urlscan.io logo urlscan.io
SecurityTrails logo

phishcheck.me Open in urlscan Pro
142.93.23.27  Public Scan

Go To Rescan Add Verdict Report
URL: https://phishcheck.me/
Submission Tags: falconsandbox
Submission: On January 24 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 33 IPs in 8 countries across 29 domains to perform 190 HTTP transactions. The main IP is 142.93.23.27, located in Santa Clara, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is phishcheck.me.
TLS certificate: Issued by R3 on December 30th 2023. Valid for: 3 months.
This is the only time phishcheck.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 142.93.23.27 14061 (DIGITALOC...)
6 2a00:1450:400... 15169 (GOOGLE)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 192.229.221.25 15133 (EDGECAST)
24 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
3 25 2a00:1450:400... 15169 (GOOGLE)
11 2a00:1450:400... 15169 (GOOGLE)
8 2a00:1450:400... 15169 (GOOGLE)
33 2a00:1450:400... 15169 (GOOGLE)
4 35.187.184.108 396982 (GOOGLE-CL...)
2 142.250.184.198 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 12 172.217.16.194 15169 (GOOGLE)
2 4 104.18.36.155 13335 (CLOUDFLAR...)
2 3 185.89.210.180 29990 (ASN-APPNEX)
4 35.190.0.66 15169 (GOOGLE)
2 35.244.170.237 15169 (GOOGLE)
14 2.19.85.120 16625 (AKAMAI-AS)
2 130.162.160.243 31898 (ORACLE-BM...)
1 4 2a00:1450:400... 15169 (GOOGLE)
6 142.250.185.226 15169 (GOOGLE)
2 2620:116:800d... 16509 (AMAZON-02)
2 2 52.57.64.28 16509 (AMAZON-02)
2 35.214.149.91 15169 (GOOGLE)
1 178.250.1.9 44788 (ASN-CRITE...)
1 34.160.236.64 396982 (GOOGLE-CL...)
2 2 37.157.5.133 198622 (ADFORM)
1 2 2.16.97.41 16625 (AKAMAI-AS)
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
1 1 151.101.194.49 54113 (FASTLY)
1 52.223.40.198 16509 (AMAZON-02)
1 1 51.75.86.98 16276 (OVH)
1 1 35.186.193.173 15169 (GOOGLE)
10 95.101.197.124 16625 (AKAMAI-AS)
190 33
5    142.93.23.27 (Santa Clara, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
phishcheck.me
6    2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
3    2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)
netdna.bootstrapcdn.com
1    2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
2    192.229.221.25 (United States)

ASN15133 (EDGECAST, US)
www.paypalobjects.com
24    2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
6    2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
25    2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
www.googletagservices.com
11    2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fundingchoicesmessages.google.com
8    2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
33    2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
4    35.187.184.108 (Brussels, Belgium)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 108.184.187.35.bc.googleusercontent.com
rtb.ads.travelaudience.com
2    142.250.184.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f6.1e100.net
ad.doubleclick.net
1    2a00:1450:4001:830::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
12    172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f194.1e100.net
cm.g.doubleclick.net
4    104.18.36.155 (None, )

ASN13335 (CLOUDFLARENET, US)
dsum-sec.casalemedia.com
3    185.89.210.180 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
ib.adnxs.com
4    35.190.0.66 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com
ads.travelaudience.com
2    35.244.170.237 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 237.170.244.35.bc.googleusercontent.com
static.travelaudience.com
14    2.19.85.120 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-85-120.deploy.static.akamaitechnologies.com
z.moatads.com
px.moatads.com
2    130.162.160.243 (Slough, United Kingdom)

ASN31898 (ORACLE-BMC-31898, US)
mb.moatads.com
4    2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
6    142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net
www.googleadservices.com
2    2620:116:800d:21:5ed4:8d5d:fed7:f5ef (United States)

ASN16509 (AMAZON-02, US)
cms.quantserve.com
2    52.57.64.28 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-64-28.eu-central-1.compute.amazonaws.com
pm.w55c.net
2    35.214.149.91 (Groningen, Netherlands)

ASN15169 (GOOGLE, US)
PTR: 91.149.214.35.bc.googleusercontent.com
x.bidswitch.net
1    178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
dis.criteo.com
1    34.160.236.64 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 64.236.160.34.bc.googleusercontent.com
odr.mookie1.com
2    37.157.5.133 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
2    2.16.97.41 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-16-97-41.deploy.static.akamaitechnologies.com
sync.teads.tv
2    2606:4700::6812:18ad (United States)

ASN13335 (CLOUDFLARENET, US)
a.tribalfusion.com
s.tribalfusion.com
1    151.101.194.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
1    52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
1    51.75.86.98 (France)

ASN16276 (OVH, FR)
PTR: ip98.ip-51-75-86.eu
onetag-sys.com
1    35.186.193.173 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com
ius.ctnsnet.com
10    95.101.197.124 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a95-101-197-124.deploy.static.akamaitechnologies.com
travel198849194933.s.moatpixel.com
Apex Domain
Subdomains		 Transfer
57 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 110
tpc.googlesyndication.com — Cisco Umbrella Rank: 157
614 KB
32 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 38
ad.doubleclick.net — Cisco Umbrella Rank: 163
cm.g.doubleclick.net — Cisco Umbrella Rank: 260
237 KB
16 moatads.com
z.moatads.com — Cisco Umbrella Rank: 704
mb.moatads.com — Cisco Umbrella Rank: 809
px.moatads.com — Cisco Umbrella Rank: 660
230 KB
15 google.com
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1143
www.google.com — Cisco Umbrella Rank: 2
71 KB
14 gstatic.com
fonts.gstatic.com
www.gstatic.com
183 KB
10 moatpixel.com
travel198849194933.s.moatpixel.com — Cisco Umbrella Rank: 62221
2 KB
10 travelaudience.com
rtb.ads.travelaudience.com — Cisco Umbrella Rank: 132732
ads.travelaudience.com — Cisco Umbrella Rank: 5893
static.travelaudience.com — Cisco Umbrella Rank: 80332
400 KB
7 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 230
453 KB
7 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 28
ajax.googleapis.com — Cisco Umbrella Rank: 369
39 KB
6 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 145
5 phishcheck.me
phishcheck.me
44 KB
4 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 622
3 KB
3 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 253
3 KB
3 bootstrapcdn.com
netdna.bootstrapcdn.com — Cisco Umbrella Rank: 3034
51 KB
2 tribalfusion.com
a.tribalfusion.com — Cisco Umbrella Rank: 874
s.tribalfusion.com — Cisco Umbrella Rank: 2405
1 KB
2 teads.tv
sync.teads.tv — Cisco Umbrella Rank: 1376
451 B
2 adform.net
c1.adform.net — Cisco Umbrella Rank: 583
1 KB
2 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 373
470 B
2 w55c.net
pm.w55c.net — Cisco Umbrella Rank: 875
2 KB
2 quantserve.com
cms.quantserve.com — Cisco Umbrella Rank: 764
926 B
2 paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 2611
4 KB
1 ctnsnet.com
ius.ctnsnet.com — Cisco Umbrella Rank: 7224
623 B
1 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 707
388 B
1 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 357
149 B
1 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 716
544 B
1 mookie1.com
odr.mookie1.com — Cisco Umbrella Rank: 1375
204 B
1 criteo.com
dis.criteo.com — Cisco Umbrella Rank: 608
363 B
1 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 336
2 MB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 225
4 KB
190 29
Domain Requested by
33 tpc.googlesyndication.com googleads.g.doubleclick.net
phishcheck.me
tpc.googlesyndication.com
pagead2.googlesyndication.com
24 pagead2.googlesyndication.com phishcheck.me
pagead2.googlesyndication.com
tpc.googlesyndication.com
googleads.g.doubleclick.net
www.googletagservices.com
18 googleads.g.doubleclick.net 3 redirects pagead2.googlesyndication.com
phishcheck.me
googleads.g.doubleclick.net
12 px.moatads.com rtb.ads.travelaudience.com
12 cm.g.doubleclick.net 4 redirects googleads.g.doubleclick.net
11 fundingchoicesmessages.google.com pagead2.googlesyndication.com
10 travel198849194933.s.moatpixel.com
8 www.gstatic.com googleads.g.doubleclick.net
7 www.googletagservices.com phishcheck.me
googleads.g.doubleclick.net
6 www.googleadservices.com phishcheck.me
6 fonts.gstatic.com fonts.googleapis.com
6 fonts.googleapis.com phishcheck.me
googleads.g.doubleclick.net
5 phishcheck.me phishcheck.me
4 www.google.com 1 redirects googleads.g.doubleclick.net
tpc.googlesyndication.com
4 ads.travelaudience.com rtb.ads.travelaudience.com
4 dsum-sec.casalemedia.com 2 redirects googleads.g.doubleclick.net
4 rtb.ads.travelaudience.com phishcheck.me
rtb.ads.travelaudience.com
3 ib.adnxs.com 2 redirects googleads.g.doubleclick.net
3 netdna.bootstrapcdn.com phishcheck.me
netdna.bootstrapcdn.com
2 sync.teads.tv 1 redirects googleads.g.doubleclick.net
2 c1.adform.net 2 redirects
2 x.bidswitch.net googleads.g.doubleclick.net
2 pm.w55c.net 2 redirects
2 cms.quantserve.com googleads.g.doubleclick.net
2 mb.moatads.com z.moatads.com
2 z.moatads.com rtb.ads.travelaudience.com
2 static.travelaudience.com rtb.ads.travelaudience.com
2 ad.doubleclick.net phishcheck.me
2 www.paypalobjects.com phishcheck.me
1 ius.ctnsnet.com 1 redirects
1 onetag-sys.com 1 redirects
1 match.adsrvr.org googleads.g.doubleclick.net
1 sync-tm.everesttech.net 1 redirects
1 s.tribalfusion.com
1 a.tribalfusion.com 1 redirects
1 odr.mookie1.com googleads.g.doubleclick.net
1 dis.criteo.com googleads.g.doubleclick.net
1 s0.2mdn.net googleads.g.doubleclick.net
1 cdnjs.cloudflare.com phishcheck.me
1 ajax.googleapis.com phishcheck.me
190 40

This site contains no links.

Subject Issuer Validity Valid
phishcheck.me
R3		 2023-12-30 -
2024-03-29		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-01-02 -
2024-03-26		 3 months crt.sh
bootstrapcdn.com
GTS CA 1P5		 2023-11-30 -
2024-02-28		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2023-10-12 -
2024-10-31		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2024-01-02 -
2024-03-26		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2024-01-02 -
2024-03-26		 3 months crt.sh
*.google.com
GTS CA 1C3		 2024-01-02 -
2024-03-26		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2024-01-02 -
2024-03-26		 3 months crt.sh
rtb.ads.travelaudience.com
R3		 2023-12-29 -
2024-03-28		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2024-01-02 -
2024-03-26		 3 months crt.sh
ads.travelaudience.com
R3		 2024-01-05 -
2024-04-04		 3 months crt.sh
static.travelaudience.com
R3		 2023-12-05 -
2024-03-04		 3 months crt.sh
moatads.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-10-25 -
2024-10-24		 a year crt.sh
*.moatads.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-06-20 -
2024-07-20		 a year crt.sh
www.google.com
GTS CA 1C3		 2024-01-02 -
2024-03-26		 3 months crt.sh
quantserve.com
R3		 2023-12-27 -
2024-03-26		 3 months crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2023-03-23 -
2024-03-23		 a year crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-12-01 -
2024-03-01		 3 months crt.sh
*.mookie1.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-02-27 -
2024-03-29		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2023-04-12 -
2024-05-13		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2024-01-02 -
2024-03-26		 3 months crt.sh

This page contains 28 frames:

Primary Page: https://phishcheck.me/
Frame ID: C0D361438503ED90FF0197AE0CFC56DF
Requests: 33 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20190131/zrt_lookup_fy2021.html
Frame ID: CC58BF60C02FEC212B0370BE346C6C40
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5625379829790606&output=html&adk=1812271804&adf=3025194257&lmt=1706097290&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fphishcheck.me%2F&pra=5&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097290165&bpp=7&bdt=525&idt=152&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3630297874670&frm=20&pv=2&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=164
Frame ID: A86C2B1E54472E742E49E23C8A0D644E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1801062927&pi=t.aa~a.768063588~rp.1&w=1155&fwrn=4&fwrnh=100&lmt=1706097290&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097290172&bpp=1&bdt=531&idt=160&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=498&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=162
Frame ID: 3D8ACD7D492CA4D5A773416B72579EF1
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280&nras=3&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1535&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=21
Frame ID: DED14338493B69896533C4078EE08E80
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1200x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280%2C1155x280&nras=4&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2257&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=24
Frame ID: EA026F11E97E5B46FC246E894B7088D0
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=50&adk=1321268319&adf=4099543842&pi=t.aa~a.3434894028~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1155x50&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1540&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280%2C1155x280%2C1200x90&nras=5&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2177&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=27
Frame ID: 6DDEFBD3A39FE0C54A21683F23C71F7E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 7818552F485E2B199B2D5BF51A2E8261
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 53E0526A53E65F6EE3D1DDFBE74454C5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 71C674665B93E86BFB4B4B4F5D309F65
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: C6D950C35E3D29D5237D763D4E766C82
Requests: 1 HTTP requests in this frame

Frame: https://rtb.ads.travelaudience.com/rtb?ads=1000428.2.0.70020628.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60015627.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=160&y=600&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLXvhivqwZf_OGbWNgrAPxcu4-AzKkbX7ctPipc7RCsCNtwEQASAAYJWCoIKwB4IBF2NhLXB1Yi01NjI1Mzc5ODI5NzkwNjA2yAEJqQJHMi6NJTmyPqgDAcgDAqoEwwFP0Mq0n1-nfzm0KB3lV-Hf__x8NNUtopA1Cy7kAqfjM7ZIxxq-PXQxLISsWGY8kWhkBPuZ3t2KqfaFIZLUaxC8xe5JsbBcaQRV-le6fvHEI2QwpGVQGCTpeeXH5p7Y_eLeRXZDulx1SWFis6b1yHV_cMSR3IMn7qDbA9kpibhx3tIOc7AwA-8zy4TFxqyUptlPjMwSHScJvL9hsgwBbXz4KxDH95GLUcRIHhJ33Zm59leNN9BNqNNuskx0aZ9NIciYmPiABpPs9bHTj7eAkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYrpbG1_v1gwP6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0UXHELlEfHZHDPLUhyOiSvhM_t_w%26client%3Dca-pub-5625379829790606%26adurl%3D&googlewinningprice=ZbD6igAGZ38AAIa1AA4lxXL_ss2Kx8gIYRT20w&wpc=EUR&site=phishcheck.me&slotvisibility=1&gcpm=2766413&gpos=1&bidder=bidder-rtb-production-c75795f5b-wlttz&dv=1&uuid=&suid=&brq=9P6auMitxIESrnAvGncpsj7c6ij_KzL28aa_2g&ssp_id=0&l=en&ts=1706097290&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=TmblrGGrn9gDZ4mmjshtuM9u-IhXG8wFXK5ndnoh63U=
Frame ID: 99D6A341CC05765B68A5EAD235F56E97
Requests: 18 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/window_focus_fy2021.js
Frame ID: 09EC7033F9CA7C9EF2F36AEDE91AAD91
Requests: 6 HTTP requests in this frame

Frame: https://rtb.ads.travelaudience.com/rtb?ads=1000428.2.0.70020628.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60015627.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=160&y=600&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEgegivqwZYDPGbWNgrAPxcu4-AzKkbX7ctPipc7RCsCNtwEQASAAYJWCoIKwB4IBF2NhLXB1Yi01NjI1Mzc5ODI5NzkwNjA2yAEJqQJHMi6NJTmyPqgDAcgDAqoEwwFP0JFS6jPSfJM3JVHprnIP_6_O7RheCe7R0tEJERRugHELFPhoV8NnfMe2ByuVxhuPjN9bB9R55ygb0p4j6cvWNoyat4PkP6tSZZLQWtn3ijfkhVo19K_OHFjQ7lzlR9vL36jsi6QD6rqiOahgGVaDjDRXkDmF9JI3HUF6kaLpJ6gQVBkxo184H_ZZurKtRpyWOGCcDEUBf60hsmyu-m6gov9PRKM1R2McnTSnPHGMryCfwzgnRNxYsGBcG00jc5a5qQCABpPs9bHTj7eAkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYrpbG1_v1gwP6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2oWdCYTKwzmeTgiKc3OOzcC7SQ4w%26client%3Dca-pub-5625379829790606%26adurl%3D&googlewinningprice=ZbD6igAGZ4AAAIa1AA4lxbJ1o5a7FUD9cAJOlw&wpc=EUR&site=phishcheck.me&slotvisibility=1&gcpm=2755765&gpos=1&bidder=bidder-rtb-production-c75795f5b-fg5c4&dv=1&uuid=&suid=&brq=ekJpvPpWDu9e3MOA_SIxftcX2GL4hLAsPEiNzw&ssp_id=0&l=en&ts=1706097290&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=TmblrGGrn9gDZ4mmjshtuM9u-IhXG8wFXK5ndnoh63U=
Frame ID: F9A0CAB630D27FA341FDBCD751341AA6
Requests: 18 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/window_focus_fy2021.js
Frame ID: C4B544ABB2292184C93DBDA321DC5493
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKv65gIQm-jrAhifksT_ATAB&v=APEucNXC_JiCjqCqpl7XGFwNkkJRK58UjCg11op55N0t3sSLQQR1OT7peb7t46Q8jwVtEElPrukv-lqIFx7W95cMLYeOn6ZB3D7kXqwv96cU2VAtfYyf_f84fof3mWVB4yoYraMvAd_bBB7nQzEnCdFcGxWTX2TB5zwlbBfHVWyaOxDKt8Tv8mY
Frame ID: 9FD13D6CCCAC30303C7133C0B91D8AE9
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20240122/r20110914/abg_lite_fy2021.js
Frame ID: 563C68662879666E518E3E420879B9A2
Requests: 12 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: CB79660EC087E5F6226BB894D7E24150
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: D9A432DBDD2A7B907A813AE9F9635518
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/WCj_J8NcEslNDYs839d7KGBgNEN8AJkC0oz39by2qQc.js
Frame ID: D44CBFCC9D1A60A1219C96B2FD635B97
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 709E87DFD9E57A49346E99F59FE9A00A
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 553034EEA4409473AC0A867AE86C4EEC
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 25AED34ED9E5A907ABDB904D90AAFC11
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/WCj_J8NcEslNDYs839d7KGBgNEN8AJkC0oz39by2qQc.js
Frame ID: C971463278AA64D4AE4F3F8B1F0EF14D
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/WCj_J8NcEslNDYs839d7KGBgNEN8AJkC0oz39by2qQc.js
Frame ID: CFAA1770DD9C4710F3CA6A53B3A2738A
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/WCj_J8NcEslNDYs839d7KGBgNEN8AJkC0oz39by2qQc.js
Frame ID: 5313C44714E0F3E8347E0F888A624D31
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 9CB45B324AF0E5EE0F36EA5FFEF37D97
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 89B3EFFD3B4D311064B4C584B74F22BF
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Phishcheck 2.0 beta - Home

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • (?:powered by <a[^>]+>Django ?([\d.]+)?<\/a>|<input[^>]*name=["']csrfmiddlewaretoken["'][^>]*>)
Overall confidence: 100%
Detected patterns
  • paypalobjects\.com
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • moatads\.com
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

