9e597451f536e5ec0ad0ade996f9d62dd3fc45a97185be5a21be
c125f9df87e03c7f10734df4272ae3d1591fcbb128a67e8d0321c7f185556038
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a
c68dcae9351a6711f4fe98e26ea0cacdea3637dd30066e474b35819b53977941
c7824cfe7010b188db89f9f9ae0f49b75d67e5d52299e7ddbb20e7455319d5a1
c83a35c9158ecf90cd3180cf966dae2663a94f5f7453f36d1eb445a01cc2981e
c86e183995d42d069cdf501e7605562c081cd7aac3b779abe3f69af717d4dd47
caf942691bd22e99c3fb0519aa919c354ed4ea91006f3b0260a7dd605722cd0a
cb663c80447404f77fc81a5cfa183a73ce0efbede98da0942e7c7f015b124fa5
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
d4dbfc32e8156b42abaf7fec32fb3e6d96ea03aeed1a1f9bc9a132ce94714483
d52f1f1c0e3e9e237c7604afefa8d784064f688c76293e3f1102dab32a830925
d5fe67baeacc337576517dc182b708ed116ca3282ffdfb15cb18d63c1d573b8f
dd6e691a27d07125e04993917cfb3f75ac9d8926f6b66d7c2e45368aa130e660
e1601745519a76243ca6bb102340f8d85ffe8d78e2166ad8820bc45edeb995f7
e1a52c0a06fa9f65e015b02e7ec463fd621211a9d2ae44b6660597900e927fbb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e450af4a7c4974ea3ff324b629876380e0ca9605333a57152a953310c4a4661a
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e7ff4c16fbfa447f2f2e9f1acadcb900818f75ff93016855c4102cd95996207e
ea7d3259409db9df22ce95fc9b9fe3621ab780f8122c808f8390876e50549ee9
eb46d82ef6f86859f18e379660e0f45b85c6f69fa97111905f0c125a08506376
ebe9819db65901730f1d3de1cefc5e502a42c1bdb3aae520c1374015a28e4e34
ed81d5248fa368649beafa2654a6dcf3b0fbb083cc1c2dfb18e5aad1d94510e9
edeb2b5e74830903f63699bf4af70856fbb5b8c5e4e5b405113a9dc9930133ea
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f158b8591a08b6c02bb345ae96dd62f0c632f7f635bb4a5f449fce24bdc11789
f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3
f29b8ecbab4c1e594014a0ab615d1ffd1e9b0441cf76df655af17844de20970a
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f65784e5e7332dc1e4bbeacbec70fdeef4a1bea84f16ce2ee144999719d195ce
fd493524c8be6d84cf95959f93103680b3faa2a47c92482d43ff1836d8c08055
feade23a47f6041e6d1008885642dd7ab7cc4f12d94b0c7191c9cf8ca55df97d

www.redpacketsecurity.com Open in urlscan Pro 2606:4700:20::ac43:4810 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

195 Requests

88 %HTTPS

50 %IPv6

32 Domains

41 Subdomains

27 IPs

10 Countries

2037 kBTransfer

5660 kBSize

28 Cookies

7 Outgoing links

Redirected requests

195 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.redpacketsecurity.com Open in urlscan Pro
2606:4700:20::ac43:4810 Public Scan

Screenshot
Live screenshot

Full Image

195
Requests

88 %
HTTPS

50 %
IPv6

32
Domains

41
Subdomains

27
IPs

10
Countries

2037 kB
Transfer

5660 kB
Size

28
Cookies

195 HTTP transactions
2 data transactions