10211810.fls.doubleclick.net Open in urlscan Pro
216.58.212.166  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request dc_pre=CK2S95id8fECFclSGwodEDcOCw;src=10211810;type=nsrt1;cat=retar0;ord=7747338978667;gtm=2wg7j0;auiddc=2135912693.1626802048;~oref=https%3A%2F%2Fenroll.wondrhealth.com%2Fstart%3Fs%3DEnsono%26utm_... Show response 10211810.fls.doubleclick.net/ddm/fls/r/	864 B 1 KB	119ms 44ms	Document text/html	216.58.212.166 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://10211810.fls.doubleclick.net/ddm/fls/r/dc_pre=CK2S95id8fECFclSGwodEDcOCw;src=10211810;type=nsrt1;cat=retar0;ord=7747338978667;gtm=2wg7j0;auiddc=2135912693.1626802048;~oref=https%3A%2F%2Fenroll.wondrhealth.com%2Fstart%3Fs%3DEnsono%26utm_source%3Demarsys%26utm_medium%3Demail%26utm_campaign%3D2021_07_b2c_pa_enrollment_reminder_ensono Protocol H2 Security TLS 1.3, , AES_128_GCM Server 216.58.212.166 Mountain View, United States, ASN15169 (GOOGLE, US), Reverse DNS ams15s22-in-f166.1e100.net Software cafe / Resource Hash c8ea22c2642976a9f250ca52c93121d91793d6ec847bec3c4547013ad0a9c295 Security Headers Name Value Strict-Transport-Security max-age=21600 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority 10211810.fls.doubleclick.net :scheme https :path /ddm/fls/r/dc_pre=CK2S95id8fECFclSGwodEDcOCw;src=10211810;type=nsrt1;cat=retar0;ord=7747338978667;gtm=2wg7j0;auiddc=2135912693.1626802048;~oref=https%3A%2F%2Fenroll.wondrhealth.com%2Fstart%3Fs%3DEnsono%26utm_source%3Demarsys%26utm_medium%3Demail%26utm_campaign%3D2021_07_b2c_pa_enrollment_reminder_ensono pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin date Tue, 20 Jul 2021 08:31:35 GMT expires Tue, 20 Jul 2021 08:31:35 GMT cache-control private, max-age=0 strict-transport-security max-age=21600 content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding gzip server cafe content-length 576 x-xss-protection 0 set-cookie test_cookie=CheckForPermission; expires=Tue, 20-Jul-2021 08:46:35 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	95 KB 24 KB	6ms 6ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: 10211810.fls.doubleclick.net URL: https://10211810.fls.doubleclick.net/ddm/fls/r/dc_pre=CK2S95id8fECFclSGwodEDcOCw;src=10211810;type=nsrt1;cat=retar0;ord=7747338978667;gtm=2wg7j0;auiddc=2135912693.1626802048;~oref=https%3A%2F%2Fenroll.wondrhealth.com%2Fstart%3Fs%3DEnsono%26utm_source%3Demarsys%26utm_medium%3Demail%26utm_campaign%3D2021_07_b2c_pa_enrollment_reminder_ensono Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 0d17b8a38d3dce6f7357bbc8da105d92c21b6cf1c4b92351ce2b1861b065f2c5 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://10211810.fls.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c; content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 24676 x-xss-protection 0 pragma public x-fb-debug NMwoIHYjQKcHXHS8ucYvxNiMZMEjY/0UiwKJ6r6KhdP7Ezfjneu8kF0HI1u4M8vJNEi2t2REh/PjKxo9LzjyJA== x-fb-trip-id 686109401 x-frame-options DENY cross-origin-opener-policy same-origin-allow-popups cross-origin-embedder-policy-report-only require-corp;report-to="coop_report" date Tue, 20 Jul 2021 08:31:35 GMT strict-transport-security max-age=31536000; preload; includeSubDomains report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"} content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 expires Sat, 01 Jan 2000 00:00:00 GMT