190
Requests

93 %
HTTPS

38 %
IPv6

29
Domains

40
Subdomains

33
IPs

8
Countries

4262 kB
Transfer

7738 kB
Size

27
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 63
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECKMwPbl01bp6z7FdWNNyW8&google_cver=1
Request Chain 64
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZbD6i0sBuk7E0NXjJkgSXgAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOFQqgRxIvgZjKpUdDkdaas&google_cver=1
Request Chain 65
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEDJNjyrKay_sSRttHZgGAv4&google_cver=1
Request Chain 66
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzA5Mjk1NjM3OTQ1MjU1MDIyMA%3D%3D
Request Chain 119
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CXCffivqwZZW-GcWfgrAP8eed0Aq-6Ly-dZisrd-5EIfg9v6XHBABIJ3w6iBglYKggrAHoAG62-OYA8gBCagDAcgDywSqBMkBT9DxprAQD2diQdVcsXhu-rUGrUEHxNm2nQpR55X11rs53-gnBju2KZeugIeIEN4EvX8zbaf1pJziTNHiIVlcOcoqC9vN4w31fZqLdKa8lIarDozksuW24iQLcaw_Zwh0Mi3wkN3kSj72pGVTmznZGzV6CA7F8eBMfGTsAq2ST5-QaHnxu04A79AoKEh1K0KatR9XzH6_JW_LAILbjrrcat4EuItprXE9Yt27RkTpTlk4lav9qB8iROzxZGME1LYc2pfmG8d_aJAYwATI7KXqowOIBcjpse8pkgUECAQYAZIFBAgFGASgBi6AB66knGeoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBC3okvSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WMK1xtf79YMDmgmZAWh0dHBzOi8vd3d3LmluZnJhZ2lzdGljcy5jb20vcHJvZHVjdHMvaWduaXRlLXVpLWJsYXpvcj91dG1fc291cmNlPWdvb2dsZSZ1dG1fbWVkaXVtPWNwYyZ1dG1fY2FtcGFpZ249aWduaXRlLXVpLWJsYXpvciZ1dG1fdGVybT1nZXJtYW55LWRpc3BsYXktZGV2LWxtLW5ld4AKAcgLAbgT5APYEw2IFAPQFQGYFgGAFwGyFxwKGggAEhRwdWItNTYyNTM3OTgyOTc5MDYwNhgA&sigh=TSTj6xnQwz4&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwAvHhf_1GyUv7QiF29UdfqFUlric4kY8U9jRaRIWfvb7mqgMfz-5FwhMxPZO0tPjmRaE1zENPJMeobj2wMnWuLtofLFDK3Xq6EZZ0iUeHoYAQ&template_id=484&cbvp=2&vis=1 HTTP 302
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%228519045675031157999%22,%22debug_reporting%22:true,%22destination%22:%22https://infragistics.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22857271738%22],%2222%22:[%22true%22],%224%22:[%2201-24%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%223708599928059483425%22}&andc=true
Request Chain 124
  • https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEOeDzRNNyy9crutBCIwp1f8&google_cver=1&google_push=AXcoOmRislX_MiDH7a5sWuRCLpgKaIE9L7lq5Wh8JhesUGbLJCHiqjT5VzZuAfKr99aEfsAipLHMf3DZKi-QRQDQKv1CSt1-9gNxrQs HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEOeDzRNNyy9crutBCIwp1f8&google_cver=1&google_push=AXcoOmRislX_MiDH7a5sWuRCLpgKaIE9L7lq5Wh8JhesUGbLJCHiqjT5VzZuAfKr99aEfsAipLHMf3DZKi-QRQDQKv1CSt1-9gNxrQs HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=VzdIbTVYS2cxUnNCUWY1&google_gid=CAESEOeDzRNNyy9crutBCIwp1f8&google_cver=1&google_push=AXcoOmRislX_MiDH7a5sWuRCLpgKaIE9L7lq5Wh8JhesUGbLJCHiqjT5VzZuAfKr99aEfsAipLHMf3DZKi-QRQDQKv1CSt1-9gNxrQs
Request Chain 128
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESECW4sIBXONvfZkGHxNDcPwM&google_cver=1&google_push=AXcoOmSgElP5HmanUMBj_1JEc-gthyliHorPogCPYQsp-QIyvBorjdcQ3UqZfwj_CRo6VXJb27BTLj6tnA7EW4yifPwRJmsCR4KC_h4 HTTP 302
  • https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESECW4sIBXONvfZkGHxNDcPwM&google_cver=1&google_push=AXcoOmSgElP5HmanUMBj_1JEc-gthyliHorPogCPYQsp-QIyvBorjdcQ3UqZfwj_CRo6VXJb27BTLj6tnA7EW4yifPwRJmsCR4KC_h4 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODEwNzIxOTkxMjU3Mjc0ODMzMw&google_push=AXcoOmSgElP5HmanUMBj_1JEc-gthyliHorPogCPYQsp-QIyvBorjdcQ3UqZfwj_CRo6VXJb27BTLj6tnA7EW4yifPwRJmsCR4KC_h4
Request Chain 129
  • https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEJ0zVoWKCX_DBSLKns-YyPM&google_cver=1&google_push=AXcoOmRtj0mqJHtSVuXvH2fx7fQigL4aqkK-59sEW3Xby-aldlotaVY96lXYg-gl1bdvNTWVgQHguDTUfGtudYKJTk6gDlYgtvXAQJF- HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmRtj0mqJHtSVuXvH2fx7fQigL4aqkK-59sEW3Xby-aldlotaVY96lXYg-gl1bdvNTWVgQHguDTUfGtudYKJTk6gDlYgtvXAQJF- HTTP 302
  • https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Request Chain 132
  • https://a.tribalfusion.com/i.match?p=b6&u=CAESEAzsjOwU-2PdPONMMjCX9W4&google_cver=1&google_push=AXcoOmQobvGVEd7mWoPoJinsRF6JflAc6YqvztFGyS9KFVhlgzaWJMGsAaTGvbicmjF6dGPD9tmJt3pE2BQoNw-Wlud4Fu7FcwBOzw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQobvGVEd7mWoPoJinsRF6JflAc6YqvztFGyS9KFVhlgzaWJMGsAaTGvbicmjF6dGPD9tmJt3pE2BQoNw-Wlud4Fu7FcwBOzw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
  • https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEAzsjOwU-2PdPONMMjCX9W4&google_cver=1&google_push=AXcoOmQobvGVEd7mWoPoJinsRF6JflAc6YqvztFGyS9KFVhlgzaWJMGsAaTGvbicmjF6dGPD9tmJt3pE2BQoNw-Wlud4Fu7FcwBOzw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQobvGVEd7mWoPoJinsRF6JflAc6YqvztFGyS9KFVhlgzaWJMGsAaTGvbicmjF6dGPD9tmJt3pE2BQoNw-Wlud4Fu7FcwBOzw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Request Chain 133
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEFAMc70Qnlg5TRS1Wbm_fLo&google_cver=1&google_push=AXcoOmStDjlnjjLCLpDNOdxQK0Cn4FRfmN7FtXuC1ZBJ0RmSlJ2H2Ksu8nU89meFu9JEQTvgjNxil4aiMC0ZMw5keTuLfO9j9z868xc HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFAMc70Qnlg5TRS1Wbm_fLo&google_push=AXcoOmStDjlnjjLCLpDNOdxQK0Cn4FRfmN7FtXuC1ZBJ0RmSlJ2H2Ksu8nU89meFu9JEQTvgjNxil4aiMC0ZMw5keTuLfO9j9z868xc
Request Chain 136
  • https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESECUVdsRTT5MlghIemvMMjK4&google_cver=1&google_push=AXcoOmS3SRerCInejwsKeodwA-R3sI41gW_6YC8mvrExCjvdWpDawO6JV2NbJkXoPCnfoFjyS02lQuUZD0MGu2nKTfF0pU7kFDS29oM HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmS3SRerCInejwsKeodwA-R3sI41gW_6YC8mvrExCjvdWpDawO6JV2NbJkXoPCnfoFjyS02lQuUZD0MGu2nKTfF0pU7kFDS29oM
Request Chain 137
  • https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEJvH_ed8nlR-MNI1E55AjAI&google_cver=1&google_push=AXcoOmTThdLSeNJLB8QhaPNygAaXI40iz2eWf0U6MBQ7zHCkqKtRT9E5GPzztPso13y3_ZW8tnsbuZ6jbKSYKQPYbh4fM_pPWI5nawI HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmTThdLSeNJLB8QhaPNygAaXI40iz2eWf0U6MBQ7zHCkqKtRT9E5GPzztPso13y3_ZW8tnsbuZ6jbKSYKQPYbh4fM_pPWI5nawI&google_hm=-izkHtULRCuVXWFUeejIf4U
Request Chain 139
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 145
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CpITHi_qwZe2TErCEtOUPnp2mkALgod6XdfzjwKnzEdXYjdSUDhABIJ3w6iBglYKggrAHoAHN3ImMA8gBAagDAcgDwwSqBNIBT9CQbqJn6CyFjJSJ675qIyGYsbwVnQrgn4D-i-cLRpMCxJlArohIC4Ye-QpluiWVoE3gr4MPm4bcY3-RNrruNYxTzPVDQvVsTg5YYhwK0f2phyN2TfJvgHiNNot0fD2jBSvTVOHZ-BzQpx5PHDenZYX1L616sFC37G3sOhAefeIZnbFCGEH9ZOhuGOyKSSCTckUODKjZ_ZRkzTBHAA0ZUNi1fgy7RpZqSjBUcHPCjyXprXFssTm_AosecBOL2nHhSMLyaUK8gmgka70tKW_FDxNwwAS49LL5vwSIBbifo-ZMkgUECAQYAZIFBAgFGASgBmaAB5uj9nOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBDlmwnSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WIec-9f79YMDmglEaHR0cHM6Ly9mbG9yZW5jZWhjLmNvbS9jYW1wYWlnbi9mbG9yZW5jZS1zaXRlbGluay1wcm9kdWN0LXRvdXItcGFpZC-ACgHICwGiDAgqBgoErLqxAtgTC4gUAdAVAYAXAbIXHAoaCAASFHB1Yi01NjI1Mzc5ODI5NzkwNjA2GAA&sigh=WEGsNrKQs0I&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSPAAvHhf_FwW0_Q3fFKK6UwD-x63-vpJjYMUsKQq1O82L0B-XOYpXoa9aG0PVJ7l_Xe8Etcm7KsYJk_TRTBgB&cbvp=2&vis=1 HTTP 302
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225841631431304478009%22,%22debug_reporting%22:true,%22destination%22:%22https://florencehc.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22830631501%22],%2222%22:[%22true%22],%224%22:[%2201-24%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%22239892360092640577%22}&andc=true
Request Chain 147
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CG7xri_qwZfmLEb7VgrAP96C4gAfrhsKAdMm44q2sEoj_59OZPxABIJ3w6iBglYKggrAHoAGsoPyQAcgBCagDAcgDy4SAgASqBMoBT9DUTgS2y3d3Xe27VoY4miPlxJKJ7a_t1XUmxi6UA2hAdF3gTHsbW91NKPcIVm505vJoqAmXkzi8H0QhKWT8tCrCBnws9uxTQLT87WB1_9pxNEoH8EBrtRcb0ACPLJKXsn_KU4Lnm56ZqkSZfOdZ37l9eIb8JCQc1lYiQYTLVn8IFNHLv5xlvGpPs6wcaxk_nHxzFn6oriIlrs82iH75XeIZAgO2eKCoYBX-lqc1-V-9Ii4CSG-2dcyr4CVJKkUcPb6qUeIXfpxp7MAE3-yK5cMEiAWyjPikTZIFBAgEGAGSBQQIBRgEoAYugAe834PvAqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcEEM38CdIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYxo_71_v1gwOaCSBodHRwczovL3JlbW90ZS5jb20vbHAtY29udHJhY3RvcoAKAcgLAaIMCCoGCgSsurECuBPkA9gTDYgUAdAVAYAXAbIXHAoaCAASFHB1Yi01NjI1Mzc5ODI5NzkwNjA2GAA&sigh=fmjAw3WbTwo&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSOwAvHhf_Lesx4HfZL8518sz1IG7Dsc6ZenFWOEZsBcSiG7MiSneNxlYycWM9JqCFNda-p_wddFOLwdx3GAE&template_id=484&cbvp=2&vis=1 HTTP 302
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%223997350020375681112%22,%22debug_reporting%22:true,%22destination%22:%22https://remote.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22304025644%22],%2222%22:[%22true%22],%224%22:[%2201-24%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2213848724101337984625%22}&andc=true

190 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
phishcheck.me/ 		18 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://phishcheck.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
142.93.23.27 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
5854719c83c89d43c7728ea403c0aa646a540f45faaa6502dcc5f8e7131238d4
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Wed, 24 Jan 2024 11:54:49 GMT
Server
nginx/1.14.0 (Ubuntu)
Transfer-Encoding
chunked
Vary
Cookie
X-Frame-Options
SAMEORIGIN
css
fonts.googleapis.com/ 		2 KB
959 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Nunito
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
39b752928c723222cf1a05d1a77a7f64ce5a8f055f3d1052ad03a2f2d6370265
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishcheck.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 24 Jan 2024 11:54:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 24 Jan 2024 10:42:11 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 24 Jan 2024 11:54:49 GMT
bootstrap.min.css
netdna.bootstrapcdn.com/bootstrap/3.3.1/css/ 		111 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://netdna.bootstrapcdn.com/bootstrap/3.3.1/css/bootstrap.min.css
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d699f303990ce9bd7d7c97e9bd3cad6a46ecf2532f475cf22ae58213237821b9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishcheck.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:49 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
756
age
6337937
cdn-cachedat
12/27/2021 16:05:23
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:03:58 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
server
cloudflare
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
2fc14f032e96d80c2a970b6638be897f
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
84a8157c79a6918c-FRA
cdn-requestpullsuccess
True
main.css
phishcheck.me/css/ 		5 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://phishcheck.me/css/main.css
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
142.93.23.27 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
26f64f8bbe24fd08534113bcb1e61988c2e941edf55834661e776ac266cecb68

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishcheck.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Wed, 24 Jan 2024 11:54:49 GMT
Last-Modified
Wednesday, 24-Jan-2024 11:54:49 GMT
Server
nginx/1.14.0 (Ubuntu)
Content-Type
text/css
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4914
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.0/ 		94 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishcheck.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:48:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
43604
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33576
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 22 Jan 2025 23:48:05 GMT
bootbox.min.js
cdnjs.cloudflare.com/ajax/libs/bootbox.js/4.4.0/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/bootbox.js/4.4.0/bootbox.min.js
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e05edee09b002722d47693fb43c49a87ceba8c23a1bfbdb353913c948444478c
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishcheck.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:49 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
4855623
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
3213
last-modified
Mon, 04 May 2020 16:06:37 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03d8d-27d9"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vkh%2BtYofNa%2Bx9xUYB%2FPLcuoWy93%2BGXMCa9zaEtO54XIr9S3WSHGm5N7JLtdTjoLm9Tue%2BbZIGwWwOpYI4k0Y7blOAGprgBMGwEjk13Um6TvvgJTypxgtIdHzcPV2Qbjf2SnXkz1LTWIP0rw4qGOCO99b"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
84a8157c6c579950-FRA
expires
Mon, 13 Jan 2025 11:54:49 GMT
phishcheck.js
phishcheck.me/js/ 		7 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://phishcheck.me/js/phishcheck.js
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
142.93.23.27 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
c88f2bfe24b1ea2b1edf5c3b678de67ae68b5b457e8001eba865be15b6e126d5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishcheck.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Wed, 24 Jan 2024 11:54:49 GMT
Last-Modified
Fri, 02 Jul 2021 04:37:43 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60de9817-1dff"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7679
navbarlogo3-reversed.png
phishcheck.me/images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://phishcheck.me/images/navbarlogo3-reversed.png
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
142.93.23.27 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
c8c38714236c1b847b96fbebaba10af1574a7f4d567f8cfbdb3dfe2997ab18fb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishcheck.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Wed, 24 Jan 2024 11:54:50 GMT
Last-Modified
Thu, 02 May 2019 17:44:56 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5ccb2c98-13f4"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5108
phishchecklogo3-vert.png
phishcheck.me/images/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://phishcheck.me/images/phishchecklogo3-vert.png
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
142.93.23.27 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
db3df22768fe7273aa43d8f6cf193b406b1cb15f5d4a26ad36f73e5fdf86a331

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishcheck.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Wed, 24 Jan 2024 11:54:50 GMT
Last-Modified
Thu, 02 May 2019 17:44:56 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5ccb2c98-4fa7"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
20391
btn_donateCC_LG.gif
www.paypalobjects.com/en_US/i/btn/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48AC) /
Resource Hash
33a91bd6d378215fcd413c279aa88d48bda6c8b2ef7695892777c87de37de256
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishcheck.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:50 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-cache
HIT
paypal-debug-id
f42b14747710f
dc
ccg11-origin-www-1.paypal.com
content-length
3099
last-modified
Thu, 27 May 2021 14:20:07 GMT
server
ECAcc (ama/48AC)
traceparent
00-0000000000000000000f42b14747710f-8b4868ec1f4b8f85-01
etag
"60afaa97-c1b"
content-type
image/gif
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Wed, 24 Jan 2024 12:54:50 GMT
pixel.gif
www.paypalobjects.com/en_US/i/scr/ 		43 B
184 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/en_US/i/scr/pixel.gif
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/4894) /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishcheck.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:50 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-cache
HIT
paypal-debug-id
44dbe3fea9359
dc
ccg11-origin-www-1.paypal.com
content-length
43
last-modified
Fri, 16 Aug 2019 04:57:34 GMT
server
ECAcc (ama/4894)
traceparent
00-000000000000000000044dbe3fea9359-d84c23b7606d6317-01
etag
"5d5637be-2b"
content-type
image/gif
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Wed, 24 Jan 2024 12:54:50 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		148 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
789f13eeffbcd5a94d003f92dda5b3cadb25cdda4781ad8be01332f0254da6a8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishcheck.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:50 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
51363
x-xss-protection
0
server
cafe
etag
1907507914208058225
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
link
<https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires
Wed, 24 Jan 2024 11:54:50 GMT
bootstrap.min.js
netdna.bootstrapcdn.com/bootstrap/3.1.1/js/ 		28 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://netdna.bootstrapcdn.com/bootstrap/3.1.1/js/bootstrap.min.js
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishcheck.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:49 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
1048
age
5996174
cdn-cachedat
12/24/2022 09:42:47
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:03:57 GMT
cdn-proxyver
1.03
cdn-requestpullcode
200
server
cloudflare
etag
W/"ba847811448ef90d98d272aeccef2a95"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
d6dbf851f08f7f1817367eddaa339629
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
84a8157e4bab918c-FRA
cdn-requestpullsuccess
True
XRXI3I6Li01BKofiOc5wtlZ2di8HDLshdTQ3jw.woff2
fonts.gstatic.com/s/nunito/v26/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/nunito/v26/XRXI3I6Li01BKofiOc5wtlZ2di8HDLshdTQ3jw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Nunito
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
923963e0a56b84c4438f2359121e855e147a01a78a2591c471179cfc9bf0e784
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://phishcheck.me
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:27:07 GMT
x-content-type-options
nosniff
age
44863
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16292
x-xss-protection
0
last-modified
Thu, 14 Sep 2023 00:41:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 22 Jan 2025 23:27:07 GMT
glyphicons-halflings-regular.woff
netdna.bootstrapcdn.com/bootstrap/3.3.1/fonts/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://netdna.bootstrapcdn.com/bootstrap/3.3.1/fonts/glyphicons-halflings-regular.woff
Requested by
Host: netdna.bootstrapcdn.com
URL: https://netdna.bootstrapcdn.com/bootstrap/3.3.1/css/bootstrap.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://netdna.bootstrapcdn.com/bootstrap/3.3.1/css/bootstrap.min.css
Origin
https://phishcheck.me
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
723
age
161300
cdn-cachedat
08/20/2022 03:02:09
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
23320
last-modified
Mon, 25 Jan 2021 22:03:58 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
server
cloudflare
etag
"68ed1dac06bf0409c18ae7bc62889170"
vary
Accept-Encoding
content-type
font/woff
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
b5df6e6cbf7195262751be7c70fea88c
accept-ranges
bytes
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
84a8157e6dc21947-FRA
cdn-requestpullsuccess
True
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/ 		403 KB
137 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5625379829790606&plah=phishcheck.me
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bea79c9a6f49deeccdb97aa043f55c13a14191aff4de645caa197b8a02e5ec23
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishcheck.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:50 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
139880
x-xss-protection
0
server
cafe
etag
11376596339404062252
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Wed, 24 Jan 2024 11:54:50 GMT
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20240122/r20190131/ Frame CC58 		9 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20240122/r20190131/zrt_lookup_fy2021.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://phishcheck.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
44263
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4209
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 23 Jan 2024 23:37:07 GMT
etag
3890843268177463596
expires
Tue, 06 Feb 2024 23:37:07 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame A86C 		426 KB
88 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5625379829790606&output=html&adk=1812271804&adf=3025194257&lmt=1706097290&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fphishcheck.me%2F&pra=5&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097290165&bpp=7&bdt=525&idt=152&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3630297874670&frm=20&pv=2&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=164
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5625379829790606&plah=phishcheck.me
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3d8945eaac12dff7cd51c9ea32e170e08add61f9a540bf808087a443aaa252a7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://phishcheck.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
89497
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 24 Jan 2024 11:54:51 GMT
expires
Wed, 24 Jan 2024 11:54:51 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=navbar%20navbar-fixed-top&ign=false&pw=1600&ph=1200&x=0&y=0
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishcheck.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:50 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 3D8A 		118 KB
40 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1801062927&pi=t.aa~a.768063588~rp.1&w=1155&fwrn=4&fwrnh=100&lmt=1706097290&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097290172&bpp=1&bdt=531&idt=160&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=498&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=162
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5625379829790606&plah=phishcheck.me
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
19501ff45cc2c370977ec54de776f01e27cf53954826e0556aa665a76c9c140a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://phishcheck.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
40486
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 24 Jan 2024 11:54:51 GMT
expires
Wed, 24 Jan 2024 11:54:51 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
reactive_library_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/ 		163 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/reactive_library_fy2021.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5625379829790606&plah=phishcheck.me
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
92016595204fe1edcc5030715ad76820727b191e02471967613e58d9436d1a15
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishcheck.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56683
x-xss-protection
0
server
cafe
etag
13026467143396391971
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Wed, 24 Jan 2024 11:54:51 GMT
ca-pub-5625379829790606
fundingchoicesmessages.google.com/i/ 		183 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/i/ca-pub-5625379829790606?ers=2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5625379829790606&plah=phishcheck.me
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
34b519177096c8a3856bd61cc9b83c161bab0a6370d360391e847b8579ea7113
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-hADQpwQEROtC_CPgb6HFAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishcheck.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
content-security-policy
script-src 'report-sample' 'nonce-hADQpwQEROtC_CPgb6HFAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjOsKoxSXF4KYhxXDe6Q7TdSC-qPKU6SYQ1zI8Y2oF4gfhz5heALGBxnMmCyAuyH7OVAHEjH9eMHECcU__S6YpQPzuy0smnq8vmSSAWAOI30m-YvoGxDt8PFjehE9n5YqYznq6YDrrZSBmq5jOygfEcXXTWfOAmG_ddFbd9dNZt5yZzroHiGOeT2dNAeLFrDNYVwPxlMAZrHOAuCUayAZip_QZrEFA_DlzButvIBbi5uj-engtm8CJhVPdAGYIV68"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame DED1 		124 KB
42 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280&nras=3&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1535&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=21
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5625379829790606&plah=phishcheck.me
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0e739e03db0cc93821d515e42b6c7efcfa946fc773f153b78f7e405cc4f81289
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://phishcheck.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
42616
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 24 Jan 2024 11:54:51 GMT
expires
Wed, 24 Jan 2024 11:54:51 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame EA02 		126 KB
44 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1200x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280%2C1155x280&nras=4&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2257&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=24
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5625379829790606&plah=phishcheck.me
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e4b41ce99748632ecedeac8aa0714711b401e9608da0df8d336cbdcfad9ef7b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://phishcheck.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
44853
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 24 Jan 2024 11:54:51 GMT
expires
Wed, 24 Jan 2024 11:54:51 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 6DDE 		722 B
383 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=50&adk=1321268319&adf=4099543842&pi=t.aa~a.3434894028~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1155x50&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1540&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280%2C1155x280%2C1200x90&nras=5&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2177&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=27
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5625379829790606&plah=phishcheck.me
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e61ccefe2cfcfa663fe2cd010e214ea4287b9f566a04392fef0b3ed9b435cce7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://phishcheck.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
358
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 24 Jan 2024 11:54:51 GMT
expires
Wed, 24 Jan 2024 11:54:51 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/ Frame 7818 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5625379829790606&plah=phishcheck.me
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://phishcheck.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
44028
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4209
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 23 Jan 2024 23:41:03 GMT
etag
3890843268177463596
expires
Tue, 06 Feb 2024 23:41:03 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/ Frame 53E0 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5625379829790606&plah=phishcheck.me
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://phishcheck.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
44028
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4209
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 23 Jan 2024 23:41:03 GMT
etag
3890843268177463596
expires
Tue, 06 Feb 2024 23:41:03 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/ Frame 71C6 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5625379829790606&plah=phishcheck.me
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://phishcheck.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
44028
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4209
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 23 Jan 2024 23:41:03 GMT
etag
3890843268177463596
expires
Tue, 06 Feb 2024 23:41:03 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/ Frame C6D9 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5625379829790606&plah=phishcheck.me
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://phishcheck.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
44028
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4209
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 23 Jan 2024 23:41:03 GMT
etag
3890843268177463596
expires
Tue, 06 Feb 2024 23:41:03 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
AGSKWxXUX3Lx0BuejD7G8fGoN95ESCQ0KyIZDJ5cQPZIQEwSzxXnDLJNxp57Mk9HdgrHfojuRAQK-6p06tBSIfslUdq_KTEXHRgbVEXxjVbsmiksUjoUbOJVvAsZmBSCGHEnAJisNkNzcA==
fundingchoicesmessages.google.com/f/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxXUX3Lx0BuejD7G8fGoN95ESCQ0KyIZDJ5cQPZIQEwSzxXnDLJNxp57Mk9HdgrHfojuRAQK-6p06tBSIfslUdq_KTEXHRgbVEXxjVbsmiksUjoUbOJVvAsZmBSCGHEnAJisNkNzcA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA2MDk3MjkxLDI0ODAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9waGlzaGNoZWNrLm1lLyIsbnVsbCxbWzgsIll0a3ZVdnIwS2hJIl0sWzksImRlIl0sWzE4LCJbW1swXV1dIl0sWzE2LCJbMSwxLDFdIl0sWzE5LCIyIl1dXQ
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.YtkvUvr0KhI.es5.O/am=wA/d=1/rs=AJlcJMzE1BcWevsRDsR0j0ow8Hwoup2wJA/m=kernel_loader,loader_js_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
96910c945a6cb680f3eccbb2c9bfb9405c03b5daaddd4c15b94d83eb42c08a87
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Brtz-NgGIRIMb6b3jFB4qg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishcheck.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
content-security-policy
script-src 'report-sample' 'nonce-Brtz-NgGIRIMb6b3jFB4qg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjOsOoxSXF4KQhxXDi1m2mC0B83ukO03UgvqjylOkmENcyPGNqBeIH4c-YXgCxgcZzJgsgLsh-zlQBxIx_XjBxAnFP_0umKUD87stLJp6vL5kkgFgDiN9JvmL6BsQ7fDxY3oRPZ-WKmM56umA662UgZquYzsoHxHF101nzgJhv3XRW3fXTWbecmc66B4hjnk9nTQHixawzWFcD8ZTAGaxzgLglGsgGYqf0GaxBQPw5cwbrbyAW4uHo_np4LZvAhCm_JzECAN7bXSg"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
css2
fonts.googleapis.com/ Frame 7818 		4 KB
767 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 24 Jan 2024 11:54:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 24 Jan 2024 10:35:34 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 24 Jan 2024 11:54:51 GMT
feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 7818 		205 B
650 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 13:51:31 GMT
x-content-type-options
nosniff
age
79400
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
205
x-xss-protection
0
last-modified
Thu, 20 Jul 2023 22:48:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 22 Jan 2025 13:51:31 GMT
settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 7818 		604 B
695 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:43:34 GMT
x-content-type-options
nosniff
age
43877
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
604
x-xss-protection
0
last-modified
Thu, 20 Jul 2023 22:48:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 22 Jan 2025 23:43:34 GMT
fullscreen_api_adapter_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/elements/html/ Frame 7818 		16 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/elements/html/fullscreen_api_adapter_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c2a69649d15f908464902e679f465757cff39c3f59f8d92f4117987152c50303
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:35:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
44366
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6870
x-xss-protection
0
server
cafe
etag
16407976921096022632
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Feb 2024 23:35:25 GMT
interstitial_ad_frame_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/elements/html/ Frame 7818 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/elements/html/interstitial_ad_frame_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3384e396c88e07cd7d0e46d5361eff9ab20ff9f65dfb94436030ccd116943bc6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:31:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
44616
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9462
x-xss-protection
0
server
cafe
etag
4236850132385514013
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Feb 2024 23:31:15 GMT
rtb
rtb.ads.travelaudience.com/ Frame 99D6 		7 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.ads.travelaudience.com/rtb?ads=1000428.2.0.70020628.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60015627.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=160&y=600&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLXvhivqwZf_OGbWNgrAPxcu4-AzKkbX7ctPipc7RCsCNtwEQASAAYJWCoIKwB4IBF2NhLXB1Yi01NjI1Mzc5ODI5NzkwNjA2yAEJqQJHMi6NJTmyPqgDAcgDAqoEwwFP0Mq0n1-nfzm0KB3lV-Hf__x8NNUtopA1Cy7kAqfjM7ZIxxq-PXQxLISsWGY8kWhkBPuZ3t2KqfaFIZLUaxC8xe5JsbBcaQRV-le6fvHEI2QwpGVQGCTpeeXH5p7Y_eLeRXZDulx1SWFis6b1yHV_cMSR3IMn7qDbA9kpibhx3tIOc7AwA-8zy4TFxqyUptlPjMwSHScJvL9hsgwBbXz4KxDH95GLUcRIHhJ33Zm59leNN9BNqNNuskx0aZ9NIciYmPiABpPs9bHTj7eAkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYrpbG1_v1gwP6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0UXHELlEfHZHDPLUhyOiSvhM_t_w%26client%3Dca-pub-5625379829790606%26adurl%3D&googlewinningprice=ZbD6igAGZ38AAIa1AA4lxXL_ss2Kx8gIYRT20w&wpc=EUR&site=phishcheck.me&slotvisibility=1&gcpm=2766413&gpos=1&bidder=bidder-rtb-production-c75795f5b-wlttz&dv=1&uuid=&suid=&brq=9P6auMitxIESrnAvGncpsj7c6ij_KzL28aa_2g&ssp_id=0&l=en&ts=1706097290&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=TmblrGGrn9gDZ4mmjshtuM9u-IhXG8wFXK5ndnoh63U=
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.187.184.108 Brussels, Belgium, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
108.184.187.35.bc.googleusercontent.com
Software
/
Resource Hash
4c4bdefb43f4c3b5fb7fc1da0cf4582acc4dcfd5650bf5c3fea5958b10ce0fe2
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 24 Jan 2024 11:54:51 GMT
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
strict-transport-security
max-age=15724800; includeSubDomains
vary
Accept-Encoding
x-engine-version
0.0.0
x-host
deliveryengine-rtb-production-b78967497-tgv4t
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 09EC 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/window_focus_fy2021.js
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 07:55:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
14348
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 07 Feb 2024 07:55:43 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 09EC 		20 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:41:57 GMT
content-encoding
br
x-content-type-options
nosniff
age
43974
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8492
x-xss-protection
0
server
cafe
etag
9878124937798820110
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Feb 2024 23:41:57 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 09EC 		205 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d5dc8f0e43d36678bfec4beb79ea87672a4d127693e591f8cc31e43c273c3f5d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66080
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1705966741457425"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 24 Jan 2024 11:54:51 GMT
rtb
rtb.ads.travelaudience.com/ Frame F9A0 		7 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.ads.travelaudience.com/rtb?ads=1000428.2.0.70020628.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60015627.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=160&y=600&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEgegivqwZYDPGbWNgrAPxcu4-AzKkbX7ctPipc7RCsCNtwEQASAAYJWCoIKwB4IBF2NhLXB1Yi01NjI1Mzc5ODI5NzkwNjA2yAEJqQJHMi6NJTmyPqgDAcgDAqoEwwFP0JFS6jPSfJM3JVHprnIP_6_O7RheCe7R0tEJERRugHELFPhoV8NnfMe2ByuVxhuPjN9bB9R55ygb0p4j6cvWNoyat4PkP6tSZZLQWtn3ijfkhVo19K_OHFjQ7lzlR9vL36jsi6QD6rqiOahgGVaDjDRXkDmF9JI3HUF6kaLpJ6gQVBkxo184H_ZZurKtRpyWOGCcDEUBf60hsmyu-m6gov9PRKM1R2McnTSnPHGMryCfwzgnRNxYsGBcG00jc5a5qQCABpPs9bHTj7eAkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYrpbG1_v1gwP6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2oWdCYTKwzmeTgiKc3OOzcC7SQ4w%26client%3Dca-pub-5625379829790606%26adurl%3D&googlewinningprice=ZbD6igAGZ4AAAIa1AA4lxbJ1o5a7FUD9cAJOlw&wpc=EUR&site=phishcheck.me&slotvisibility=1&gcpm=2755765&gpos=1&bidder=bidder-rtb-production-c75795f5b-fg5c4&dv=1&uuid=&suid=&brq=ekJpvPpWDu9e3MOA_SIxftcX2GL4hLAsPEiNzw&ssp_id=0&l=en&ts=1706097290&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=TmblrGGrn9gDZ4mmjshtuM9u-IhXG8wFXK5ndnoh63U=
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.187.184.108 Brussels, Belgium, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
108.184.187.35.bc.googleusercontent.com
Software
/
Resource Hash
0b833840de04344fdd95f89a9d472078817a4551d9239cda785e4b3ae75fa590
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 24 Jan 2024 11:54:51 GMT
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
strict-transport-security
max-age=15724800; includeSubDomains
vary
Accept-Encoding
x-engine-version
0.0.0
x-host
deliveryengine-rtb-production-b78967497-92kv8
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame C4B5 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/window_focus_fy2021.js
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 07:55:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
14348
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 07 Feb 2024 07:55:43 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame C4B5 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:41:57 GMT
content-encoding
br
x-content-type-options
nosniff
age
43974
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8492
x-xss-protection
0
server
cafe
etag
9878124937798820110
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Feb 2024 23:41:57 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame C4B5 		205 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d5dc8f0e43d36678bfec4beb79ea87672a4d127693e591f8cc31e43c273c3f5d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66080
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1705966741457425"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 24 Jan 2024 11:54:51 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 9FD1 		624 B
246 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CKv65gIQm-jrAhifksT_ATAB&v=APEucNXC_JiCjqCqpl7XGFwNkkJRK58UjCg11op55N0t3sSLQQR1OT7peb7t46Q8jwVtEElPrukv-lqIFx7W95cMLYeOn6ZB3D7kXqwv96cU2VAtfYyf_f84fof3mWVB4yoYraMvAd_bBB7nQzEnCdFcGxWTX2TB5zwlbBfHVWyaOxDKt8Tv8mY
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
222
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 24 Jan 2024 11:54:51 GMT
expires
Wed, 24 Jan 2024 11:54:51 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
abg_lite_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20240122/r20110914/ Frame 563C 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20240122/r20110914/abg_lite_fy2021.js
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
eb4fec10d8f4484b291b7c7d0de59d1b4375e000029fd1a128ad10c270d8d803
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:38:12 GMT
content-encoding
br
x-content-type-options
nosniff
age
44199
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9319
x-xss-protection
0
server
cafe
etag
16165788300067284045
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Feb 2024 23:38:12 GMT
omrhp_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20240122/r20110914/elements/html/ Frame 563C 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20240122/r20110914/elements/html/omrhp_fy2021.js
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef34301455784e8a56ecc7a80985d6fd317ddd8328b6232dc0bc3223d79c91c2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:43:47 GMT
content-encoding
br
x-content-type-options
nosniff
age
43864
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3206
x-xss-protection
0
server
cafe
etag
12640889860211258669
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Feb 2024 23:43:47 GMT
view
ad.doubleclick.net/pcs/ Frame 563C 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/pcs/view?xai=AKAOjss5TBbzP6c41PbRxSfaHr8qsWcWEYmRpP7bbPferkZSiyrOA_MkBIaf02dbXfWwa7StpIM3PUX47C0IfeLVq4u8qpeyd-as3BGBonD74dbgzI5S_RocmvnDLvpix9olCSddfB8Q5kSd6SQtS_DOS2pogLc_XnthvQrgtd7Kpr9UIzhm2DYkhXA6rc6-B_qrCKutUMhdf7Bq2iApV_EeHMVjYi4gP3N5fGJEh8kmBhkc7NypyJGBvXpQZk3mUUaTBDfBOl2yoVZd9-E30rjb7bH-bH_CmrVO-3vmi1ejXmQR1ViqA671eLtJ9ot2azcfIZjC8HDPPBffHOx2OGs8VspsT-Dqp0MTPGDmKAyV4squtimaOciadk2GoOLnod2RO1g4YXfI4pyeBnJfxd1xRuU1OJxzvaW_-1lTw41QBNP3LpC1ZJi_efhmTU4GnPV1JNzlI_rENIyrpJMi_dBv5SNqXzb2NWcxEPABrf8UAMflNfIybJACwaLMsrz7IAUgzqJAPfXkMbxQi37-zCmlWvl-vhagBtlzxlef7d9-dOSFF_SxYIpeUOdbdwOpUp1YQzUZKs015aop5Cd7BrRD6QGKQApyb-zxf9_6ZnOBNb7UndzC2zqq7uQZRJq_izO_6FZTQUDRj6wivKc-Y3_uQ81PLUMvNWt5hjdrVAJBIudCy81yJ-eDijJGaBoQdP7CDGgDYydUKV0brqNDMlxB6u88b6rMovDPazh3hG6rC1rNCaYraB_cG92zDQLyV4VEAkOKHsJ7Sn-U6gdL2AWi11dbeDWXk-XRDDK06ndn4tEEr7sgTHErwMS112wwtiDvpx31WjoQx7Ca9qtoew4ZIqjDBy13QQGwzIWl1mXDG5Fbjl9tvEvJAC-gDqtxQCnMbSY84JoeEtEhwdSFo5_VXQ03HARAYkJcHVcqlTpORB7u32aa8auHUt6HK-UtgXEoCh_5i_ZGedK7zDvmBrzApQJi7qwL7qKixubssCh0N343osP7rsTkKeBowms92qvHBjhZJ7VbjN1FyX07EGLtw5F_AbydVtkKVBWf1y0dP2rmO7O0HtsbJDwSjbZ05zM_a_cZm361PLkNEtdQ26gBwpU7PurcZH44hQZZ42orehByroG_UQgyltKS689OWnIoHx9qYghCGWMRqSoRycwRyO9fCymQIwGCSODV0v3lV9iXq8bMNHm3DtfR-NEPX8EcGX4FKXUS8j6Kx78G1iFUCRXFhmsq7Y4w4eNWDj_0YCNLMSvsZ0pfOhdxkhPtPflDvS69WW6J3GArv1H7PweG&sai=AMfl-YQg-tKMpLi5ZWdOX2foe5cgGbDpy9jlYU88EZMNOnxHUeLe-MKvxiw72LMzf4jvNZHD0TScCe8QrH8iiHYBS7-HEmAi-stMKRD7Fd59WB3K-KU4NC3hfiadZlCoInbt7XWgUomZAoAk8NzYHCmVnOBfiU37DEatL80xnZ2MLd4z-l_KxvXvZqDR9BX_ySxkulAc236y5tbaJcuTxVf3sR3-TyKNMrDOHj5TkIoaw_JzQF3HlBDPWkrNEG3SE2VqhqSUgHiOQSA7myXxwL5nMIlU19LQ0yMqUhbCU-LOpXR5-9lv2S0zGZMBUEoeQRAvO7eYs4KFvuqxHNJt-cJNJ6ui9P0VbqSDrjxM7ELS2-4ix5HwvWUPoAIPEGSjm88e3fQlVum4_DpEL_DVtz9y91f6FThBeLDfrgCXuX72yNJU60S5Ddr2LibYcYNiSe3uM2rLh5ND9OsK3LN7DqHWKv-C8C02mXfteL5YvRO492KyvnpSqdxH8C_BDvg4UOj20RuX5jTM-2ys&sig=Cg0ArKJSzOEAqS2cbt3eEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9ldG9yby5jb20&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20240122.17752&arae=0&ftch=1&adurl=
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Wed, 24 Jan 2024 11:54:51 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
cache-control
private
access-control-allow-credentials
true
timing-allow-origin
*
expires
Wed, 24 Jan 2024 11:54:51 GMT
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame 563C 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:39:57 GMT
content-encoding
br
x-content-type-options
nosniff
age
44094
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 22 Jan 2025 23:39:57 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 563C 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/window_focus_fy2021.js
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 07:55:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
14348
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 07 Feb 2024 07:55:43 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 563C 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:41:57 GMT
content-encoding
br
x-content-type-options
nosniff
age
43974
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8492
x-xss-protection
0
server
cafe
etag
9878124937798820110
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Feb 2024 23:41:57 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 563C 		205 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d5dc8f0e43d36678bfec4beb79ea87672a4d127693e591f8cc31e43c273c3f5d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66080
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1705966741457425"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 24 Jan 2024 11:54:51 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 563C 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AB-yLyyhOecMvIuPqvkybpKsMVFHGknfSs4wMNilwEcvKwUbjCLwVTZ6nayA0XaPluXKrGNodeiVMt5AarxmjxjCSew1G83Vxb-Msk-srHTaKPUoc
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
1196383320771165890
s0.2mdn.net/simgad/ Frame 563C 		2 MB
2 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/1196383320771165890
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3f77f7e2b0606d55613429fc375f64a40289fd47b32acde99551429b8177fed0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires
Tue, 21 Jan 2025 21:23:35 GMT
date
Mon, 22 Jan 2024 21:23:35 GMT
x-content-type-options
nosniff
age
138676
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1972625
x-xss-protection
0
last-modified
Mon, 27 Nov 2023 13:58:08 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
css
fonts.googleapis.com/ Frame CB79 		14 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 24 Jan 2024 11:54:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 24 Jan 2024 10:40:50 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 24 Jan 2024 11:54:51 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame CB79 		2 KB
903 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:33:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
44486
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
795
x-xss-protection
0
server
cafe
etag
4925184154378345226
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Feb 2024 23:33:25 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/ Frame CB79 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
eb4fec10d8f4484b291b7c7d0de59d1b4375e000029fd1a128ad10c270d8d803
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:36:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
44295
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9319
x-xss-protection
0
server
cafe
etag
16165788300067284045
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Feb 2024 23:36:36 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame CB79 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 07:55:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
14348
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 07 Feb 2024 07:55:43 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame CB79 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:41:57 GMT
content-encoding
br
x-content-type-options
nosniff
age
43974
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8492
x-xss-protection
0
server
cafe
etag
9878124937798820110
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Feb 2024 23:41:57 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame CB79 		205 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d5dc8f0e43d36678bfec4beb79ea87672a4d127693e591f8cc31e43c273c3f5d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66080
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1705966741457425"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 24 Jan 2024 11:54:51 GMT
4cee352c918c506f58256258d534a665.js
www.gstatic.com/mysidia/ Frame CB79 		37 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/4cee352c918c506f58256258d534a665.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:31:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
44595
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15452
x-xss-protection
0
last-modified
Sat, 13 Jan 2024 00:04:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 22 Apr 2024 23:31:36 GMT
AGSKWxUK9R8uwRpRf5A97KgdEjkmvgyApzfHDNHnZ3-PfvJI07PJKw5651Eert-ajaHyXoXTQWTk93d7E_JCiga2Ob3myUzJmXYjTFcPKkmKhT3SPfwPmDyx71TgARuLdtlGDSTyJ85ImQ==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUK9R8uwRpRf5A97KgdEjkmvgyApzfHDNHnZ3-PfvJI07PJKw5651Eert-ajaHyXoXTQWTk93d7E_JCiga2Ob3myUzJmXYjTFcPKkmKhT3SPfwPmDyx71TgARuLdtlGDSTyJ85ImQ==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.YtkvUvr0KhI.es5.O/am=wA/d=1/rs=AJlcJMzE1BcWevsRDsR0j0ow8Hwoup2wJA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-O24_5-GKiCr7x5pcQlnozQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://phishcheck.me/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
content-security-policy
script-src 'report-sample' 'nonce-O24_5-GKiCr7x5pcQlnozQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://phishcheck.me
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxVuH9EDtCBgQL3QcvBn5glKZViTUg6I6Zg4l7WjuDeqXc4_TzvkvwQHWMohpyIjgLyP0OV84hckiU_hOcNJY94gmBc3RlQ9boJNfgEUBpq66hxo2CJEOp1AqQlnKuQ1-28_CuRmeQ==
fundingchoicesmessages.google.com/f/ 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxVuH9EDtCBgQL3QcvBn5glKZViTUg6I6Zg4l7WjuDeqXc4_TzvkvwQHWMohpyIjgLyP0OV84hckiU_hOcNJY94gmBc3RlQ9boJNfgEUBpq66hxo2CJEOp1AqQlnKuQ1-28_CuRmeQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA2MDk3MjkxLDM0NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsMTBdXSwiaHR0cHM6Ly9waGlzaGNoZWNrLm1lLyIsbnVsbCxbWzgsIll0a3ZVdnIwS2hJIl0sWzksImRlIl0sWzE4LCJbW1swXV1dIl0sWzE2LCJbMSwxLDFdIl0sWzE5LCIyIl1dXQ
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.YtkvUvr0KhI.es5.O/am=wA/d=1/rs=AJlcJMzE1BcWevsRDsR0j0ow8Hwoup2wJA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
caaed4b4058e2c702b5c75580c003035120e5bb122d2f102e5f7a33922d8013e
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-8QNp6Io11kn9FETxhFymCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishcheck.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
content-security-policy
script-src 'report-sample' 'nonce-8QNp6Io11kn9FETxhFymCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjOsKoxSXFEKghxXDe6Q7TdSC-qPKU6SYQ1zI8Y2oF4gfhz5heALGBxnMmCyAuyH7OVAHEjH9eMHECcU__S6YpQPzuy0smnq8vmSSAWAOI30m-YvoGxDt8PFjehE9n5YqYznq6YDrrZSBmq5jOygfEcXXTWfOAmG_ddFbd9dNZt5yZzroHiGOeT2dNAeLFrDNYVwPxlMAZrHOAuCUayAZip_QZrEFA_DlzButvIBbi4ej-engtm8CGK3PWMQIAx9hYRg"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame D9A4 		38 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
50739
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 23 Jan 2024 21:49:12 GMT
expires
Wed, 22 Jan 2025 21:49:12 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame 563C 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ff68e62bfad368b268ac29f8664b8272695df200782ecdffbb0c4637460879a3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/png
rum
dsum-sec.casalemedia.com/ Frame 9FD1
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECKMwPbl01bp6z7FdWNNyW8&google_cver=1
43 B
779 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECKMwPbl01bp6z7FdWNNyW8&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKv65gIQm-jrAhifksT_ATAB&v=APEucNXC_JiCjqCqpl7XGFwNkkJRK58UjCg11op55N0t3sSLQQR1OT7peb7t46Q8jwVtEElPrukv-lqIFx7W95cMLYeOn6ZB3D7kXqwv96cU2VAtfYyf_f84fof3mWVB4yoYraMvAd_bBB7nQzEnCdFcGxWTX2TB5zwlbBfHVWyaOxDKt8Tv8mY
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C%2BtBfhZaJdApTE5%2BYwh%2F3uf95JaTc7wRBuGxS3%2F6fHHSxvMsAZ%2FK8pbn9dpdsOjj1Gm621QE2RgmwNB%2BPrV%2FsFFDhJDaJdn0FqM4mTtXIMJVZEtWM6FNrHvatP%2Bja7YpRu6%2FZR%2B5Yw2YoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
84a815883c806ade-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECKMwPbl01bp6z7FdWNNyW8&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 9FD1
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZbD6i0sBuk7E0NXjJkgSXgAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOFQqgRxIvgZjKpUdDkdaas&google_cver=1
43 B
735 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOFQqgRxIvgZjKpUdDkdaas&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKv65gIQm-jrAhifksT_ATAB&v=APEucNXC_JiCjqCqpl7XGFwNkkJRK58UjCg11op55N0t3sSLQQR1OT7peb7t46Q8jwVtEElPrukv-lqIFx7W95cMLYeOn6ZB3D7kXqwv96cU2VAtfYyf_f84fof3mWVB4yoYraMvAd_bBB7nQzEnCdFcGxWTX2TB5zwlbBfHVWyaOxDKt8Tv8mY
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h5QKpRpj%2FN647C8cvHdD2ALPtcEFdXtCWC2UrBkWLmOehv9s%2FMLMH5DQ2ZkIg3YA3Ft9kLjUptB5B7%2BHANYWTYhu9Y48DO4PUvNCrPNLSO1RKtseM%2F90ZCfbXWuNS531Gbar653z4QzzNA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
84a815886cbd6ade-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOFQqgRxIvgZjKpUdDkdaas&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 9FD1
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEDJNjyrKay_sSRttHZgGAv4&google_cver=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEDJNjyrKay_sSRttHZgGAv4&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKv65gIQm-jrAhifksT_ATAB&v=APEucNXC_JiCjqCqpl7XGFwNkkJRK58UjCg11op55N0t3sSLQQR1OT7peb7t46Q8jwVtEElPrukv-lqIFx7W95cMLYeOn6ZB3D7kXqwv96cU2VAtfYyf_f84fof3mWVB4yoYraMvAd_bBB7nQzEnCdFcGxWTX2TB5zwlbBfHVWyaOxDKt8Tv8mY
Protocol
H2
Server
185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
an-x-request-uuid
8a635b6b-85fa-4ef4-9460-bd6effabd3c7
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
cache-control
no-store, no-cache, private
x-proxy-origin
178.162.209.133; 178.162.209.133; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEDJNjyrKay_sSRttHZgGAv4&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 9FD1
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzA5Mjk1NjM3OTQ1MjU1MDIyMA%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzA5Mjk1NjM3OTQ1MjU1MDIyMA%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKv65gIQm-jrAhifksT_ATAB&v=APEucNXC_JiCjqCqpl7XGFwNkkJRK58UjCg11op55N0t3sSLQQR1OT7peb7t46Q8jwVtEElPrukv-lqIFx7W95cMLYeOn6ZB3D7kXqwv96cU2VAtfYyf_f84fof3mWVB4yoYraMvAd_bBB7nQzEnCdFcGxWTX2TB5zwlbBfHVWyaOxDKt8Tv8mY
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f194.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
an-x-request-uuid
733b743a-300f-401f-8589-531e5c6ecf9b
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzA5Mjk1NjM3OTQ1MjU1MDIyMA%3D%3D
x-proxy-origin
178.162.209.133; 178.162.209.133; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
el.ashx
ads.travelaudience.com/ Frame 99D6 		631 B
675 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.travelaudience.com/el.ashx?__trackerRequestId=0.19197225922891323&adPos=&ai1=1%3B1000428%3B2%3B1%3B%3B%3B0%3B-1%3B%3B%3B%3B7sOMk32o1KNqb38Y2MsA0w%3D%3D%3B60015627%3B999%252c1%3B%3B%3B2%3B4%3B50000154%3B7sOMk32o1KNqb38Y2MsA0w%3D%3D%3BEUR%3B%3B%3B%3B%3B%3B%3B%3B%3B%3B%3B%3B%3B%3B70020628%3B9P6auMitxIESrnAvGncpsj7c6ij_KzL28aa_2g%3BEUR%3B2%3B%3B%3B%3B%3B0%3B%3B&aid=&an=&ask=&at=1&bc=1&bd=bidder-rtb-production-c75795f5b-wlttz&bnr=0&brq=9P6auMitxIESrnAvGncpsj7c6ij_KzL28aa_2g&di=&did=-1&dnt=&dv=1&ed=&ev=ic&fm=160x600&gcpm=2766413&gctr=&ia=0&id5Decr=&id5Encr=&id5PID=&id5Src=&iid=&ilt=&ir=0&ld=&mai=&mat=1&mid=&na=&no=&oo=&pb=90000&pos_old=&rg=1&rts=&salt=07&sc=&site=phishcheck.me&ssp=0&sv=1&tsf=&ua=&uc=DE&ucy=&uuid=EB215F58-39ED-45C8-B9BF-645458BF4CEA&view=&vrt=&vw=&wp=ZbD6igAGZ38AAIa1AA4lxXL_ss2Kx8gIYRT20w
Requested by
Host: rtb.ads.travelaudience.com
URL: https://rtb.ads.travelaudience.com/rtb?ads=1000428.2.0.70020628.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60015627.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=160&y=600&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLXvhivqwZf_OGbWNgrAPxcu4-AzKkbX7ctPipc7RCsCNtwEQASAAYJWCoIKwB4IBF2NhLXB1Yi01NjI1Mzc5ODI5NzkwNjA2yAEJqQJHMi6NJTmyPqgDAcgDAqoEwwFP0Mq0n1-nfzm0KB3lV-Hf__x8NNUtopA1Cy7kAqfjM7ZIxxq-PXQxLISsWGY8kWhkBPuZ3t2KqfaFIZLUaxC8xe5JsbBcaQRV-le6fvHEI2QwpGVQGCTpeeXH5p7Y_eLeRXZDulx1SWFis6b1yHV_cMSR3IMn7qDbA9kpibhx3tIOc7AwA-8zy4TFxqyUptlPjMwSHScJvL9hsgwBbXz4KxDH95GLUcRIHhJ33Zm59leNN9BNqNNuskx0aZ9NIciYmPiABpPs9bHTj7eAkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYrpbG1_v1gwP6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0UXHELlEfHZHDPLUhyOiSvhM_t_w%26client%3Dca-pub-5625379829790606%26adurl%3D&googlewinningprice=ZbD6igAGZ38AAIa1AA4lxXL_ss2Kx8gIYRT20w&wpc=EUR&site=phishcheck.me&slotvisibility=1&gcpm=2766413&gpos=1&bidder=bidder-rtb-production-c75795f5b-wlttz&dv=1&uuid=&suid=&brq=9P6auMitxIESrnAvGncpsj7c6ij_KzL28aa_2g&ssp_id=0&l=en&ts=1706097290&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=TmblrGGrn9gDZ4mmjshtuM9u-IhXG8wFXK5ndnoh63U=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.0.66 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
66.0.190.35.bc.googleusercontent.com
Software
nginx/1.21.6 /
Resource Hash
25cf0f0ce42f8acd9ea6facc223f54105c7fd0cce63fb7bb5d83e6600100acbd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
content-encoding
gzip
x-engine-version
0.0.0
via
1.1 google
server
nginx/1.21.6
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
content-type
image/jpeg
x-host
tde-deliveryengine-production-5db7bf8975-m2x59
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
160x600_Dubai_Adventure_DE.gif
static.travelaudience.com/img/import/Dubai_DMO/Adventure/DE/ Frame 99D6 		174 KB
174 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.travelaudience.com/img/import/Dubai_DMO/Adventure/DE/160x600_Dubai_Adventure_DE.gif
Requested by
Host: rtb.ads.travelaudience.com
URL: https://rtb.ads.travelaudience.com/rtb?ads=1000428.2.0.70020628.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60015627.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=160&y=600&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLXvhivqwZf_OGbWNgrAPxcu4-AzKkbX7ctPipc7RCsCNtwEQASAAYJWCoIKwB4IBF2NhLXB1Yi01NjI1Mzc5ODI5NzkwNjA2yAEJqQJHMi6NJTmyPqgDAcgDAqoEwwFP0Mq0n1-nfzm0KB3lV-Hf__x8NNUtopA1Cy7kAqfjM7ZIxxq-PXQxLISsWGY8kWhkBPuZ3t2KqfaFIZLUaxC8xe5JsbBcaQRV-le6fvHEI2QwpGVQGCTpeeXH5p7Y_eLeRXZDulx1SWFis6b1yHV_cMSR3IMn7qDbA9kpibhx3tIOc7AwA-8zy4TFxqyUptlPjMwSHScJvL9hsgwBbXz4KxDH95GLUcRIHhJ33Zm59leNN9BNqNNuskx0aZ9NIciYmPiABpPs9bHTj7eAkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYrpbG1_v1gwP6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0UXHELlEfHZHDPLUhyOiSvhM_t_w%26client%3Dca-pub-5625379829790606%26adurl%3D&googlewinningprice=ZbD6igAGZ38AAIa1AA4lxXL_ss2Kx8gIYRT20w&wpc=EUR&site=phishcheck.me&slotvisibility=1&gcpm=2766413&gpos=1&bidder=bidder-rtb-production-c75795f5b-wlttz&dv=1&uuid=&suid=&brq=9P6auMitxIESrnAvGncpsj7c6ij_KzL28aa_2g&ssp_id=0&l=en&ts=1706097290&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=TmblrGGrn9gDZ4mmjshtuM9u-IhXG8wFXK5ndnoh63U=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.170.237 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.170.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
db3a779e892add0433a2120a00827db775102b2a9ebe1d9e04fa6bd698de206a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:48:56 GMT
age
355
x-guploader-uploadid
ABPtcPo5RTV3Nh-LnPmGrP0vuvXtkKvqhME0LLUQOQGvMLGwGacNdHxkdLmt46n6d2V0x26K_vs
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
178523
last-modified
Wed, 17 Jan 2024 09:07:11 GMT
server
UploadServer
etag
"43647956a2fd6e2538deb81d1a1bacc1"
vary
Origin
x-goog-generation
1705482431042442
x-goog-hash
crc32c=n9NVLw==, md5=Q2R5VqL9biU43rgdGhuswQ==
content-type
image/gif
cache-control
public, max-age=3600
x-goog-stored-content-length
178523
accept-ranges
bytes
expires
Wed, 24 Jan 2024 12:48:56 GMT
moatad.js
z.moatads.com/travel198849194933/ Frame 99D6 		334 KB
113 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/travel198849194933/moatad.js
Requested by
Host: rtb.ads.travelaudience.com
URL: https://rtb.ads.travelaudience.com/rtb?ads=1000428.2.0.70020628.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60015627.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=160&y=600&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLXvhivqwZf_OGbWNgrAPxcu4-AzKkbX7ctPipc7RCsCNtwEQASAAYJWCoIKwB4IBF2NhLXB1Yi01NjI1Mzc5ODI5NzkwNjA2yAEJqQJHMi6NJTmyPqgDAcgDAqoEwwFP0Mq0n1-nfzm0KB3lV-Hf__x8NNUtopA1Cy7kAqfjM7ZIxxq-PXQxLISsWGY8kWhkBPuZ3t2KqfaFIZLUaxC8xe5JsbBcaQRV-le6fvHEI2QwpGVQGCTpeeXH5p7Y_eLeRXZDulx1SWFis6b1yHV_cMSR3IMn7qDbA9kpibhx3tIOc7AwA-8zy4TFxqyUptlPjMwSHScJvL9hsgwBbXz4KxDH95GLUcRIHhJ33Zm59leNN9BNqNNuskx0aZ9NIciYmPiABpPs9bHTj7eAkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYrpbG1_v1gwP6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0UXHELlEfHZHDPLUhyOiSvhM_t_w%26client%3Dca-pub-5625379829790606%26adurl%3D&googlewinningprice=ZbD6igAGZ38AAIa1AA4lxXL_ss2Kx8gIYRT20w&wpc=EUR&site=phishcheck.me&slotvisibility=1&gcpm=2766413&gpos=1&bidder=bidder-rtb-production-c75795f5b-wlttz&dv=1&uuid=&suid=&brq=9P6auMitxIESrnAvGncpsj7c6ij_KzL28aa_2g&ssp_id=0&l=en&ts=1706097290&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=TmblrGGrn9gDZ4mmjshtuM9u-IhXG8wFXK5ndnoh63U=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.85.120 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-85-120.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
8ad699b94dcb8ac5c24ab5f4e6bfaa6fa8ddd26d90ff42fc3e395a8310684512