GET H3-29	200	311290820235597 Show response connect.facebook.net/signals/config/	263 KB 74 KB	8ms 8ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/311290820235597?v=2.9.43&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 3697b42cae8d0f9fe643978e0488f7a5e29d42d612474c5f5e7be3baf370e039 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://10211810.fls.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c; content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 76203 x-xss-protection 0 pragma public x-fb-debug NedRGsdUfxvk+PKZrfLfMtINNu3z7UDMpKkL1TGv6y+ca+BcIflWMmQL9j/IpxGXod23tO9pKT0LFkKRu+EBMw== cross-origin-embedder-policy-report-only require-corp;report-to="coop_report" cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Tue, 20 Jul 2021 08:31:35 GMT strict-transport-security max-age=31536000; preload; includeSubDomains report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"} content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	/ www.facebook.com/tr/	44 B 147 B	6ms 6ms	Image image/gif	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=311290820235597&ev=PageView&dl=https%3A%2F%2F10211810.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCK2S95id8fECFclSGwodEDcOCw%3Bsrc%3D10211810%3Btype%3Dnsrt1%3Bcat%3Dretar0%3Bord%3D7747338978667%3Bgtm%3D2wg7j0%3Bauiddc%3D2135912693.1626802048%3B~oref%3Dhttps%253A%252F%252Fenroll.wondrhealth.com%252Fstart%253Fs%253DEnsono%2526utm_source%253Demarsys%2526utm_medium%253Demail%2526utm_campaign%253D2021_07_b2c_pa_enrollment_reminder_ensono&rl=&if=false&ts=1626769895214&sw=1600&sh=1200&v=2.9.43&r=stable&ec=0&o=30&fbp=fb.1.1626769895212.1798059259&it=1626769895170&coo=false&rqm=GET Requested by Host: 10211810.fls.doubleclick.net URL: https://10211810.fls.doubleclick.net/ddm/fls/r/dc_pre=CK2S95id8fECFclSGwodEDcOCw;src=10211810;type=nsrt1;cat=retar0;ord=7747338978667;gtm=2wg7j0;auiddc=2135912693.1626802048;~oref=https%3A%2F%2Fenroll.wondrhealth.com%2Fstart%3Fs%3DEnsono%26utm_source%3Demarsys%26utm_medium%3Demail%26utm_campaign%3D2021_07_b2c_pa_enrollment_reminder_ensono Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://10211810.fls.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 20 Jul 2021 08:31:35 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 content-length 44 expires Tue, 20 Jul 2021 08:31:35 GMT
GET H3-29	200	/ www.facebook.com/tr/	44 B 88 B	7ms 6ms	Image image/gif	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=311290820235597&ev=Microdata&dl=https%3A%2F%2F10211810.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCK2S95id8fECFclSGwodEDcOCw%3Bsrc%3D10211810%3Btype%3Dnsrt1%3Bcat%3Dretar0%3Bord%3D7747338978667%3Bgtm%3D2wg7j0%3Bauiddc%3D2135912693.1626802048%3B~oref%3Dhttps%253A%252F%252Fenroll.wondrhealth.com%252Fstart%253Fs%253DEnsono%2526utm_source%253Demarsys%2526utm_medium%253Demail%2526utm_campaign%253D2021_07_b2c_pa_enrollment_reminder_ensono&rl=&if=false&ts=1626769896717&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.43&r=stable&ec=1&o=30&fbp=fb.1.1626769895212.1798059259&it=1626769895170&coo=false&es=automatic&tm=3&rqm=GET Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://10211810.fls.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 20 Jul 2021 08:31:36 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin content-length 44 alt-svc h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 priority u=3,i expires Tue, 20 Jul 2021 08:31:36 GMT

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| fbq function| _fbq

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.doubleclick.net/	1970-01-19 22:02:25	Name: _fbp Value: fb.1.1626769895212.1798059259
			.doubleclick.net/	1970-01-19 19:52:50	Name: test_cookie Value: CheckForPermission

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10211810.fls.doubleclick.net
connect.facebook.net
www.facebook.com
216.58.212.166
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
0d17b8a38d3dce6f7357bbc8da105d92c21b6cf1c4b92351ce2b1861b065f2c5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
3697b42cae8d0f9fe643978e0488f7a5e29d42d612474c5f5e7be3baf370e039
c8ea22c2642976a9f250ca52c93121d91793d6ec847bec3c4547013ad0a9c295