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
content-encoding
gzip
last-modified
Wed, 17 Jan 2024 10:56:36 GMT
server
AmazonS3
x-amz-request-id
ZSC9Y1HVH38GSDPM
etag
"37dd62b52cf0e911ad78369a74658368"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=57301
accept-ranges
bytes
content-length
115629
x-amz-id-2
fwslu7cjObhdXe2iG9s6A6ZkQMOsMtxEYypBYVVf3ZMDksWcjCWVNkTIald5xIXLymE3GqSrtZw=
creative.js
ads.travelaudience.com/js/ Frame 99D6 		56 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.travelaudience.com/js/creative.js?version=0.0.0
Requested by
Host: rtb.ads.travelaudience.com
URL: https://rtb.ads.travelaudience.com/rtb?ads=1000428.2.0.70020628.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60015627.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=160&y=600&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLXvhivqwZf_OGbWNgrAPxcu4-AzKkbX7ctPipc7RCsCNtwEQASAAYJWCoIKwB4IBF2NhLXB1Yi01NjI1Mzc5ODI5NzkwNjA2yAEJqQJHMi6NJTmyPqgDAcgDAqoEwwFP0Mq0n1-nfzm0KB3lV-Hf__x8NNUtopA1Cy7kAqfjM7ZIxxq-PXQxLISsWGY8kWhkBPuZ3t2KqfaFIZLUaxC8xe5JsbBcaQRV-le6fvHEI2QwpGVQGCTpeeXH5p7Y_eLeRXZDulx1SWFis6b1yHV_cMSR3IMn7qDbA9kpibhx3tIOc7AwA-8zy4TFxqyUptlPjMwSHScJvL9hsgwBbXz4KxDH95GLUcRIHhJ33Zm59leNN9BNqNNuskx0aZ9NIciYmPiABpPs9bHTj7eAkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYrpbG1_v1gwP6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0UXHELlEfHZHDPLUhyOiSvhM_t_w%26client%3Dca-pub-5625379829790606%26adurl%3D&googlewinningprice=ZbD6igAGZ38AAIa1AA4lxXL_ss2Kx8gIYRT20w&wpc=EUR&site=phishcheck.me&slotvisibility=1&gcpm=2766413&gpos=1&bidder=bidder-rtb-production-c75795f5b-wlttz&dv=1&uuid=&suid=&brq=9P6auMitxIESrnAvGncpsj7c6ij_KzL28aa_2g&ssp_id=0&l=en&ts=1706097290&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=TmblrGGrn9gDZ4mmjshtuM9u-IhXG8wFXK5ndnoh63U=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.0.66 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
66.0.190.35.bc.googleusercontent.com
Software
nginx/1.21.6 /
Resource Hash
baccf45a36486a2abc76291138c8661c88e8a2aa1ad74d279882ae80245e0fb4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
public
date
Wed, 24 Jan 2024 11:54:51 GMT
content-encoding
gzip
via
1.1 google
last-modified
Wed, 24 Jan 2024 08:55:05 GMT
server
nginx/1.21.6
etag
W/"65b0d069-e1b5"
vary
Accept-Encoding, Origin
content-type
application/javascript
cache-control
max-age=86400, public
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 25 Jan 2024 11:54:51 GMT
el.ashx
ads.travelaudience.com/ Frame F9A0 		631 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.travelaudience.com/el.ashx?__trackerRequestId=0.26365273544095486&adPos=&ai1=1%3B1000428%3B2%3B1%3B%3B%3B0%3B-1%3B%3B%3B%3B7sOMk32o1KNqb38Y2MsA0w%3D%3D%3B60015627%3B999%252c1%3B%3B%3B2%3B4%3B50000154%3B7sOMk32o1KNqb38Y2MsA0w%3D%3D%3BEUR%3B%3B%3B%3B%3B%3B%3B%3B%3B%3B%3B%3B%3B%3B70020628%3BekJpvPpWDu9e3MOA_SIxftcX2GL4hLAsPEiNzw%3BEUR%3B2%3B%3B%3B%3B%3B0%3B%3B&aid=&an=&ask=&at=1&bc=1&bd=bidder-rtb-production-c75795f5b-fg5c4&bnr=0&brq=ekJpvPpWDu9e3MOA_SIxftcX2GL4hLAsPEiNzw&di=&did=-1&dnt=&dv=1&ed=&ev=ic&fm=160x600&gcpm=2755765&gctr=&ia=0&id5Decr=&id5Encr=&id5PID=&id5Src=&iid=&ilt=&ir=0&ld=&mai=&mat=1&mid=&na=&no=&oo=&pb=90000&pos_old=&rg=1&rts=&salt=09&sc=&site=phishcheck.me&ssp=0&sv=1&tsf=&ua=&uc=DE&ucy=&uuid=9EE8ACEC-6472-4FC3-9249-BD370958F37D&view=&vrt=&vw=&wp=ZbD6igAGZ4AAAIa1AA4lxbJ1o5a7FUD9cAJOlw
Requested by
Host: rtb.ads.travelaudience.com
URL: https://rtb.ads.travelaudience.com/rtb?ads=1000428.2.0.70020628.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60015627.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=160&y=600&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEgegivqwZYDPGbWNgrAPxcu4-AzKkbX7ctPipc7RCsCNtwEQASAAYJWCoIKwB4IBF2NhLXB1Yi01NjI1Mzc5ODI5NzkwNjA2yAEJqQJHMi6NJTmyPqgDAcgDAqoEwwFP0JFS6jPSfJM3JVHprnIP_6_O7RheCe7R0tEJERRugHELFPhoV8NnfMe2ByuVxhuPjN9bB9R55ygb0p4j6cvWNoyat4PkP6tSZZLQWtn3ijfkhVo19K_OHFjQ7lzlR9vL36jsi6QD6rqiOahgGVaDjDRXkDmF9JI3HUF6kaLpJ6gQVBkxo184H_ZZurKtRpyWOGCcDEUBf60hsmyu-m6gov9PRKM1R2McnTSnPHGMryCfwzgnRNxYsGBcG00jc5a5qQCABpPs9bHTj7eAkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYrpbG1_v1gwP6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2oWdCYTKwzmeTgiKc3OOzcC7SQ4w%26client%3Dca-pub-5625379829790606%26adurl%3D&googlewinningprice=ZbD6igAGZ4AAAIa1AA4lxbJ1o5a7FUD9cAJOlw&wpc=EUR&site=phishcheck.me&slotvisibility=1&gcpm=2755765&gpos=1&bidder=bidder-rtb-production-c75795f5b-fg5c4&dv=1&uuid=&suid=&brq=ekJpvPpWDu9e3MOA_SIxftcX2GL4hLAsPEiNzw&ssp_id=0&l=en&ts=1706097290&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=TmblrGGrn9gDZ4mmjshtuM9u-IhXG8wFXK5ndnoh63U=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.0.66 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
66.0.190.35.bc.googleusercontent.com
Software
nginx/1.21.6 /
Resource Hash
25cf0f0ce42f8acd9ea6facc223f54105c7fd0cce63fb7bb5d83e6600100acbd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
content-encoding
gzip
x-engine-version
0.0.0
via
1.1 google
server
nginx/1.21.6
vary
Accept-Encoding
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
content-type
image/jpeg
x-host
tde-deliveryengine-production-5db7bf8975-gvxzv
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
160x600_Dubai_Adventure_DE.gif
static.travelaudience.com/img/import/Dubai_DMO/Adventure/DE/ Frame F9A0 		174 KB
175 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.travelaudience.com/img/import/Dubai_DMO/Adventure/DE/160x600_Dubai_Adventure_DE.gif
Requested by
Host: rtb.ads.travelaudience.com
URL: https://rtb.ads.travelaudience.com/rtb?ads=1000428.2.0.70020628.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60015627.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=160&y=600&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEgegivqwZYDPGbWNgrAPxcu4-AzKkbX7ctPipc7RCsCNtwEQASAAYJWCoIKwB4IBF2NhLXB1Yi01NjI1Mzc5ODI5NzkwNjA2yAEJqQJHMi6NJTmyPqgDAcgDAqoEwwFP0JFS6jPSfJM3JVHprnIP_6_O7RheCe7R0tEJERRugHELFPhoV8NnfMe2ByuVxhuPjN9bB9R55ygb0p4j6cvWNoyat4PkP6tSZZLQWtn3ijfkhVo19K_OHFjQ7lzlR9vL36jsi6QD6rqiOahgGVaDjDRXkDmF9JI3HUF6kaLpJ6gQVBkxo184H_ZZurKtRpyWOGCcDEUBf60hsmyu-m6gov9PRKM1R2McnTSnPHGMryCfwzgnRNxYsGBcG00jc5a5qQCABpPs9bHTj7eAkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYrpbG1_v1gwP6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2oWdCYTKwzmeTgiKc3OOzcC7SQ4w%26client%3Dca-pub-5625379829790606%26adurl%3D&googlewinningprice=ZbD6igAGZ4AAAIa1AA4lxbJ1o5a7FUD9cAJOlw&wpc=EUR&site=phishcheck.me&slotvisibility=1&gcpm=2755765&gpos=1&bidder=bidder-rtb-production-c75795f5b-fg5c4&dv=1&uuid=&suid=&brq=ekJpvPpWDu9e3MOA_SIxftcX2GL4hLAsPEiNzw&ssp_id=0&l=en&ts=1706097290&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=TmblrGGrn9gDZ4mmjshtuM9u-IhXG8wFXK5ndnoh63U=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.170.237 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.170.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
db3a779e892add0433a2120a00827db775102b2a9ebe1d9e04fa6bd698de206a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:48:56 GMT
age
355
x-guploader-uploadid
ABPtcPo5RTV3Nh-LnPmGrP0vuvXtkKvqhME0LLUQOQGvMLGwGacNdHxkdLmt46n6d2V0x26K_vs
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
178523
last-modified
Wed, 17 Jan 2024 09:07:11 GMT
server
UploadServer
etag
"43647956a2fd6e2538deb81d1a1bacc1"
vary
Origin
x-goog-generation
1705482431042442
x-goog-hash
crc32c=n9NVLw==, md5=Q2R5VqL9biU43rgdGhuswQ==
content-type
image/gif
cache-control
public, max-age=3600
x-goog-stored-content-length
178523
accept-ranges
bytes
expires
Wed, 24 Jan 2024 12:48:56 GMT
moatad.js
z.moatads.com/travel198849194933/ Frame F9A0 		334 KB
113 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/travel198849194933/moatad.js
Requested by
Host: rtb.ads.travelaudience.com
URL: https://rtb.ads.travelaudience.com/rtb?ads=1000428.2.0.70020628.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60015627.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=160&y=600&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEgegivqwZYDPGbWNgrAPxcu4-AzKkbX7ctPipc7RCsCNtwEQASAAYJWCoIKwB4IBF2NhLXB1Yi01NjI1Mzc5ODI5NzkwNjA2yAEJqQJHMi6NJTmyPqgDAcgDAqoEwwFP0JFS6jPSfJM3JVHprnIP_6_O7RheCe7R0tEJERRugHELFPhoV8NnfMe2ByuVxhuPjN9bB9R55ygb0p4j6cvWNoyat4PkP6tSZZLQWtn3ijfkhVo19K_OHFjQ7lzlR9vL36jsi6QD6rqiOahgGVaDjDRXkDmF9JI3HUF6kaLpJ6gQVBkxo184H_ZZurKtRpyWOGCcDEUBf60hsmyu-m6gov9PRKM1R2McnTSnPHGMryCfwzgnRNxYsGBcG00jc5a5qQCABpPs9bHTj7eAkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYrpbG1_v1gwP6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2oWdCYTKwzmeTgiKc3OOzcC7SQ4w%26client%3Dca-pub-5625379829790606%26adurl%3D&googlewinningprice=ZbD6igAGZ4AAAIa1AA4lxbJ1o5a7FUD9cAJOlw&wpc=EUR&site=phishcheck.me&slotvisibility=1&gcpm=2755765&gpos=1&bidder=bidder-rtb-production-c75795f5b-fg5c4&dv=1&uuid=&suid=&brq=ekJpvPpWDu9e3MOA_SIxftcX2GL4hLAsPEiNzw&ssp_id=0&l=en&ts=1706097290&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=TmblrGGrn9gDZ4mmjshtuM9u-IhXG8wFXK5ndnoh63U=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.85.120 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-85-120.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
8ad699b94dcb8ac5c24ab5f4e6bfaa6fa8ddd26d90ff42fc3e395a8310684512

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
content-encoding
gzip
last-modified
Wed, 17 Jan 2024 10:56:36 GMT
server
AmazonS3
x-amz-request-id
ZSC9Y1HVH38GSDPM
etag
"37dd62b52cf0e911ad78369a74658368"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=57301
accept-ranges
bytes
content-length
115629
x-amz-id-2
fwslu7cjObhdXe2iG9s6A6ZkQMOsMtxEYypBYVVf3ZMDksWcjCWVNkTIald5xIXLymE3GqSrtZw=
creative.js
ads.travelaudience.com/js/ Frame F9A0 		56 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.travelaudience.com/js/creative.js?version=0.0.0
Requested by
Host: rtb.ads.travelaudience.com
URL: https://rtb.ads.travelaudience.com/rtb?ads=1000428.2.0.70020628.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60015627.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=160&y=600&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEgegivqwZYDPGbWNgrAPxcu4-AzKkbX7ctPipc7RCsCNtwEQASAAYJWCoIKwB4IBF2NhLXB1Yi01NjI1Mzc5ODI5NzkwNjA2yAEJqQJHMi6NJTmyPqgDAcgDAqoEwwFP0JFS6jPSfJM3JVHprnIP_6_O7RheCe7R0tEJERRugHELFPhoV8NnfMe2ByuVxhuPjN9bB9R55ygb0p4j6cvWNoyat4PkP6tSZZLQWtn3ijfkhVo19K_OHFjQ7lzlR9vL36jsi6QD6rqiOahgGVaDjDRXkDmF9JI3HUF6kaLpJ6gQVBkxo184H_ZZurKtRpyWOGCcDEUBf60hsmyu-m6gov9PRKM1R2McnTSnPHGMryCfwzgnRNxYsGBcG00jc5a5qQCABpPs9bHTj7eAkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYrpbG1_v1gwP6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2oWdCYTKwzmeTgiKc3OOzcC7SQ4w%26client%3Dca-pub-5625379829790606%26adurl%3D&googlewinningprice=ZbD6igAGZ4AAAIa1AA4lxbJ1o5a7FUD9cAJOlw&wpc=EUR&site=phishcheck.me&slotvisibility=1&gcpm=2755765&gpos=1&bidder=bidder-rtb-production-c75795f5b-fg5c4&dv=1&uuid=&suid=&brq=ekJpvPpWDu9e3MOA_SIxftcX2GL4hLAsPEiNzw&ssp_id=0&l=en&ts=1706097290&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=TmblrGGrn9gDZ4mmjshtuM9u-IhXG8wFXK5ndnoh63U=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.0.66 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
66.0.190.35.bc.googleusercontent.com
Software
nginx/1.21.6 /
Resource Hash
baccf45a36486a2abc76291138c8661c88e8a2aa1ad74d279882ae80245e0fb4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
public
date
Wed, 24 Jan 2024 11:54:51 GMT
content-encoding
gzip
via
1.1 google
last-modified
Wed, 17 Jan 2024 16:02:44 GMT
server
nginx/1.21.6
etag
W/"65a7fa24-e1b5"
vary
Accept-Encoding, Origin
content-type
application/javascript
cache-control
max-age=86400, public
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 25 Jan 2024 11:54:51 GMT
IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js
pagead2.googlesyndication.com/bg/ Frame D9A4 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 07:55:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
14382
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15219
x-xss-protection
0
last-modified
Mon, 15 Jan 2024 09:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 23 Jan 2025 07:55:09 GMT
WCj_J8NcEslNDYs839d7KGBgNEN8AJkC0oz39by2qQc.js
pagead2.googlesyndication.com/bg/ Frame D44C 		50 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/WCj_J8NcEslNDYs839d7KGBgNEN8AJkC0oz39by2qQc.js
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5828ff27c35c12c94d0d8b3cdfd77b28606034437c009902d28cf7f5bcb6a907
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:27:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
44840
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19599
x-xss-protection
0
last-modified
Mon, 15 Jan 2024 09:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 22 Jan 2025 23:27:31 GMT
css
fonts.googleapis.com/ Frame 3D8A 		4 KB
655 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1801062927&pi=t.aa~a.768063588~rp.1&w=1155&fwrn=4&fwrnh=100&lmt=1706097290&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097290172&bpp=1&bdt=531&idt=160&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=498&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=162
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 24 Jan 2024 11:54:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 24 Jan 2024 10:41:25 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 24 Jan 2024 11:54:51 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 3D8A 		2 KB
822 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1801062927&pi=t.aa~a.768063588~rp.1&w=1155&fwrn=4&fwrnh=100&lmt=1706097290&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097290172&bpp=1&bdt=531&idt=160&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=498&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=162
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:33:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
44486
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
795
x-xss-protection
0
server
cafe
etag
4925184154378345226
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Feb 2024 23:33:25 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/ Frame 3D8A 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1801062927&pi=t.aa~a.768063588~rp.1&w=1155&fwrn=4&fwrnh=100&lmt=1706097290&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097290172&bpp=1&bdt=531&idt=160&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=498&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=162
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
eb4fec10d8f4484b291b7c7d0de59d1b4375e000029fd1a128ad10c270d8d803
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:36:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
44295
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9319
x-xss-protection
0
server
cafe
etag
16165788300067284045
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Feb 2024 23:36:36 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 3D8A 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1801062927&pi=t.aa~a.768063588~rp.1&w=1155&fwrn=4&fwrnh=100&lmt=1706097290&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097290172&bpp=1&bdt=531&idt=160&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=498&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=162
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 07:55:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
14348
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 07 Feb 2024 07:55:43 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame 3D8A 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1801062927&pi=t.aa~a.768063588~rp.1&w=1155&fwrn=4&fwrnh=100&lmt=1706097290&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097290172&bpp=1&bdt=531&idt=160&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=498&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=162
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:41:57 GMT
content-encoding
br
x-content-type-options
nosniff
age
43974
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8492
x-xss-protection
0
server
cafe
etag
9878124937798820110
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Feb 2024 23:41:57 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 3D8A 		205 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1801062927&pi=t.aa~a.768063588~rp.1&w=1155&fwrn=4&fwrnh=100&lmt=1706097290&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097290172&bpp=1&bdt=531&idt=160&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=498&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=162
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d5dc8f0e43d36678bfec4beb79ea87672a4d127693e591f8cc31e43c273c3f5d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66080
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1705966741457425"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 24 Jan 2024 11:54:51 GMT
5ff8bb2821e31fbf08fa14f5007a6efe.js
www.gstatic.com/mysidia/ Frame 3D8A 		37 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/5ff8bb2821e31fbf08fa14f5007a6efe.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1801062927&pi=t.aa~a.768063588~rp.1&w=1155&fwrn=4&fwrnh=100&lmt=1706097290&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097290172&bpp=1&bdt=531&idt=160&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=498&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=162
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
54db8dca7039b548a0aa4e5e22fcea2a4e536b8aaec0b13a750dbc61ca3f3538
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:31:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
44617
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15476
x-xss-protection
0
last-modified
Tue, 23 Jan 2024 00:40:02 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 22 Apr 2024 23:31:14 GMT
view
ad.doubleclick.net/pcs/ Frame 563C 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/pcs/view?xai=AKAOjss5TBbzP6c41PbRxSfaHr8qsWcWEYmRpP7bbPferkZSiyrOA_MkBIaf02dbXfWwa7StpIM3PUX47C0IfeLVq4u8qpeyd-as3BGBonD74dbgzI5S_RocmvnDLvpix9olCSddfB8Q5kSd6SQtS_DOS2pogLc_XnthvQrgtd7Kpr9UIzhm2DYkhXA6rc6-B_qrCKutUMhdf7Bq2iApV_EeHMVjYi4gP3N5fGJEh8kmBhkc7NypyJGBvXpQZk3mUUaTBDfBOl2yoVZd9-E30rjb7bH-bH_CmrVO-3vmi1ejXmQR1ViqA671eLtJ9ot2azcfIZjC8HDPPBffHOx2OGs8VspsT-Dqp0MTPGDmKAyV4squtimaOciadk2GoOLnod2RO1g4YXfI4pyeBnJfxd1xRuU1OJxzvaW_-1lTw41QBNP3LpC1ZJi_efhmTU4GnPV1JNzlI_rENIyrpJMi_dBv5SNqXzb2NWcxEPABrf8UAMflNfIybJACwaLMsrz7IAUgzqJAPfXkMbxQi37-zCmlWvl-vhagBtlzxlef7d9-dOSFF_SxYIpeUOdbdwOpUp1YQzUZKs015aop5Cd7BrRD6QGKQApyb-zxf9_6ZnOBNb7UndzC2zqq7uQZRJq_izO_6FZTQUDRj6wivKc-Y3_uQ81PLUMvNWt5hjdrVAJBIudCy81yJ-eDijJGaBoQdP7CDGgDYydUKV0brqNDMlxB6u88b6rMovDPazh3hG6rC1rNCaYraB_cG92zDQLyV4VEAkOKHsJ7Sn-U6gdL2AWi11dbeDWXk-XRDDK06ndn4tEEr7sgTHErwMS112wwtiDvpx31WjoQx7Ca9qtoew4ZIqjDBy13QQGwzIWl1mXDG5Fbjl9tvEvJAC-gDqtxQCnMbSY84JoeEtEhwdSFo5_VXQ03HARAYkJcHVcqlTpORB7u32aa8auHUt6HK-UtgXEoCh_5i_ZGedK7zDvmBrzApQJi7qwL7qKixubssCh0N343osP7rsTkKeBowms92qvHBjhZJ7VbjN1FyX07EGLtw5F_AbydVtkKVBWf1y0dP2rmO7O0HtsbJDwSjbZ05zM_a_cZm361PLkNEtdQ26gBwpU7PurcZH44hQZZ42orehByroG_UQgyltKS689OWnIoHx9qYghCGWMRqSoRycwRyO9fCymQIwGCSODV0v3lV9iXq8bMNHm3DtfR-NEPX8EcGX4FKXUS8j6Kx78G1iFUCRXFhmsq7Y4w4eNWDj_0YCNLMSvsZ0pfOhdxkhPtPflDvS69WW6J3GArv1H7PweG&sai=AMfl-YQg-tKMpLi5ZWdOX2foe5cgGbDpy9jlYU88EZMNOnxHUeLe-MKvxiw72LMzf4jvNZHD0TScCe8QrH8iiHYBS7-HEmAi-stMKRD7Fd59WB3K-KU4NC3hfiadZlCoInbt7XWgUomZAoAk8NzYHCmVnOBfiU37DEatL80xnZ2MLd4z-l_KxvXvZqDR9BX_ySxkulAc236y5tbaJcuTxVf3sR3-TyKNMrDOHj5TkIoaw_JzQF3HlBDPWkrNEG3SE2VqhqSUgHiOQSA7myXxwL5nMIlU19LQ0yMqUhbCU-LOpXR5-9lv2S0zGZMBUEoeQRAvO7eYs4KFvuqxHNJt-cJNJ6ui9P0VbqSDrjxM7ELS2-4ix5HwvWUPoAIPEGSjm88e3fQlVum4_DpEL_DVtz9y91f6FThBeLDfrgCXuX72yNJU60S5Ddr2LibYcYNiSe3uM2rLh5ND9OsK3LN7DqHWKv-C8C02mXfteL5YvRO492KyvnpSqdxH8C_BDvg4UOj20RuX5jTM-2ys&sig=Cg0ArKJSzOEAqS2cbt3eEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9ldG9yby5jb20&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=262&vt=11&dtpt=261&dett=2&cstd=0&cisv=r20240122.17752&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
2728354180183721846
tpc.googlesyndication.com/simgad/17418262659696052794/ Frame 3D8A 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/17418262659696052794/2728354180183721846?w=600&h=314&tw=1&q=75
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1801062927&pi=t.aa~a.768063588~rp.1&w=1155&fwrn=4&fwrnh=100&lmt=1706097290&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097290172&bpp=1&bdt=531&idt=160&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=498&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=162
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0db3be559e2ede132b39c1986d8049022061fcdd4253f9fd328a65258e833c2a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

allow-fenced-frame-automatic-beacons
true
date
Wed, 24 Jan 2024 11:54:51 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24441
x-xss-protection
0
last-modified
Tue, 28 Jun 2022 22:20:06 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 23 Jan 2025 11:54:51 GMT
2728354180183721846
tpc.googlesyndication.com/simgad/5764291513729847510/ Frame 3D8A 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/5764291513729847510/2728354180183721846?w=100&h=100&tw=1&q=75
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1801062927&pi=t.aa~a.768063588~rp.1&w=1155&fwrn=4&fwrnh=100&lmt=1706097290&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097290172&bpp=1&bdt=531&idt=160&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=498&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=162
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ad2011589699e6f1fbd716af022e7069cca8e54f4bf8637143c2eaf876c02f83
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires
Wed, 22 Jan 2025 21:57:55 GMT
date
Tue, 23 Jan 2024 21:57:55 GMT
x-content-type-options
nosniff
age
50216
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4548
x-xss-protection
0
last-modified
Wed, 29 Jun 2022 03:12:32 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons
true
n.js
mb.moatads.com/ Frame F9A0 		84 B
160 B 		Script
General
Check archive.org
Download Go to
Full URL
https://mb.moatads.com/n.js?e=35&ol=2300941551&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K%25.K%24%3D!%5DxqxLmEV2fy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-LHlF2iVmV38nsW5MfUWeGV63nryfnddNoipOGLOPg%2Fj24vrl5%2FmliBNlAlwWxmRnpyWz&rs=1-EcfEEAlWe0wLgg%3D%3D&sc=1&os=1-AA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=0&qe=0&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&i=TRAVELAUDIENCE_DISPLAY1&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=1&nh=1&j=https%3A%2F%2Fgoogleads.g.doubleclick.net&lp=https%3A%2F%2Fphishcheck.me&t=1706097291651&de=110223294201&m=0&ar=805b0ce1b97-clean&iw=4a25902&q=2&cb=0&ym=0&cu=1706097291651&ll=2&lm=3&ln=1&r=0&em=0&en=0&d=1000428%3A50000154%3A60015627%3A70020628&zMoatSSP=0&zMoatDeal=-1&zMoatSubdomain=phishcheck.me&zMoatIMPID=ekJpvPpWDu9e3MOA_SIxftcX2GL4hLAsPEiNzw&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fphishcheck.me&id=0&ii=2&bo=googleads.g.doubleclick.net&bd=160x600&zMoatOrigSlicer1=googleads.g.doubleclick.net&zMoatOrigSlicer2=160x600&zMoatDomain=phishcheck.me&gw=travel198849194933&fd=1&it=500&ti=0&ih=2&pe=0%3A-%3A-%3A0%3A0&jk=-1&jm=-1&fs=207009&na=1131612406&cs=0&ord=1706097291651&jv=731314305&callback=DOMlessLLDcallback_39071356
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/travel198849194933/moatad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.162.160.243 Slough, United Kingdom, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
istio-envoy /
Resource Hash
a122bce420d60fd8d80b6d49110b7fbe427175ea7a327bed2591d135bc92ccf8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
server
istio-envoy
etag
"894ae9058a63e0415550d497f404ff8e150f0aba"
content-type
text/html; charset=UTF-8
cache-control
max-age=900
x-envoy-upstream-service-time
12
timing-allow-origin
*
content-length
84
pixel.gif
px.moatads.com/ Frame F9A0 		43 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=TRAVELAUDIENCE_DISPLAY1&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=1&nh=1&j=https%3A%2F%2Fgoogleads.g.doubleclick.net&lp=https%3A%2F%2Fphishcheck.me&t=1706097291651&de=110223294201&m=0&ar=805b0ce1b97-clean&iw=4a25902&q=3&cb=0&ym=0&cu=1706097291651&ll=2&lm=3&ln=1&r=0&em=0&en=0&d=1000428%3A50000154%3A60015627%3A70020628&zMoatSSP=0&zMoatDeal=-1&zMoatSubdomain=phishcheck.me&zMoatIMPID=ekJpvPpWDu9e3MOA_SIxftcX2GL4hLAsPEiNzw&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fphishcheck.me&id=0&ii=2&bo=googleads.g.doubleclick.net&bd=160x600&zMoatOrigSlicer1=googleads.g.doubleclick.net&zMoatOrigSlicer2=160x600&zMoatDomain=phishcheck.me&gw=travel198849194933&fd=1&it=500&ti=0&ih=2&pe=0%3A-%3A-%3A0%3A0&jk=-1&jm=-1&fs=207009&na=805428846&cs=0
Requested by
Host: rtb.ads.travelaudience.com
URL: https://rtb.ads.travelaudience.com/rtb?ads=1000428.2.0.70020628.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60015627.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=160&y=600&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEgegivqwZYDPGbWNgrAPxcu4-AzKkbX7ctPipc7RCsCNtwEQASAAYJWCoIKwB4IBF2NhLXB1Yi01NjI1Mzc5ODI5NzkwNjA2yAEJqQJHMi6NJTmyPqgDAcgDAqoEwwFP0JFS6jPSfJM3JVHprnIP_6_O7RheCe7R0tEJERRugHELFPhoV8NnfMe2ByuVxhuPjN9bB9R55ygb0p4j6cvWNoyat4PkP6tSZZLQWtn3ijfkhVo19K_OHFjQ7lzlR9vL36jsi6QD6rqiOahgGVaDjDRXkDmF9JI3HUF6kaLpJ6gQVBkxo184H_ZZurKtRpyWOGCcDEUBf60hsmyu-m6gov9PRKM1R2McnTSnPHGMryCfwzgnRNxYsGBcG00jc5a5qQCABpPs9bHTj7eAkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYrpbG1_v1gwP6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2oWdCYTKwzmeTgiKc3OOzcC7SQ4w%26client%3Dca-pub-5625379829790606%26adurl%3D&googlewinningprice=ZbD6igAGZ4AAAIa1AA4lxbJ1o5a7FUD9cAJOlw&wpc=EUR&site=phishcheck.me&slotvisibility=1&gcpm=2755765&gpos=1&bidder=bidder-rtb-production-c75795f5b-fg5c4&dv=1&uuid=&suid=&brq=ekJpvPpWDu9e3MOA_SIxftcX2GL4hLAsPEiNzw&ssp_id=0&l=en&ts=1706097290&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=TmblrGGrn9gDZ4mmjshtuM9u-IhXG8wFXK5ndnoh63U=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.85.120 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-85-120.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jan 2024 11:54:51 GMT
n.js
mb.moatads.com/ Frame 99D6 		84 B
262 B 		Script
General
Check archive.org
Download Go to
Full URL
https://mb.moatads.com/n.js?e=35&ol=2300941551&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K%25.K%24%3D!%5DxqxLmEV2fy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-4PNLd6uuVWlgP6m3tVv3EhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-mh1aRxmAS248Xw%3D%3D&sc=1&os=1-WQ%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=0&qe=0&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&i=TRAVELAUDIENCE_DISPLAY1&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=1&nh=1&j=https%3A%2F%2Fgoogleads.g.doubleclick.net&lp=https%3A%2F%2Fphishcheck.me&t=1706097291694&de=688577920801&m=0&ar=805b0ce1b97-clean&iw=4a25902&q=2&cb=0&ym=0&cu=1706097291694&ll=2&lm=3&ln=1&r=0&em=0&en=0&d=1000428%3A50000154%3A60015627%3A70020628&zMoatSSP=0&zMoatDeal=-1&zMoatSubdomain=phishcheck.me&zMoatIMPID=9P6auMitxIESrnAvGncpsj7c6ij_KzL28aa_2g&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fphishcheck.me&id=0&ii=2&bo=googleads.g.doubleclick.net&bd=160x600&zMoatOrigSlicer1=googleads.g.doubleclick.net&zMoatOrigSlicer2=160x600&zMoatDomain=phishcheck.me&gw=travel198849194933&fd=1&it=500&ti=0&ih=2&pe=0%3A-%3A-%3A0%3A0&jk=-1&jm=-1&fs=207009&na=155474831&cs=0&ord=1706097291694&jv=1953221026&callback=DOMlessLLDcallback_77502183
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/travel198849194933/moatad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.162.160.243 Slough, United Kingdom, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
istio-envoy /
Resource Hash
242b74e6d4d539082c6eb8ec75a99a64b4756fa8de5089ae9b701756a0453d61

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
server
istio-envoy
etag
"efff4fc1883977fc440296e8ea2e7ee155bbfc48"
content-type
text/html; charset=UTF-8
cache-control
max-age=900
x-envoy-upstream-service-time
10
timing-allow-origin
*
content-length
84
pixel.gif
px.moatads.com/ Frame 99D6 		43 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=TRAVELAUDIENCE_DISPLAY1&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=1&nh=1&j=https%3A%2F%2Fgoogleads.g.doubleclick.net&lp=https%3A%2F%2Fphishcheck.me&t=1706097291694&de=688577920801&m=0&ar=805b0ce1b97-clean&iw=4a25902&q=3&cb=0&ym=0&cu=1706097291694&ll=2&lm=3&ln=1&r=0&em=0&en=0&d=1000428%3A50000154%3A60015627%3A70020628&zMoatSSP=0&zMoatDeal=-1&zMoatSubdomain=phishcheck.me&zMoatIMPID=9P6auMitxIESrnAvGncpsj7c6ij_KzL28aa_2g&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fphishcheck.me&id=0&ii=2&bo=googleads.g.doubleclick.net&bd=160x600&zMoatOrigSlicer1=googleads.g.doubleclick.net&zMoatOrigSlicer2=160x600&zMoatDomain=phishcheck.me&gw=travel198849194933&fd=1&it=500&ti=0&ih=2&pe=0%3A-%3A-%3A0%3A0&jk=-1&jm=-1&fs=207009&na=991512037&cs=0
Requested by
Host: rtb.ads.travelaudience.com
URL: https://rtb.ads.travelaudience.com/rtb?ads=1000428.2.0.70020628.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60015627.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=160&y=600&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLXvhivqwZf_OGbWNgrAPxcu4-AzKkbX7ctPipc7RCsCNtwEQASAAYJWCoIKwB4IBF2NhLXB1Yi01NjI1Mzc5ODI5NzkwNjA2yAEJqQJHMi6NJTmyPqgDAcgDAqoEwwFP0Mq0n1-nfzm0KB3lV-Hf__x8NNUtopA1Cy7kAqfjM7ZIxxq-PXQxLISsWGY8kWhkBPuZ3t2KqfaFIZLUaxC8xe5JsbBcaQRV-le6fvHEI2QwpGVQGCTpeeXH5p7Y_eLeRXZDulx1SWFis6b1yHV_cMSR3IMn7qDbA9kpibhx3tIOc7AwA-8zy4TFxqyUptlPjMwSHScJvL9hsgwBbXz4KxDH95GLUcRIHhJ33Zm59leNN9BNqNNuskx0aZ9NIciYmPiABpPs9bHTj7eAkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYrpbG1_v1gwP6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0UXHELlEfHZHDPLUhyOiSvhM_t_w%26client%3Dca-pub-5625379829790606%26adurl%3D&googlewinningprice=ZbD6igAGZ38AAIa1AA4lxXL_ss2Kx8gIYRT20w&wpc=EUR&site=phishcheck.me&slotvisibility=1&gcpm=2766413&gpos=1&bidder=bidder-rtb-production-c75795f5b-wlttz&dv=1&uuid=&suid=&brq=9P6auMitxIESrnAvGncpsj7c6ij_KzL28aa_2g&ssp_id=0&l=en&ts=1706097290&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=TmblrGGrn9gDZ4mmjshtuM9u-IhXG8wFXK5ndnoh63U=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.85.120 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-85-120.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jan 2024 11:54:51 GMT
css
fonts.googleapis.com/ Frame DED1 		4 KB
655 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280&nras=3&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1535&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=21
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 24 Jan 2024 11:54:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 24 Jan 2024 11:37:13 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 24 Jan 2024 11:54:51 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame DED1 		2 KB
822 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280&nras=3&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1535&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=21
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:33:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
44486
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
795
x-xss-protection
0
server
cafe
etag
4925184154378345226
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Feb 2024 23:33:25 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/ Frame DED1 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280&nras=3&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1535&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=21
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
eb4fec10d8f4484b291b7c7d0de59d1b4375e000029fd1a128ad10c270d8d803
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:36:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
44295
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9319
x-xss-protection
0
server
cafe
etag
16165788300067284045
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Feb 2024 23:36:36 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame DED1 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280&nras=3&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1535&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=21
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 07:55:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
14348
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 07 Feb 2024 07:55:43 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame DED1 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280&nras=3&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1535&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=21
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:41:57 GMT
content-encoding
br
x-content-type-options
nosniff
age
43974
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8492
x-xss-protection
0
server
cafe
etag
9878124937798820110
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Feb 2024 23:41:57 GMT
l
www.google.com/ads/measurement/ Frame DED1 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaS1lxtQXfQPG2WS6_7vJXJLMhv2lCE_qHw_RLYDX6YnEQzFf9TGojZdIVmH0Yta-Zk2Q9pOzDC6Jb2RnMa0puJg4lm2zw
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280&nras=3&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1535&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=21
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame DED1 		205 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280&nras=3&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1535&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=21
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d5dc8f0e43d36678bfec4beb79ea87672a4d127693e591f8cc31e43c273c3f5d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66080
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1705966741457425"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 24 Jan 2024 11:54:51 GMT
4cee352c918c506f58256258d534a665.js
www.gstatic.com/mysidia/ Frame DED1 		37 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/4cee352c918c506f58256258d534a665.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280&nras=3&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1535&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=21
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:31:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
44595
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15452
x-xss-protection
0
last-modified
Sat, 13 Jan 2024 00:04:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 22 Apr 2024 23:31:36 GMT
js-err
rtb.ads.travelaudience.com/ Frame F9A0 		35 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.ads.travelaudience.com/js-err?description=Script%20error.&url=&line=0&col=0&parent_url=https%3A%2F%2Frtb.ads.travelaudience.com%2Frtb%3Fads%3D1000428.2.0.70020628.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%253D%253D.60015627.OTk5JTJjMQ%3D%3D...7sOMk32o1KNqb38Y2MsA0w%253D%253D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ%3D%3D.2.0%26p%3D90000%26x%3D160%26y%3D600%26click%3Dhttps%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCEgegivqwZYDPGbWNgrAPxcu4-AzKkbX7ctPipc7RCsCNtwEQASAAYJWCoIKwB4IBF2NhLXB1Yi01NjI1Mzc5ODI5NzkwNjA2yAEJqQJHMi6NJTmyPqgDAcgDAqoEwwFP0JFS6jPSfJM3JVHprnIP_6_O7RheCe7R0tEJERRugHELFPhoV8NnfMe2ByuVxhuPjN9bB9R55ygb0p4j6cvWNoyat4PkP6tSZZLQWtn3ijfkhVo19K_OHFjQ7lzlR9vL36jsi6QD6rqiOahgGVaDjDRXkDmF9JI3HUF6kaLpJ6gQVBkxo184H_ZZurKtRpyWOGCcDEUBf60hsmyu-m6gov9PRKM1R2McnTSnPHGMryCfwzgnRNxYsGBcG00jc5a5qQCABpPs9bHTj7eAkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYrpbG1_v1gwP6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2oWdCYTKwzmeTgiKc3OOzcC7SQ4w%2526client%253Dca-pub-5625379829790606%2526adurl%253D%26googlewinningprice%3DZbD6igAGZ4AAAIa1AA4lxbJ1o5a7FUD9cAJOlw%26wpc%3DEUR%26site%3Dphishcheck.me%26slotvisibility%3D1%26gcpm%3D2755765%26gpos%3D1%26bidder%3Dbidder-rtb-production-c75795f5b-fg5c4%26dv%3D1%26uuid%3D%26suid%3D%26brq%3DekJpvPpWDu9e3MOA_SIxftcX2GL4hLAsPEiNzw%26ssp_id%3D0%26l%3Den%26ts%3D1706097290%26uc%3DDE%26at%3D1%26ia%3D0%26mai%3D%26mat%3D1%26ir%3D0%26an%3D%26rg%3D1%26hm%3DTmblrGGrn9gDZ4mmjshtuM9u-IhXG8wFXK5ndnoh63U%3D
Requested by
Host: rtb.ads.travelaudience.com
URL: https://rtb.ads.travelaudience.com/rtb?ads=1000428.2.0.70020628.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60015627.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=160&y=600&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEgegivqwZYDPGbWNgrAPxcu4-AzKkbX7ctPipc7RCsCNtwEQASAAYJWCoIKwB4IBF2NhLXB1Yi01NjI1Mzc5ODI5NzkwNjA2yAEJqQJHMi6NJTmyPqgDAcgDAqoEwwFP0JFS6jPSfJM3JVHprnIP_6_O7RheCe7R0tEJERRugHELFPhoV8NnfMe2ByuVxhuPjN9bB9R55ygb0p4j6cvWNoyat4PkP6tSZZLQWtn3ijfkhVo19K_OHFjQ7lzlR9vL36jsi6QD6rqiOahgGVaDjDRXkDmF9JI3HUF6kaLpJ6gQVBkxo184H_ZZurKtRpyWOGCcDEUBf60hsmyu-m6gov9PRKM1R2McnTSnPHGMryCfwzgnRNxYsGBcG00jc5a5qQCABpPs9bHTj7eAkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYrpbG1_v1gwP6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2oWdCYTKwzmeTgiKc3OOzcC7SQ4w%26client%3Dca-pub-5625379829790606%26adurl%3D&googlewinningprice=ZbD6igAGZ4AAAIa1AA4lxbJ1o5a7FUD9cAJOlw&wpc=EUR&site=phishcheck.me&slotvisibility=1&gcpm=2755765&gpos=1&bidder=bidder-rtb-production-c75795f5b-fg5c4&dv=1&uuid=&suid=&brq=ekJpvPpWDu9e3MOA_SIxftcX2GL4hLAsPEiNzw&ssp_id=0&l=en&ts=1706097290&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=TmblrGGrn9gDZ4mmjshtuM9u-IhXG8wFXK5ndnoh63U=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.187.184.108 Brussels, Belgium, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
108.184.187.35.bc.googleusercontent.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://rtb.ads.travelaudience.com/rtb?ads=1000428.2.0.70020628.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60015627.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=160&y=600&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEgegivqwZYDPGbWNgrAPxcu4-AzKkbX7ctPipc7RCsCNtwEQASAAYJWCoIKwB4IBF2NhLXB1Yi01NjI1Mzc5ODI5NzkwNjA2yAEJqQJHMi6NJTmyPqgDAcgDAqoEwwFP0JFS6jPSfJM3JVHprnIP_6_O7RheCe7R0tEJERRugHELFPhoV8NnfMe2ByuVxhuPjN9bB9R55ygb0p4j6cvWNoyat4PkP6tSZZLQWtn3ijfkhVo19K_OHFjQ7lzlR9vL36jsi6QD6rqiOahgGVaDjDRXkDmF9JI3HUF6kaLpJ6gQVBkxo184H_ZZurKtRpyWOGCcDEUBf60hsmyu-m6gov9PRKM1R2McnTSnPHGMryCfwzgnRNxYsGBcG00jc5a5qQCABpPs9bHTj7eAkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYrpbG1_v1gwP6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2oWdCYTKwzmeTgiKc3OOzcC7SQ4w%26client%3Dca-pub-5625379829790606%26adurl%3D&googlewinningprice=ZbD6igAGZ4AAAIa1AA4lxbJ1o5a7FUD9cAJOlw&wpc=EUR&site=phishcheck.me&slotvisibility=1&gcpm=2755765&gpos=1&bidder=bidder-rtb-production-c75795f5b-fg5c4&dv=1&uuid=&suid=&brq=ekJpvPpWDu9e3MOA_SIxftcX2GL4hLAsPEiNzw&ssp_id=0&l=en&ts=1706097290&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=TmblrGGrn9gDZ4mmjshtuM9u-IhXG8wFXK5ndnoh63U=
Origin
https://rtb.ads.travelaudience.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
vary
Accept-Encoding
access-control-allow-methods
GET
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
access-control-allow-origin
https://rtb.ads.travelaudience.com
content-type
image/gif
js-err
rtb.ads.travelaudience.com/ Frame 99D6 		35 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.ads.travelaudience.com/js-err?description=Script%20error.&url=&line=0&col=0&parent_url=https%3A%2F%2Frtb.ads.travelaudience.com%2Frtb%3Fads%3D1000428.2.0.70020628.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%253D%253D.60015627.OTk5JTJjMQ%3D%3D...7sOMk32o1KNqb38Y2MsA0w%253D%253D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ%3D%3D.2.0%26p%3D90000%26x%3D160%26y%3D600%26click%3Dhttps%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCLXvhivqwZf_OGbWNgrAPxcu4-AzKkbX7ctPipc7RCsCNtwEQASAAYJWCoIKwB4IBF2NhLXB1Yi01NjI1Mzc5ODI5NzkwNjA2yAEJqQJHMi6NJTmyPqgDAcgDAqoEwwFP0Mq0n1-nfzm0KB3lV-Hf__x8NNUtopA1Cy7kAqfjM7ZIxxq-PXQxLISsWGY8kWhkBPuZ3t2KqfaFIZLUaxC8xe5JsbBcaQRV-le6fvHEI2QwpGVQGCTpeeXH5p7Y_eLeRXZDulx1SWFis6b1yHV_cMSR3IMn7qDbA9kpibhx3tIOc7AwA-8zy4TFxqyUptlPjMwSHScJvL9hsgwBbXz4KxDH95GLUcRIHhJ33Zm59leNN9BNqNNuskx0aZ9NIciYmPiABpPs9bHTj7eAkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYrpbG1_v1gwP6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0UXHELlEfHZHDPLUhyOiSvhM_t_w%2526client%253Dca-pub-5625379829790606%2526adurl%253D%26googlewinningprice%3DZbD6igAGZ38AAIa1AA4lxXL_ss2Kx8gIYRT20w%26wpc%3DEUR%26site%3Dphishcheck.me%26slotvisibility%3D1%26gcpm%3D2766413%26gpos%3D1%26bidder%3Dbidder-rtb-production-c75795f5b-wlttz%26dv%3D1%26uuid%3D%26suid%3D%26brq%3D9P6auMitxIESrnAvGncpsj7c6ij_KzL28aa_2g%26ssp_id%3D0%26l%3Den%26ts%3D1706097290%26uc%3DDE%26at%3D1%26ia%3D0%26mai%3D%26mat%3D1%26ir%3D0%26an%3D%26rg%3D1%26hm%3DTmblrGGrn9gDZ4mmjshtuM9u-IhXG8wFXK5ndnoh63U%3D
Requested by
Host: rtb.ads.travelaudience.com
URL: https://rtb.ads.travelaudience.com/rtb?ads=1000428.2.0.70020628.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60015627.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=160&y=600&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLXvhivqwZf_OGbWNgrAPxcu4-AzKkbX7ctPipc7RCsCNtwEQASAAYJWCoIKwB4IBF2NhLXB1Yi01NjI1Mzc5ODI5NzkwNjA2yAEJqQJHMi6NJTmyPqgDAcgDAqoEwwFP0Mq0n1-nfzm0KB3lV-Hf__x8NNUtopA1Cy7kAqfjM7ZIxxq-PXQxLISsWGY8kWhkBPuZ3t2KqfaFIZLUaxC8xe5JsbBcaQRV-le6fvHEI2QwpGVQGCTpeeXH5p7Y_eLeRXZDulx1SWFis6b1yHV_cMSR3IMn7qDbA9kpibhx3tIOc7AwA-8zy4TFxqyUptlPjMwSHScJvL9hsgwBbXz4KxDH95GLUcRIHhJ33Zm59leNN9BNqNNuskx0aZ9NIciYmPiABpPs9bHTj7eAkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYrpbG1_v1gwP6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0UXHELlEfHZHDPLUhyOiSvhM_t_w%26client%3Dca-pub-5625379829790606%26adurl%3D&googlewinningprice=ZbD6igAGZ38AAIa1AA4lxXL_ss2Kx8gIYRT20w&wpc=EUR&site=phishcheck.me&slotvisibility=1&gcpm=2766413&gpos=1&bidder=bidder-rtb-production-c75795f5b-wlttz&dv=1&uuid=&suid=&brq=9P6auMitxIESrnAvGncpsj7c6ij_KzL28aa_2g&ssp_id=0&l=en&ts=1706097290&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=TmblrGGrn9gDZ4mmjshtuM9u-IhXG8wFXK5ndnoh63U=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.187.184.108 Brussels, Belgium, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
108.184.187.35.bc.googleusercontent.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://rtb.ads.travelaudience.com/rtb?ads=1000428.2.0.70020628.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60015627.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=160&y=600&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLXvhivqwZf_OGbWNgrAPxcu4-AzKkbX7ctPipc7RCsCNtwEQASAAYJWCoIKwB4IBF2NhLXB1Yi01NjI1Mzc5ODI5NzkwNjA2yAEJqQJHMi6NJTmyPqgDAcgDAqoEwwFP0Mq0n1-nfzm0KB3lV-Hf__x8NNUtopA1Cy7kAqfjM7ZIxxq-PXQxLISsWGY8kWhkBPuZ3t2KqfaFIZLUaxC8xe5JsbBcaQRV-le6fvHEI2QwpGVQGCTpeeXH5p7Y_eLeRXZDulx1SWFis6b1yHV_cMSR3IMn7qDbA9kpibhx3tIOc7AwA-8zy4TFxqyUptlPjMwSHScJvL9hsgwBbXz4KxDH95GLUcRIHhJ33Zm59leNN9BNqNNuskx0aZ9NIciYmPiABpPs9bHTj7eAkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYrpbG1_v1gwP6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0UXHELlEfHZHDPLUhyOiSvhM_t_w%26client%3Dca-pub-5625379829790606%26adurl%3D&googlewinningprice=ZbD6igAGZ38AAIa1AA4lxXL_ss2Kx8gIYRT20w&wpc=EUR&site=phishcheck.me&slotvisibility=1&gcpm=2766413&gpos=1&bidder=bidder-rtb-production-c75795f5b-wlttz&dv=1&uuid=&suid=&brq=9P6auMitxIESrnAvGncpsj7c6ij_KzL28aa_2g&ssp_id=0&l=en&ts=1706097290&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=TmblrGGrn9gDZ4mmjshtuM9u-IhXG8wFXK5ndnoh63U=
Origin
https://rtb.ads.travelaudience.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
vary
Accept-Encoding
access-control-allow-methods
GET
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
access-control-allow-origin
https://rtb.ads.travelaudience.com
content-type
image/gif
4b0ef9dfa83525e0607f42119c034d23.js
www.gstatic.com/mysidia/ Frame EA02 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/4b0ef9dfa83525e0607f42119c034d23.js?tag=client_fast_engine_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1200x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280%2C1155x280&nras=4&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2257&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=24
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
97c530c44249746307c2b01b37eed0f53757d139bc4243798f468c71da9844da
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:27:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
44862
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4079
x-xss-protection
0
last-modified
Wed, 17 Jan 2024 21:36:12 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 22 Apr 2024 23:27:09 GMT
67b2cf2770e31c0fa9735c0b8b540980.js
www.gstatic.com/mysidia/ Frame EA02 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/67b2cf2770e31c0fa9735c0b8b540980.js?tag=text/vanilla_highlight
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1200x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280%2C1155x280&nras=4&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2257&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=24
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
559ed27b48f52ad1c65466a95a120b8264f7dea4a23d31f2ebb3b5beca3321f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:29:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
44725
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4763
x-xss-protection
0
last-modified
Wed, 17 Jan 2024 21:36:12 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 22 Apr 2024 23:29:26 GMT
css
fonts.googleapis.com/ Frame EA02 		14 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1200x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280%2C1155x280&nras=4&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2257&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=24
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 24 Jan 2024 11:54:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 24 Jan 2024 10:40:58 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 24 Jan 2024 11:54:51 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame EA02 		2 KB
822 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1200x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280%2C1155x280&nras=4&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2257&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=24
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:33:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
44486
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
795
x-xss-protection
0
server
cafe
etag
4925184154378345226
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Feb 2024 23:33:25 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/ Frame EA02 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1200x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280%2C1155x280&nras=4&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2257&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=24
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
eb4fec10d8f4484b291b7c7d0de59d1b4375e000029fd1a128ad10c270d8d803
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:36:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
44295
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9319
x-xss-protection
0
server
cafe
etag
16165788300067284045
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Feb 2024 23:36:36 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame EA02 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1200x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280%2C1155x280&nras=4&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2257&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=24
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 07:55:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
14348
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 07 Feb 2024 07:55:43 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/ Frame EA02 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240122/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1200x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280%2C1155x280&nras=4&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2257&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=24
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:41:57 GMT
content-encoding
br
x-content-type-options
nosniff
age
43974
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8492
x-xss-protection
0
server
cafe
etag
9878124937798820110
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 06 Feb 2024 23:41:57 GMT
l
www.google.com/ads/measurement/ Frame EA02 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTiIzsH80pHimXrxeL_BQXQb6mzB1JnPS8j6zxSqqT-UykpDUofTAHoO1saokOz5CtyTUlIq5WtVt5sXfFqeaohfDetjA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1200x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280%2C1155x280&nras=4&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2257&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=24
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame EA02 		205 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1200x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280%2C1155x280&nras=4&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2257&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=24
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d5dc8f0e43d36678bfec4beb79ea87672a4d127693e591f8cc31e43c273c3f5d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66080
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1705966741457425"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 24 Jan 2024 11:54:51 GMT
4cee352c918c506f58256258d534a665.js
www.gstatic.com/mysidia/ Frame EA02 		37 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/4cee352c918c506f58256258d534a665.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1200x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280%2C1155x280&nras=4&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2257&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=24
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:31:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
44595
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15452
x-xss-protection
0
last-modified
Sat, 13 Jan 2024 00:04:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 22 Apr 2024 23:31:36 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 709E 		1 KB
643 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280&nras=3&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1535&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=21
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
67447
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=86400
content-encoding
br
content-length
618
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 23 Jan 2024 17:10:44 GMT
etag
48472445140208031
expires
Wed, 24 Jan 2024 17:10:44 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame 3D8A 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9080181aa8eefa0e9dc0df53eecf7bd2e4238c23452f28fe4dc7d6009dfae190

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/png
14763004658117789537
tpc.googlesyndication.com/simgad/16442769149371825423/ Frame DED1 		35 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/16442769149371825423/14763004658117789537?w=600&h=314&tw=1&q=75
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280&nras=3&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1535&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=21
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c7f7157221d56dc9071ea516565617d52972c64bdb93e15068fb5c77fd60cbda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires
Thu, 23 Jan 2025 05:20:06 GMT
date
Wed, 24 Jan 2024 05:20:06 GMT
x-content-type-options
nosniff
age
23685
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35473
x-xss-protection
0
last-modified
Tue, 21 Nov 2023 15:58:35 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons
true
15000271466872383971
tpc.googlesyndication.com/simgad/ Frame DED1 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/15000271466872383971?w=100&h=100&tw=1&q=75
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280&nras=3&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1535&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=21
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61ce0440ca94ab6604a2c760ac161c0d0634e059e9c3a89e82b1e6efe1f469a0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires
Tue, 21 Jan 2025 20:27:38 GMT
date
Mon, 22 Jan 2024 20:27:38 GMT
x-content-type-options
nosniff
age
142033
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2737
x-xss-protection
0
last-modified
Mon, 31 Jan 2022 11:40:38 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons
true
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 3D8A 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 20:44:46 GMT
x-content-type-options
nosniff
age
54605
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15920
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 22 Jan 2025 20:44:46 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 3D8A 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:28:52 GMT
x-content-type-options
nosniff
age
44759
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 22 Jan 2025 23:28:52 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame 5530 		143 B
166 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1200x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280%2C1155x280&nras=4&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2257&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=24
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1200x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280%2C1155x280&nras=4&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2257&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=24
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
991
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 24 Jan 2024 11:38:20 GMT
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 25AE 		1 KB
643 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1200x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280%2C1155x280&nras=4&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2257&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=24
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
67447
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=86400
content-encoding
br
content-length
618
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 23 Jan 2024 17:10:44 GMT
etag
48472445140208031
expires
Wed, 24 Jan 2024 17:10:44 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
/
www.googleadservices.com/pagead/ar-adview/ Frame 3D8A
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CXCffivqwZZW-GcWfgrAP8eed0Aq-6Ly-dZisrd-5EIfg9v6XHBABIJ3w6iBglYKggrAHoAG62-OYA8gBCagDAcgDywSqBMkBT9DxprAQD2diQdVcsXhu-rUGrUEHxNm2nQpR55X11rs53-g...
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%228519045675031157999%22,%22debug_reporting%22:true,%22destination%22:%22https://infragistics.com%22,%22event_report_window%...
0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%228519045675031157999%22,%22debug_reporting%22:true,%22destination%22:%22https://infragistics.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22857271738%22],%2222%22:[%22true%22],%224%22:[%2201-24%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%223708599928059483425%22}&andc=true
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H3
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:52 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"debug_key":"8519045675031157999","debug_reporting":true,"destination":"https://infragistics.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["857271738"],"22":["true"],"4":["01-24"],"6":["true"]},"priority":"500","source_event_id":"3708599928059483425"}
server
cafe
content-type
text/css; charset=UTF-8
access-control-allow-origin
https://googleads.g.doubleclick.net
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Wed, 24 Jan 2024 11:54:52 GMT

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
date
Wed, 24 Jan 2024 11:54:51 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"8519045675031157999","debug_reporting":true,"destination":"https://infragistics.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["857271738"],"22":["true"],"4":["01-24"],"6":["true"]},"priority":"500","source_event_id":"3708599928059483425"}&andc=true
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
truncated
/ Frame DED1 		217 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d32c9d8b90c6b5b6f788af6e9629136553146a68f8e4f62a69d29fa970efd744

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame EA02 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
612d21d60c26be7bf7a1e099959a6f939e37ca776d81e8e3c9f00a3b73eb4250

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/png
WCj_J8NcEslNDYs839d7KGBgNEN8AJkC0oz39by2qQc.js
pagead2.googlesyndication.com/bg/ Frame C971 		50 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/WCj_J8NcEslNDYs839d7KGBgNEN8AJkC0oz39by2qQc.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1801062927&pi=t.aa~a.768063588~rp.1&w=1155&fwrn=4&fwrnh=100&lmt=1706097290&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097290172&bpp=1&bdt=531&idt=160&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=498&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=162
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5828ff27c35c12c94d0d8b3cdfd77b28606034437c009902d28cf7f5bcb6a907
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:27:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
44840
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19599
x-xss-protection
0
last-modified
Mon, 15 Jan 2024 09:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 22 Jan 2025 23:27:31 GMT
dpixel
cms.quantserve.com/ Frame 709E 		35 B
464 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEP4cdvzcrMZ8PP--bc0KUm4&google_cver=1&google_push=AXcoOmROV0Lf1BVag_SexLgPnsXKUPhjPe8V2Co6P6xr_2JoHGZ8aaYrA57TIANuOnGZHNkSe0tL4uJHfS1aSeK-5oujDC6X9V9LWfs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280&nras=3&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1535&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=21
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:5ed4:8d5d:fed7:f5ef , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type
image/gif
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 709E
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEOeDzRNNyy9crutBCIwp1f8&google_cve...
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEOeDzRNNyy9crutBCIwp1f8&goog...
  • https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=VzdIbTVYS2cxUnNCUWY1&google_gid=CAESEOeDzRNNyy9crutBCIwp1f8&google_cver=1&google_push=AXcoOmRislX_MiDH7a5sWuRCLpgKaIE9L7lq5Wh8JhesUGb...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=VzdIbTVYS2cxUnNCUWY1&google_gid=CAESEOeDzRNNyy9crutBCIwp1f8&google_cver=1&google_push=AXcoOmRislX_MiDH7a5sWuRCLpgKaIE9L7lq5Wh8JhesUGbLJCHiqjT5VzZuAfKr99aEfsAipLHMf3DZKi-QRQDQKv1CSt1-9gNxrQs
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280&nras=3&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1535&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=21
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f194.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 24 Jan 2024 11:54:51 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
Server
PingMatch/v2.0.30-801-g0076fb7#rel-ec2-master i-05d5f34508019eaec@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=VzdIbTVYS2cxUnNCUWY1&google_gid=CAESEOeDzRNNyy9crutBCIwp1f8&google_cver=1&google_push=AXcoOmRislX_MiDH7a5sWuRCLpgKaIE9L7lq5Wh8JhesUGbLJCHiqjT5VzZuAfKr99aEfsAipLHMf3DZKi-QRQDQKv1CSt1-9gNxrQs
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
sync
x.bidswitch.net/ Frame 709E 		43 B
235 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEAJS6Acu-sRXT7NIuMZv7MA&google_cver=1&google_push=AXcoOmSFIUa5eO_1Gzi-QAksAlQeUFt4hOs63ZroINiwQHNjeKa7XWkzor_o0B982RDeDpiRoEe_sdMapIToXDjjQv5MctnUy9XHL2c
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280&nras=3&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1535&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=21
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.214.149.91 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
91.149.214.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Wed, 24 Jan 2024 11:54:51 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
usersync.aspx
dis.criteo.com/dis/ Frame 709E 		43 B
363 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmSujvqGKBZZWPVFXA8pubRUsQVk0cuVkGFLqp7RnraOTn_CcqoXRGuBnwqbAF0iH6NsP6Y6AAduhsDUkmWzTIgBTjQz3tKbNuA&google_gid=CAESEOGfBWD2N13rUopgJ4OBb2g&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280&nras=3&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1535&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=21
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
x-errorlevel
0
strict-transport-security
max-age=31536000; preload;
server
Kestrel
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type
image/gif
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
231083
expires
Wed, 24 Jan 2024 00:00:00 GMT
sync
odr.mookie1.com/t/v2/ Frame 709E 		42 B
204 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEMMIY9o-WUZGOTClFduOcDk&google_push=AXcoOmR2Gnfzv6tvTHOgaQOKScc1eLjL9dfItr871rguP87H4bYy8NsPXOxukNAMk3-exN910Ho8TlA5Yp_G5A-R7wqUXeaXHmSWWEI&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280&nras=3&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1535&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=21
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.236.64 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
64.236.160.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
via
1.1 google
last-modified
Thu, 19 Oct 2023 06:07:48 GMT
server
nginx
etag
"6530c7b4-2a"
content-type
image/gif
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
pixel
cm.g.doubleclick.net/ Frame 709E
Redirect Chain
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESECW4sIBXONvfZkGHxNDcPwM&google_cver=1&google_push=AXcoOmSgElP5HmanUMBj_1JEc-gthyliHorPogCPYQsp-QIyvBorjdcQ3UqZfwj_CRo6VXJb27BTLj6t...
  • https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESECW4sIBXONvfZkGHxNDcPwM&google_cver=1&google_push=AXcoOmSgElP5HmanUMBj_1JEc-gthyliHorPogCPYQsp-QIyvBorjdcQ3UqZfwj_CRo6VXJb27B...
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODEwNzIxOTkxMjU3Mjc0ODMzMw&google_push=AXcoOmSgElP5HmanUMBj_1JEc-gthyliHorPogCPYQsp-QIyvBorjdcQ3UqZfwj_CRo6VXJb27BTLj...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODEwNzIxOTkxMjU3Mjc0ODMzMw&google_push=AXcoOmSgElP5HmanUMBj_1JEc-gthyliHorPogCPYQsp-QIyvBorjdcQ3UqZfwj_CRo6VXJb27BTLj6tnA7EW4yifPwRJmsCR4KC_h4
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280&nras=3&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1535&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=21
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f194.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age
86400
access-control-allow-methods
GET
location
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODEwNzIxOTkxMjU3Mjc0ODMzMw&google_push=AXcoOmSgElP5HmanUMBj_1JEc-gthyliHorPogCPYQsp-QIyvBorjdcQ3UqZfwj_CRo6VXJb27BTLj6tnA7EW4yifPwRJmsCR4KC_h4
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
report
sync.teads.tv/um/ Frame 709E
Redirect Chain
  • https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEJ0zVoWKCX_D...
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmRtj0mqJHtSVuXvH2fx7fQigL4aqkK-59sEW3Xby-aldlotaVY96lXYg-gl1bdvNTWVgQHguDTUfGtudYKJTk6gDlYgtvXAQJF-
  • https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
23 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280&nras=3&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1535&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=21
Protocol
H2
Server
2.16.97.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-16-97-41.deploy.static.akamaitechnologies.com
Software
pekko-http/1.0.0 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires
Wed, 24 Jan 2024 11:54:51 GMT
pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
cache-control
max-age=0, no-cache, no-store
server
pekko-http/1.0.0
content-length
23
content-type
image/gif

Redirect headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
260
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
attr
cm.g.doubleclick.net/pixel/ Frame 709E 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KegXyMTKkFJlgfEcWt5H0s2aeDztiq8hkmaUTqGAuj_qrTWRfGRzSPRtUK3_0raxAL6VsTuw
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280&nras=3&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1535&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=21
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f194.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
dpixel
cms.quantserve.com/ Frame 25AE 		35 B
462 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELL3u6Otcbnfkvr72EL-D68&google_cver=1&google_push=AXcoOmR3_eZq4pFxKLRywHdBiZVo8ZN3l0MfqWM7C1Gg0ZiyY61dWYLida7AzVYOKn94SHTA6X1AeRdd9UykVB-Em2OpwClmvS-PvBI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1200x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280%2C1155x280&nras=4&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2257&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=24
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:5ed4:8d5d:fed7:f5ef , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type
image/gif
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
i.match
s.tribalfusion.com/z/ Frame 25AE
Redirect Chain
  • https://a.tribalfusion.com/i.match?p=b6&u=CAESEAzsjOwU-2PdPONMMjCX9W4&google_cver=1&google_push=AXcoOmQobvGVEd7mWoPoJinsRF6JflAc6YqvztFGyS9KFVhlgzaWJMGsAaTGvbicmjF6dGPD9tmJt3pE2BQoNw-Wlud4Fu7FcwBOz...
  • https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEAzsjOwU-2PdPONMMjCX9W4&google_cver=1&google_push=AXcoOmQobvGVEd7mWoPoJinsRF6JflAc6YqvztFGyS9KFVhlgzaWJMGsAaTGvbicmjF6dGPD9tmJt3pE2BQoNw-Wlud4Fu7FcwB...
43 B
449 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEAzsjOwU-2PdPONMMjCX9W4&google_cver=1&google_push=AXcoOmQobvGVEd7mWoPoJinsRF6JflAc6YqvztFGyS9KFVhlgzaWJMGsAaTGvbicmjF6dGPD9tmJt3pE2BQoNw-Wlud4Fu7FcwBOzw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQobvGVEd7mWoPoJinsRF6JflAc6YqvztFGyS9KFVhlgzaWJMGsAaTGvbicmjF6dGPD9tmJt3pE2BQoNw-Wlud4Fu7FcwBOzw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol
H2
Server
2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:52 GMT
cf-cache-status
DYNAMIC
x-function
302
server
cloudflare
content-type
image/gif; charset=utf-8
p3p
CP="NOI DEVo TAIa OUR BUS"
cache-control
no-cache, private
cf-ray
84a8158b1c20994b-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
cf-cache-status
DYNAMIC
x-function
206
server
cloudflare
x-reuse-index
305
content-type
text/html
location
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEAzsjOwU-2PdPONMMjCX9W4&google_cver=1&google_push=AXcoOmQobvGVEd7mWoPoJinsRF6JflAc6YqvztFGyS9KFVhlgzaWJMGsAaTGvbicmjF6dGPD9tmJt3pE2BQoNw-Wlud4Fu7FcwBOzw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQobvGVEd7mWoPoJinsRF6JflAc6YqvztFGyS9KFVhlgzaWJMGsAaTGvbicmjF6dGPD9tmJt3pE2BQoNw-Wlud4Fu7FcwBOzw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p
CP="NOI DEVo TAIa OUR BUS"
cache-control
no-cache, private
cf-ray
84a81589fb24994b-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 01 Jan 1970 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 25AE
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFAMc70Qnlg5TRS1Wbm_fLo&google_push=AXcoOmStDjlnjjLCLpDNOdxQK0Cn4FRfmN7FtXuC1ZBJ0RmSlJ2H2Ksu8n...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFAMc70Qnlg5TRS1Wbm_fLo&google_push=AXcoOmStDjlnjjLCLpDNOdxQK0Cn4FRfmN7FtXuC1ZBJ0RmSlJ2H2Ksu8nU89meFu9JEQTvgjNxil4aiMC0ZMw5keTuLfO9j9z868xc
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f194.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by
cache-fra-eddf8230126-FRA
pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
x-timer
S1706097292.848063,VS0,VE99
x-cache
MISS
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin
*
location
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFAMc70Qnlg5TRS1Wbm_fLo&google_push=AXcoOmStDjlnjjLCLpDNOdxQK0Cn4FRfmN7FtXuC1ZBJ0RmSlJ2H2Ksu8nU89meFu9JEQTvgjNxil4aiMC0ZMw5keTuLfO9j9z868xc
cache-control
no-cache
accept-ranges
bytes
content-length
0
x-cache-hits
0
google
match.adsrvr.org/track/cmf/ Frame 25AE 		70 B
149 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/google?google_gid=CAESEGhdbRw9Fn4I-Enjugu5r88&google_cver=1&google_push=AXcoOmRnDxZAZZakh-9lrRw_kdKDLn8CM5sRB5PdSm53Q7kD3Q6mPgLGq3JS5IWN6MQZJlTKALdUE4sJZ3Y6QPY55j4WEn7V_qZTWA8
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1200x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280%2C1155x280&nras=4&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2257&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=24
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
server
Kestrel
content-length
70
content-type
image/gif
sync
x.bidswitch.net/ Frame 25AE 		43 B
235 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEDAOmDVWjTiVpd3ovTAJYW0&google_cver=1&google_push=AXcoOmT5JDXF2oyZLSkPxQq3om6n75xi8fodojZx7_u-DwHCmhC6ZpaQf6eoxMG_3EodKM_OG07EowSjLHf6knJO6ZRToc7wc4rNubo
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1200x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280%2C1155x280&nras=4&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2257&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=24
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.214.149.91 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
91.149.214.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Wed, 24 Jan 2024 11:54:51 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
pixel
cm.g.doubleclick.net/ Frame 25AE
Redirect Chain
  • https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESECUVdsRTT5MlghIemvMMjK4&google_cver=1&google_push=AXcoOmS3SRerCInejwsKeodwA-R3sI41gW_6YC8mvrExCjvdWpDawO6JV2NbJkXoPCnfoFjyS02lQuUZD0MG...
  • https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmS3SRerCInejwsKeodwA-R3sI41gW_6YC8mvrExCjvdWpDawO6JV2NbJkXoPCnfoFjyS02lQuUZD0MGu2nKTfF0pU7kFDS29oM
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmS3SRerCInejwsKeodwA-R3sI41gW_6YC8mvrExCjvdWpDawO6JV2NbJkXoPCnfoFjyS02lQuUZD0MGu2nKTfF0pU7kFDS29oM
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1200x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280%2C1155x280&nras=4&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2257&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=24
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f194.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmS3SRerCInejwsKeodwA-R3sI41gW_6YC8mvrExCjvdWpDawO6JV2NbJkXoPCnfoFjyS02lQuUZD0MGu2nKTfF0pU7kFDS29oM
strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
pixel
cm.g.doubleclick.net/ Frame 25AE
Redirect Chain
  • https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEJvH_ed8nlR-MNI1E55AjAI&google_cver=1&google_push=AXcoOmTThdLSeNJLB8QhaPNygAaXI40iz2eWf0U6MBQ7zHCkqKtRT9E5GPzztPso13...
  • https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmTThdLSeNJLB8QhaPNygAaXI40iz2eWf0U6MBQ7zHCkqKtRT9E5GPzztPso13y3_ZW8tnsbuZ6jbKSYKQPYbh4fM_pPWI5nawI&google_hm=...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmTThdLSeNJLB8QhaPNygAaXI40iz2eWf0U6MBQ7zHCkqKtRT9E5GPzztPso13y3_ZW8tnsbuZ6jbKSYKQPYbh4fM_pPWI5nawI&google_hm=-izkHtULRCuVXWFUeejIf4U
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1200x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280%2C1155x280&nras=4&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2257&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=24
Protocol
H3
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f194.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
via
1.1 google
server
Apache-Coyote/1.1
p3p
CP="NOI DSP COR NID CUR OUR NOR"
status
302
location
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmTThdLSeNJLB8QhaPNygAaXI40iz2eWf0U6MBQ7zHCkqKtRT9E5GPzztPso13y3_ZW8tnsbuZ6jbKSYKQPYbh4fM_pPWI5nawI&google_hm=-izkHtULRCuVXWFUeejIf4U
content-type
text/html;charset=UTF-8
cache-control
no-cache, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
attr
cm.g.doubleclick.net/pixel/ Frame 25AE 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IdgOENhPdzubnCGH1f0LciEWbPt-3yKs6qzgnmOQ4X37tmD6nbx-VAPRvrkXiX3wJpXB3JFg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1200x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280%2C1155x280&nras=4&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2257&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=24
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f194.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
si
googleads.g.doubleclick.net/pagead/drt/ Frame 5530
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
17 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1200x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280%2C1155x280&nras=4&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2257&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=24
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 24 Jan 2024 11:54:51 GMT
expires
Wed, 24 Jan 2024 11:54:51 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 24 Jan 2024 11:54:51 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
www.googleadservices.com/pagead/ar-adview/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%228519045675031157999%22,%22debug_reporting%22:true,%22destination%22:%22https://infragistics.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22857271738%22],%2222%22:[%22true%22],%224%22:[%2201-24%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%223708599928059483425%22}&andc=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://googleads.g.doubleclick.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://googleads.g.doubleclick.net
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Wed, 24 Jan 2024 11:54:51 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame D9A4 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BGztRivqwZYHPGbWNgrAPxcu4-AwAAAAAOAHgBAI&bg=!np2lndLNAAa8BdJLnAU7ADQBe5WfOLrAXakY6HN5ySJgKV0mB1JfFFtU-KzezheDfkmL_EV0DBOEAkadzwGTEZDA6UQBAgAAAM1SAAAAAWgBB5kDAQquLjP45ctRCUOEgxxTgZQquWTL1M89vzc-kp7TuqxB6aeKz2RVn2qQ3JQjPOjtzfGA5ejNWi1RGq_34YdCRjocJYI9nAEv0fFYhuvh0YB9KeLcSE9xtY9_OO0OZuClSqzb44Lb8sbsmJ82XGbymPzc5S2nxJSpt4YRn83XiRWSNR0x0HFGOIDW12KZuaohE2WHOlgrWGx9NVbkOsVJ8iLyUgEHARvsRT_l9jsIc6BFWWgX9PPK1x273FkEugMpCmv64mrwPH2sPp9H7sx1oGtQnDo_MT81sxWT8CElDuSmeNeq-pxyfyKHUxX-RBQUNF6AKrVnpXoFxOXIhPTiToCClt5BtDQH0Svq9dLbKD_mQda0A4HlDEp92FbLvzkoc8_9fy-_sGOFaO_Tom2SyZ7L2NIkqhUsl8wtOP3d_PtH21KlNDcg-gvyCM9OMM4zwQm2-s3aXAXd_lfQm2jlFFksP1uLIoW5ej-K9Dn5kLOfV4OS5oEUha0p6OrDrelZ-3mMpigWtbjuKzVuFVfitBL72YHpvHj0Cg_ObKXFwhKhWZeu7euGe34mU8skPd-Ay8rR2S7RjsZTqenNvTfvlzpcBL-GYZE_cgr6L7ULmgV7DLhVnEtcQzhR-9RzN9LMXbBjHBRBWXyvtl8RP_HHdiKZHFODsHonUbhBNmfkgf8E6TtaguEckoxlUplx2pEt55aftJc_CqZ0CiJwMNaoR3JqmPDtdpXnNIVjGWpyOImU0Z_8doBvQdIruKQ2M5xJqk7H_jfDkvoW9vqeHOs1FyphiBWGnVPHpqEDIhtRLHL2AiL9__CQFIN8640Wo7qusj1X0K01v2iYCismopt9Om-idO5vSep8stzOAIjhccVKpHwV6c3TWTCVZQgZhuyf1kOIQ3Pfcff04Lp87u7rW-_kwv-vUHyHj0bbQ8ZNBAacxIBEpfYaMDIiRg2fmY6tCsVinNAyCkk37TiHeR3NWWfiJbkbkrttQRYWOyKHIhsnhPCjV6X9zDeLSGpC4HIJDy8
Requested by
Host: phishcheck.me
URL: https://phishcheck.me/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:51 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame DED1 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 20:44:46 GMT
x-content-type-options
nosniff
age
54605
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15920
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 22 Jan 2025 20:44:46 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame DED1 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:28:52 GMT
x-content-type-options
nosniff
age
44759
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 22 Jan 2025 23:28:52 GMT
4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame EA02 		33 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 04:01:15 GMT
x-content-type-options
nosniff
age
114816
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
34108
x-xss-protection
0
last-modified
Tue, 23 May 2023 16:35:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 22 Jan 2025 04:01:15 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame EA02
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CpITHi_qwZe2TErCEtOUPnp2mkALgod6XdfzjwKnzEdXYjdSUDhABIJ3w6iBglYKggrAHoAHN3ImMA8gBAagDAcgDwwSqBNIBT9CQbqJn6CyFjJSJ675qIyGYsbwVnQrgn4D-i-cLRpMCxJl...
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225841631431304478009%22,%22debug_reporting%22:true,%22destination%22:%22https://florencehc.com%22,%22event_report_window%22...
0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225841631431304478009%22,%22debug_reporting%22:true,%22destination%22:%22https://florencehc.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22830631501%22],%2222%22:[%22true%22],%224%22:[%2201-24%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%22239892360092640577%22}&andc=true
Protocol
H3
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:52 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"debug_key":"5841631431304478009","debug_reporting":true,"destination":"https://florencehc.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["830631501"],"22":["true"],"4":["01-24"],"6":["true"]},"priority":"500","source_event_id":"239892360092640577"}
server
cafe
content-type
text/css; charset=UTF-8
access-control-allow-origin
https://googleads.g.doubleclick.net
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Wed, 24 Jan 2024 11:54:52 GMT

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
date
Wed, 24 Jan 2024 11:54:51 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"5841631431304478009","debug_reporting":true,"destination":"https://florencehc.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["830631501"],"22":["true"],"4":["01-24"],"6":["true"]},"priority":"500","source_event_id":"239892360092640577"}&andc=true
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
WCj_J8NcEslNDYs839d7KGBgNEN8AJkC0oz39by2qQc.js
pagead2.googlesyndication.com/bg/ Frame CFAA 		50 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/WCj_J8NcEslNDYs839d7KGBgNEN8AJkC0oz39by2qQc.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=90&adk=2743202993&adf=3132389021&pi=t.aa~a.1182920990~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1200x90&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280%2C1155x280&nras=4&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2257&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=24
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5828ff27c35c12c94d0d8b3cdfd77b28606034437c009902d28cf7f5bcb6a907
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:27:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
44840
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19599
x-xss-protection
0
last-modified
Mon, 15 Jan 2024 09:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 22 Jan 2025 23:27:31 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame DED1
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CG7xri_qwZfmLEb7VgrAP96C4gAfrhsKAdMm44q2sEoj_59OZPxABIJ3w6iBglYKggrAHoAGsoPyQAcgBCagDAcgDy4SAgASqBMoBT9DUTgS2y3d3Xe27VoY4miPlxJKJ7a_t1XUmxi6UA2h...
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%223997350020375681112%22,%22debug_reporting%22:true,%22destination%22:%22https://remote.com%22,%22event_report_window%22:%22...
0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%223997350020375681112%22,%22debug_reporting%22:true,%22destination%22:%22https://remote.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22304025644%22],%2222%22:[%22true%22],%224%22:[%2201-24%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2213848724101337984625%22}&andc=true
Protocol
H3
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:52 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"debug_key":"3997350020375681112","debug_reporting":true,"destination":"https://remote.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["304025644"],"22":["true"],"4":["01-24"],"6":["true"]},"priority":"500","source_event_id":"13848724101337984625"}
server
cafe
content-type
text/css; charset=UTF-8
access-control-allow-origin
https://googleads.g.doubleclick.net
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Wed, 24 Jan 2024 11:54:52 GMT

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
date
Wed, 24 Jan 2024 11:54:51 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"3997350020375681112","debug_reporting":true,"destination":"https://remote.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["304025644"],"22":["true"],"4":["01-24"],"6":["true"]},"priority":"500","source_event_id":"13848724101337984625"}&andc=true
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ 		16 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240122&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5625379829790606&plah=phishcheck.me
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7b77c8e2035c90a1b42a52f3a97665ce2f5a41f140f5fecb43d755c4ddb66fcc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishcheck.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:51 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12274
x-xss-protection
0
WCj_J8NcEslNDYs839d7KGBgNEN8AJkC0oz39by2qQc.js
pagead2.googlesyndication.com/bg/ Frame 5313 		50 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/WCj_J8NcEslNDYs839d7KGBgNEN8AJkC0oz39by2qQc.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&gpp_sid=-1&client=ca-pub-5625379829790606&output=html&h=280&adk=2508842873&adf=1116380410&pi=t.aa~a.768063588~rp.4&w=1155&fwrn=4&fwrnh=100&lmt=1706097291&rafmt=1&to=qs&pwprc=1402822305&format=1155x280&url=https%3A%2F%2Fphishcheck.me%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1706097291181&bpp=1&bdt=1541&idt=-M&shv=r20240122&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1155x280&nras=3&correlator=3630297874670&frm=20&pv=1&ga_vid=1405919677.1706097290&ga_sid=1706097290&ga_hid=1138725444&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=1535&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31080589%2C42532362%2C44809530%2C95322329%2C95321626%2C95322162&oid=2&pvsid=3029435665287087&tmod=1186923324&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=21
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5828ff27c35c12c94d0d8b3cdfd77b28606034437c009902d28cf7f5bcb6a907
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 23:27:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
44840
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19599
x-xss-protection
0
last-modified
Mon, 15 Jan 2024 09:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 22 Jan 2025 23:27:31 GMT
truncated
/ Frame 09EC 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d6ea1b131386b994d1c42f103b142a8c6a39df572b10638db0b41104ca371010

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame C4B5 		218 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
332f2c85f961f74d4b347428b118ce64cfe69db1f1cd2e84986959ecb32e1fd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/png
adview
googleads.g.doubleclick.net/pagead/ Frame 09EC 		0
19 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CkTDDivqwZf_OGbWNgrAPxcu4-AzKkbX7ctPipc7RCsCNtwEQASAAYJWCoIKwB4IBF2NhLXB1Yi01NjI1Mzc5ODI5NzkwNjA2yAEJqQJHMi6NJTmyPqgDAcgDAqoEwAFP0Mq0n1-nfzm0KB3lV-Hf__x8NNUtopA1Cy7kAqfjM7ZIxxq-PXQxLISsWGY8kWhkBPuZ3t2KqfaFIZLUaxC8xe5JsbBcaQRV-le6fvHEI2QwpGVQGCTpeeXH5p7Y_eLeRXZDulx1SWFis6b1yHV_cMSR3IMn7qDbA9kpibhx3tIOc7AwA-8zy4TFxqyUptlPjMwSHScJvL9h8A4g_-5WxBlYGLguxsHaoQpQ1zSz2E89hF9IOmbbn2Bs-RS6KFeABpPs9bHTj7eAkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYrpbG1_v1gwOACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNTYyNTM3OTgyOTc5MDYwNhgA&sigh=qZD5lK1ndpE&uach_m=%5BUACH%5D&cid=CAQSTwAvHhf_5ARch2kSR5CqF4i65fGf5MFEycmmiKLuNgHxRvHdJSSwgzlt9fnseVHMYZKZ52m7ZW24QGMex9nquCPtHuRG5VPsMpUIYonoiUAYAQ&cbvp=2&vis=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Wed, 24 Jan 2024 11:54:51 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame C4B5 		0
19 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CCzRVivqwZYDPGbWNgrAPxcu4-AzKkbX7ctPipc7RCsCNtwEQASAAYJWCoIKwB4IBF2NhLXB1Yi01NjI1Mzc5ODI5NzkwNjA2yAEJqQJHMi6NJTmyPqgDAcgDAqoEwAFP0JFS6jPSfJM3JVHprnIP_6_O7RheCe7R0tEJERRugHELFPhoV8NnfMe2ByuVxhuPjN9bB9R55ygb0p4j6cvWNoyat4PkP6tSZZLQWtn3ijfkhVo19K_OHFjQ7lzlR9vL36jsi6QD6rqiOahgGVaDjDRXkDmF9JI3HUF6kaLpJ6gQVBkxo184H_ZZurKtRpyWOGCcDEUBf60h8G6PaPwOTfbQq4qQ0GaOIiyANtyGgTgvcLci1mntnUxEi8bUegmABpPs9bHTj7eAkAGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggdCIDhgBAQATICqgI6AoBASL39wTpYrpbG1_v1gwOACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNTYyNTM3OTgyOTc5MDYwNhgA&sigh=bhYYyWAWGDk&uach_m=%5BUACH%5D&cid=CAQSTwAvHhf_5ARch2kSR5CqF4i65fGf5MFEycmmiKLuNgHxRvHdJSSwgzlt9fnseVHMYZKZ52m7ZW24QGMex9nquCPtHuRG5VPsMpUIYonoiUAYAQ&cbvp=2&vis=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20240122/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Wed, 24 Jan 2024 11:54:51 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
/
www.googleadservices.com/pagead/ar-adview/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225841631431304478009%22,%22debug_reporting%22:true,%22destination%22:%22https://florencehc.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22830631501%22],%2222%22:[%22true%22],%224%22:[%2201-24%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%22239892360092640577%22}&andc=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://googleads.g.doubleclick.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://googleads.g.doubleclick.net
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Wed, 24 Jan 2024 11:54:51 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
www.googleadservices.com/pagead/ar-adview/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%223997350020375681112%22,%22debug_reporting%22:true,%22destination%22:%22https://remote.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22304025644%22],%2222%22:[%22true%22],%224%22:[%2201-24%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2213848724101337984625%22}&andc=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://googleads.g.doubleclick.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://googleads.g.doubleclick.net
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Wed, 24 Jan 2024 11:54:51 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5625379829790606&plah=phishcheck.me
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishcheck.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 24 Jan 2024 11:54:52 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9CB4 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://phishcheck.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
14063
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 24 Jan 2024 08:00:29 GMT
expires
Thu, 23 Jan 2025 08:00:29 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 89B3 		829 B
559 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
547fd459bc266dc8d1bfcc83ce9f4426735447dae12ed61fdbe2a66a2cec4518
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Uli0UgWj4UbS5sAwEhQaTg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://phishcheck.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-Uli0UgWj4UbS5sAwEhQaTg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 24 Jan 2024 11:54:52 GMT
expires
Wed, 24 Jan 2024 11:54:52 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js
pagead2.googlesyndication.com/bg/ Frame 9CB4 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 07:55:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
14383
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15219
x-xss-protection
0
last-modified
Mon, 15 Jan 2024 09:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 23 Jan 2025 07:55:09 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 89B3 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240122&jk=3029435665287087&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers
generate_204
tpc.googlesyndication.com/ Frame 9CB4 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?4dc98g
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:52 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
pixel.gif
travel198849194933.s.moatpixel.com/ Frame F9A0 		43 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://travel198849194933.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=102&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=phishcheck.me&L1id=1000428&L2id=50000154&L3id=60015627&L4id=70020628&S1id=googleads.g.doubleclick.net&S2id=160x600&ord=1706097291651&r=110223294201&t=meas&os=0&fi2=0&div1=0&ait=0&zMoatSubdomain=phishcheck.me&zMoatIMPID=ekJpvPpWDu9e3MOA_SIxftcX2GL4hLAsPEiNzw&bedc=1&nosend&q=1&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.197.124 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-197-124.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:52 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jan 2024 11:54:52 GMT
pixel.gif
travel198849194933.s.moatpixel.com/ Frame F9A0 		43 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://travel198849194933.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=102&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=phishcheck.me&L1id=1000428&L2id=50000154&L3id=60015627&L4id=70020628&S1id=googleads.g.doubleclick.net&S2id=160x600&ord=1706097291651&r=110223294201&t=nht&os=0&fi2=0&div1=0&ait=0&zMoatSubdomain=phishcheck.me&zMoatIMPID=ekJpvPpWDu9e3MOA_SIxftcX2GL4hLAsPEiNzw&bedc=1&nosend&q=2&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.197.124 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-197-124.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:52 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jan 2024 11:54:52 GMT
pixel.gif
px.moatads.com/ Frame F9A0 		43 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=0&rk=0&tk=0&ak=https%3A%2F%2Fstatic.travelaudience.com%2Fimg%2Fimport%2FDubai_DMO%2FAdventure%2FDE%2F160x600_Dubai_Adventure_DE.gif&i=TRAVELAUDIENCE_DISPLAY1&ol=2300941551&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K%25.K%24%3D!%5DxqxLmEV2fy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-LHlF2iVmV38nsW5MfUWeGV63nryfnddNoipOGLOPg%2Fj24vrl5%2FmliBNlAlwWxmRnpyWz&rs=1-EcfEEAlWe0wLgg%3D%3D&sc=1&os=1-AA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=160&qe=600&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&bq=0&g=0&h=600&w=160&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fphishcheck.me&id=0&ii=2&f=1&j=https%3A%2F%2Fgoogleads.g.doubleclick.net&lp=https%3A%2F%2Fphishcheck.me&t=1706097291651&de=110223294201&cu=1706097291651&m=563&ar=805b0ce1b97-clean&iw=4a25902&cb=0&ym=0&ll=2&lm=3&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=600&le=1&lf=210&lg=1&lh=30&gm=1&io=1&vv=3&vw=0%3A3%3A0&vp=-&vx=-%3A-%3A-&pe=0%3A686%3A686%3A609%3A456&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&ic=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=102&cd=0&ah=102&am=0&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=1000428%3A50000154%3A60015627%3A70020628&bo=googleads.g.doubleclick.net&bd=160x600&gw=travel198849194933&zMoatOrigSlicer1=googleads.g.doubleclick.net&zMoatOrigSlicer2=160x600&zMoatDomain=phishcheck.me&zMoatSubdomain=phishcheck.me&zMoatSSP=0&zMoatDeal=-1&zMoatIMPID=ekJpvPpWDu9e3MOA_SIxftcX2GL4hLAsPEiNzw&hv=Standard%20Image%20Ad%20finding%20&ab=1&fd=1&kt=sframe&it=500&oq=0&ot=0&zMoatJS=3%3A-&ti=0&ih=2&jk=2&jm=-1&tc=0&fs=207009&na=1622608924&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.85.120 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-85-120.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:52 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jan 2024 11:54:52 GMT
/
fundingchoicesmessages.google.com/f/AGSKWxUN8C8f1R8r7FK3PQl-S7JC3Ha5cmIq7VyRLqKVE5eEqnceQvg6H_pCsOGAK5KMcoRxmKLkJ_FZ0CfyPneDycMJ8fpDcDM-1muHigKOR0O0YA5yGdmVQP9shJjY1XxuKIC8TBL9TbyHpsk3h_5rK22dbSYHG... 		54 B
110 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxUN8C8f1R8r7FK3PQl-S7JC3Ha5cmIq7VyRLqKVE5eEqnceQvg6H_pCsOGAK5KMcoRxmKLkJ_FZ0CfyPneDycMJ8fpDcDM-1muHigKOR0O0YA5yGdmVQP9shJjY1XxuKIC8TBL9TbyHpsk3h_5rK22dbSYHGVihhErAUtkLoiI5r7jVxZH3I4QJvU3v/_/adrot..biz/ads//advertisements-_web_ad_-contrib-ads/
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.YtkvUvr0KhI.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_ccpa_signal_executable/ed=1/rs=AJlcJMwYguaqMDE6-xBWX4yxN0KelhKGPw/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1fc09dc438a98d7b7f7bc62eb016c89c2c253792773bff7ef102287fd2a80725
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-n76PwKrj6yxnD4ysKPoHrA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishcheck.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:52 GMT
content-security-policy
script-src 'report-sample' 'nonce-n76PwKrj6yxnD4ysKPoHrA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjOsKoxSXF4KUhxXDe6Q7TdSC-qPKU6SYQ1zI8Y2oF4gfhz5heALGBxnMmCyAuyH7OVAHEjH9eMHECcU__S6YpQPzuy0smnq8vmSSAWAOI30m-YvoGxDt8PFjehE9n5YqYznq6YDrrZSBmq5jOygfEcXXTWfOAmG_ddFbd9dNZt5yZzroHiGOeT2dNAeLFrDNYVwPxlMAZrHOAuCUayAZip_QZrEFA_DlzButvIBbi5uj5engtm8CEhy9KAGn6WD0"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
show_companion_ad.js
pagead2.googlesyndication.com/pagead/ 		30 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_companion_ad.js?fcd=true
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.YtkvUvr0KhI.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_ccpa_signal_executable/ed=1/rs=AJlcJMwYguaqMDE6-xBWX4yxN0KelhKGPw/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f58309f6361e67c1bfc3f0cd9fe217c931c95911b21129dbafb364e2a8902c19
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishcheck.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:50:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
274
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11399
x-xss-protection
0
server
cafe
etag
11747613320577944511
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Wed, 24 Jan 2024 12:50:18 GMT
AGSKWxUK9R8uwRpRf5A97KgdEjkmvgyApzfHDNHnZ3-PfvJI07PJKw5651Eert-ajaHyXoXTQWTk93d7E_JCiga2Ob3myUzJmXYjTFcPKkmKhT3SPfwPmDyx71TgARuLdtlGDSTyJ85ImQ==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUK9R8uwRpRf5A97KgdEjkmvgyApzfHDNHnZ3-PfvJI07PJKw5651Eert-ajaHyXoXTQWTk93d7E_JCiga2Ob3myUzJmXYjTFcPKkmKhT3SPfwPmDyx71TgARuLdtlGDSTyJ85ImQ==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.YtkvUvr0KhI.es5.O/am=wA/d=1/rs=AJlcJMzE1BcWevsRDsR0j0ow8Hwoup2wJA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-YTmoQMHwbvK2NszEzrXrug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://phishcheck.me/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 24 Jan 2024 11:54:52 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-YTmoQMHwbvK2NszEzrXrug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://phishcheck.me
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
pixel.gif
travel198849194933.s.moatpixel.com/ Frame 99D6 		43 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://travel198849194933.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=109&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=phishcheck.me&L1id=1000428&L2id=50000154&L3id=60015627&L4id=70020628&S1id=googleads.g.doubleclick.net&S2id=160x600&ord=1706097291694&r=688577920801&t=meas&os=0&fi2=0&div1=0&ait=0&zMoatSubdomain=phishcheck.me&zMoatIMPID=9P6auMitxIESrnAvGncpsj7c6ij_KzL28aa_2g&bedc=1&nosend&q=1&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.197.124 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-197-124.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:52 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jan 2024 11:54:52 GMT
pixel.gif
travel198849194933.s.moatpixel.com/ Frame 99D6 		43 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://travel198849194933.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=109&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=phishcheck.me&L1id=1000428&L2id=50000154&L3id=60015627&L4id=70020628&S1id=googleads.g.doubleclick.net&S2id=160x600&ord=1706097291694&r=688577920801&t=nht&os=0&fi2=0&div1=0&ait=0&zMoatSubdomain=phishcheck.me&zMoatIMPID=9P6auMitxIESrnAvGncpsj7c6ij_KzL28aa_2g&bedc=1&nosend&q=2&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.197.124 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-197-124.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:52 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jan 2024 11:54:52 GMT
pixel.gif
px.moatads.com/ Frame 99D6 		43 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=0&rk=0&tk=0&ak=https%3A%2F%2Fstatic.travelaudience.com%2Fimg%2Fimport%2FDubai_DMO%2FAdventure%2FDE%2F160x600_Dubai_Adventure_DE.gif&i=TRAVELAUDIENCE_DISPLAY1&ol=2300941551&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K%25.K%24%3D!%5DxqxLmEV2fy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-4PNLd6uuVWlgP6m3tVv3EhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-mh1aRxmAS248Xw%3D%3D&sc=1&os=1-WQ%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=160&qe=600&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&bq=0&g=0&h=600&w=160&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fphishcheck.me&id=0&ii=2&f=1&j=https%3A%2F%2Fgoogleads.g.doubleclick.net&lp=https%3A%2F%2Fphishcheck.me&t=1706097291694&de=688577920801&cu=1706097291694&m=544&ar=805b0ce1b97-clean&iw=4a25902&cb=0&ym=0&ll=2&lm=3&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=600&le=1&lf=187&lg=1&lh=26&gm=1&io=1&vv=3&vw=0%3A3%3A0&vp=-&vx=-%3A-%3A-&pe=0%3A698%3A698%3A620%3A473&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&ic=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=109&cd=0&ah=109&am=0&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=1000428%3A50000154%3A60015627%3A70020628&bo=googleads.g.doubleclick.net&bd=160x600&gw=travel198849194933&zMoatOrigSlicer1=googleads.g.doubleclick.net&zMoatOrigSlicer2=160x600&zMoatDomain=phishcheck.me&zMoatSubdomain=phishcheck.me&zMoatSSP=0&zMoatDeal=-1&zMoatIMPID=9P6auMitxIESrnAvGncpsj7c6ij_KzL28aa_2g&hv=Standard%20Image%20Ad%20finding%20&ab=1&fd=1&kt=sframe&it=500&oq=0&ot=0&zMoatJS=3%3A-&ti=0&ih=2&jk=2&jm=-1&tc=0&fs=207009&na=731070692&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.85.120 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-85-120.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:52 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jan 2024 11:54:52 GMT
AGSKWxUK9R8uwRpRf5A97KgdEjkmvgyApzfHDNHnZ3-PfvJI07PJKw5651Eert-ajaHyXoXTQWTk93d7E_JCiga2Ob3myUzJmXYjTFcPKkmKhT3SPfwPmDyx71TgARuLdtlGDSTyJ85ImQ==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUK9R8uwRpRf5A97KgdEjkmvgyApzfHDNHnZ3-PfvJI07PJKw5651Eert-ajaHyXoXTQWTk93d7E_JCiga2Ob3myUzJmXYjTFcPKkmKhT3SPfwPmDyx71TgARuLdtlGDSTyJ85ImQ==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.YtkvUvr0KhI.es5.O/am=wA/d=1/rs=AJlcJMzE1BcWevsRDsR0j0ow8Hwoup2wJA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-iXHP5lLTJujdCbI7clWVkQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://phishcheck.me/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 24 Jan 2024 11:54:52 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-iXHP5lLTJujdCbI7clWVkQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://phishcheck.me
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxUK9R8uwRpRf5A97KgdEjkmvgyApzfHDNHnZ3-PfvJI07PJKw5651Eert-ajaHyXoXTQWTk93d7E_JCiga2Ob3myUzJmXYjTFcPKkmKhT3SPfwPmDyx71TgARuLdtlGDSTyJ85ImQ==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUK9R8uwRpRf5A97KgdEjkmvgyApzfHDNHnZ3-PfvJI07PJKw5651Eert-ajaHyXoXTQWTk93d7E_JCiga2Ob3myUzJmXYjTFcPKkmKhT3SPfwPmDyx71TgARuLdtlGDSTyJ85ImQ==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.YtkvUvr0KhI.es5.O/am=wA/d=1/rs=AJlcJMzE1BcWevsRDsR0j0ow8Hwoup2wJA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-dnIpTcPU9vX28FQr0bbNYg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://phishcheck.me/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 24 Jan 2024 11:54:52 GMT
content-security-policy
script-src 'report-sample' 'nonce-dnIpTcPU9vX28FQr0bbNYg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://phishcheck.me
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxUK9R8uwRpRf5A97KgdEjkmvgyApzfHDNHnZ3-PfvJI07PJKw5651Eert-ajaHyXoXTQWTk93d7E_JCiga2Ob3myUzJmXYjTFcPKkmKhT3SPfwPmDyx71TgARuLdtlGDSTyJ85ImQ==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUK9R8uwRpRf5A97KgdEjkmvgyApzfHDNHnZ3-PfvJI07PJKw5651Eert-ajaHyXoXTQWTk93d7E_JCiga2Ob3myUzJmXYjTFcPKkmKhT3SPfwPmDyx71TgARuLdtlGDSTyJ85ImQ==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.YtkvUvr0KhI.es5.O/am=wA/d=1/rs=AJlcJMzE1BcWevsRDsR0j0ow8Hwoup2wJA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-EhD_zIA9Fhz6SxnTShenRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://phishcheck.me/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 24 Jan 2024 11:54:52 GMT
content-security-policy
script-src 'report-sample' 'nonce-EhD_zIA9Fhz6SxnTShenRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://phishcheck.me
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxUjYU4BEw_oN9mHSI24vVia0yu7SdlEP8LSN3CiT6OgxRZ-GNNnRSNcqayTjRbYkZ6T9_trXUw7jP5XnhuI8JqCXza1HXCKlAHtI_p4002bia97Bsy4lDCoshy1YXEfc5L007MvLg==
fundingchoicesmessages.google.com/f/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxUjYU4BEw_oN9mHSI24vVia0yu7SdlEP8LSN3CiT6OgxRZ-GNNnRSNcqayTjRbYkZ6T9_trXUw7jP5XnhuI8JqCXza1HXCKlAHtI_p4002bia97Bsy4lDCoshy1YXEfc5L007MvLg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA2MDk3MjkyLDMwOTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsMTAsNl0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vcGhpc2hjaGVjay5tZS8iLG51bGwsW1s4LCJZdGt2VXZyMEtoSSJdLFs5LCJkZSJdLFsxOCwiW1tbMF1dXSJdLFsxNiwiWzEsMSwxXSJdLFsxOSwiMiJdXV0
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.YtkvUvr0KhI.es5.O/am=wA/d=1/rs=AJlcJMzE1BcWevsRDsR0j0ow8Hwoup2wJA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f10edb0fc5923f00bd49d48ee40d65f46afc75d0d166bff8367b308ea9154909
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-7_iB5iBTdTYIchf8cW5VIQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishcheck.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 24 Jan 2024 11:54:52 GMT
content-security-policy
script-src 'report-sample' 'nonce-7_iB5iBTdTYIchf8cW5VIQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjOsKoxSXF4K4hxXDe6Q7TdSC-qPKU6SYQ1zI8Y2oF4gfhz5heALGBxnMmCyAuyH7OVAHEjH9eMHECcU__S6YpQPzuy0smnq8vmSSAWAOI30m-YvoGxDt8PFjehE9n5YqYznq6YDrrZSBmq5jOygfEcXXTWfOAmG_ddFbd9dNZt5yZzroHiGOeT2dNAeLFrDNYVwPxlMAZrHOAuCUayAZip_QZrEFA_DlzButvIBbi4ej5engtm8CNb7fnMgIAwcJYtQ"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
pixel.gif
px.moatads.com/ Frame F9A0 		43 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=TRAVELAUDIENCE_DISPLAY1&ol=2300941551&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K%25.K%24%3D!%5DxqxLmEV2fy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-LHlF2iVmV38nsW5MfUWeGV63nryfnddNoipOGLOPg%2Fj24vrl5%2FmliBNlAlwWxmRnpyWz&rs=1-EcfEEAlWe0wLgg%3D%3D&sc=1&os=1-AA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=160&qe=600&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&bq=0&g=1&h=600&w=160&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fphishcheck.me&id=0&ii=2&f=1&j=https%3A%2F%2Fgoogleads.g.doubleclick.net&lp=https%3A%2F%2Fphishcheck.me&t=1706097291651&de=110223294201&cu=1706097291651&m=673&ar=805b0ce1b97-clean&iw=4a25902&cb=0&ym=0&ll=2&lm=3&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=600&le=1&lf=210&lg=1&lh=30&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A686%3A686%3A609%3A456&aa=0&ad=58&cn=0&gk=58&gl=0&ik=58&ic=58&ez=1&cq=1&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=102&cd=102&ah=102&am=102&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=1000428%3A50000154%3A60015627%3A70020628&bo=googleads.g.doubleclick.net&bd=160x600&gw=travel198849194933&zMoatOrigSlicer1=googleads.g.doubleclick.net&zMoatOrigSlicer2=160x600&zMoatDomain=phishcheck.me&zMoatSubdomain=phishcheck.me&zMoatSSP=0&zMoatDeal=-1&zMoatIMPID=ekJpvPpWDu9e3MOA_SIxftcX2GL4hLAsPEiNzw&hv=Standard%20Image%20Ad%20finding%20&ab=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&jk=2&jm=-1&tc=0&fs=207009&na=1673055783&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.85.120 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-85-120.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:52 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jan 2024 11:54:52 GMT
pixel.gif
travel198849194933.s.moatpixel.com/ Frame F9A0 		43 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://travel198849194933.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=58&fi=1&apd=217&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=phishcheck.me&L1id=1000428&L2id=50000154&L3id=60015627&L4id=70020628&S1id=googleads.g.doubleclick.net&S2id=160x600&ord=1706097291651&r=110223294201&t=hdn&os=1&fi2=0&div1=0&ait=0&zMoatSubdomain=phishcheck.me&zMoatIMPID=ekJpvPpWDu9e3MOA_SIxftcX2GL4hLAsPEiNzw&bedc=1&nosend&q=3&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.197.124 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-197-124.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:52 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jan 2024 11:54:52 GMT
pixel.gif
travel198849194933.s.moatpixel.com/ Frame F9A0 		43 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://travel198849194933.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=58&fi=1&apd=217&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=phishcheck.me&L1id=1000428&L2id=50000154&L3id=60015627&L4id=70020628&S1id=googleads.g.doubleclick.net&S2id=160x600&ord=1706097291651&r=110223294201&t=fv&os=1&fi2=0&div1=0&ait=0&zMoatSubdomain=phishcheck.me&zMoatIMPID=ekJpvPpWDu9e3MOA_SIxftcX2GL4hLAsPEiNzw&bedc=1&nosend&q=4&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.197.124 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-197-124.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:52 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jan 2024 11:54:52 GMT
pixel.gif
px.moatads.com/ Frame 99D6 		43 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=TRAVELAUDIENCE_DISPLAY1&ol=2300941551&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K%25.K%24%3D!%5DxqxLmEV2fy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-4PNLd6uuVWlgP6m3tVv3EhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-mh1aRxmAS248Xw%3D%3D&sc=1&os=1-WQ%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=160&qe=600&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&bq=0&g=1&h=600&w=160&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fphishcheck.me&id=0&ii=2&f=1&j=https%3A%2F%2Fgoogleads.g.doubleclick.net&lp=https%3A%2F%2Fphishcheck.me&t=1706097291694&de=688577920801&cu=1706097291694&m=655&ar=805b0ce1b97-clean&iw=4a25902&cb=0&ym=0&ll=2&lm=3&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=600&le=1&lf=187&lg=1&lh=26&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A698%3A698%3A620%3A473&aa=0&ad=56&cn=0&gk=56&gl=0&ik=56&ic=56&ez=1&cq=1&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=109&cd=109&ah=109&am=109&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=1000428%3A50000154%3A60015627%3A70020628&bo=googleads.g.doubleclick.net&bd=160x600&gw=travel198849194933&zMoatOrigSlicer1=googleads.g.doubleclick.net&zMoatOrigSlicer2=160x600&zMoatDomain=phishcheck.me&zMoatSubdomain=phishcheck.me&zMoatSSP=0&zMoatDeal=-1&zMoatIMPID=9P6auMitxIESrnAvGncpsj7c6ij_KzL28aa_2g&hv=Standard%20Image%20Ad%20finding%20&ab=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&jk=2&jm=-1&tc=0&fs=207009&na=96028980&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.85.120 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-85-120.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:52 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jan 2024 11:54:52 GMT
pixel.gif
travel198849194933.s.moatpixel.com/ Frame 99D6 		43 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://travel198849194933.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=56&fi=1&apd=221&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=phishcheck.me&L1id=1000428&L2id=50000154&L3id=60015627&L4id=70020628&S1id=googleads.g.doubleclick.net&S2id=160x600&ord=1706097291694&r=688577920801&t=hdn&os=1&fi2=0&div1=0&ait=0&zMoatSubdomain=phishcheck.me&zMoatIMPID=9P6auMitxIESrnAvGncpsj7c6ij_KzL28aa_2g&bedc=1&nosend&q=3&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.197.124 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-197-124.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:52 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jan 2024 11:54:52 GMT
pixel.gif
travel198849194933.s.moatpixel.com/ Frame 99D6 		43 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://travel198849194933.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=56&fi=1&apd=221&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=phishcheck.me&L1id=1000428&L2id=50000154&L3id=60015627&L4id=70020628&S1id=googleads.g.doubleclick.net&S2id=160x600&ord=1706097291694&r=688577920801&t=fv&os=1&fi2=0&div1=0&ait=0&zMoatSubdomain=phishcheck.me&zMoatIMPID=9P6auMitxIESrnAvGncpsj7c6ij_KzL28aa_2g&bedc=1&nosend&q=4&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.197.124 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-197-124.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:52 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jan 2024 11:54:52 GMT
AGSKWxWO4ZuWXjy3N9-tyt8fg8YjLVOUzDteJHUnFOAMFFFyC4IMIC5aUHlmpb_psQHvDnMnPlEIDn1UkI3bMvUb1ucWTKBuwNX-PESw8i0cf6zhMS4k9cXYrCXq7r14qTo5lgbVjHtjuA==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWO4ZuWXjy3N9-tyt8fg8YjLVOUzDteJHUnFOAMFFFyC4IMIC5aUHlmpb_psQHvDnMnPlEIDn1UkI3bMvUb1ucWTKBuwNX-PESw8i0cf6zhMS4k9cXYrCXq7r14qTo5lgbVjHtjuA==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.YtkvUvr0KhI.es5.O/am=wA/d=1/rs=AJlcJMzE1BcWevsRDsR0j0ow8Hwoup2wJA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-BWEqpoRQ_YGUwsSRKxnCEA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://phishcheck.me/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 24 Jan 2024 11:54:52 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-BWEqpoRQ_YGUwsSRKxnCEA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://phishcheck.me
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 563C 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssXYzQVhwR9G4P0cNs4G8qPoMgXtqLiOQThLtnKgnb11njB0UpRSoGi_V5kTUylY9H5PZNQCPPyyx17vm_xVGlQ1liqUzNYHFW_0kFIVVAw_hhjbyMLYInmuAzTXB5n2KyVX1iIMAnvsYsl5p6lAk1br7gX&sai=AMfl-YRyJmZjWSTJtaNwPc0bIh632FLoAvJzc-ymZexEQ6GfEKbE0MdOUAtrwGFPNAQgtbR7hTRZLaaLuGgISONWnOJmr4l6MX1RWZWtY89Ok0aekZ-qWw0BD3THDdREG33Wu6tL3gqTHP6liRnXXxR7Ew&sig=Cg0ArKJSzNNJFwYB-Q61EAE&cid=CAQSTwAvHhf_5ARch2kSR5CqF4i65fGf5MFEycmmiKLuNgHxRvHdJSSwgzlt9fnseVHMYZKZ52m7ZW24QGMex9nquCPtHuRG5VPsMpUIYonoiUAYAQ&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=501,975,1000,1000,1000&tos=501,474,25,0,0&v=20240122&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1706097291296&rpt=414&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:52 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240122&jk=3029435665287087&bg=!j4yljMPNAAa8BdJLnAU7ADQBe5WfON0hu1Z8pjqcfnN7QSekeR3L9IfIpdfKnXV84VDNMUPeq26ScZIsVF859NyAd0y0AgAAALNSAAAAAmgBB5kCsrNtJq1eOd7h221kBXqYN_Ty2y_iuqem-7l6seJwORwwrQP6nK6WLphlbnexQju18eHavY4gO850rK_rS5xnaqRLa-Tvoy93oS97uHfI77mRT5wRtCHFlORNbAZjWDoyDLgDkhxumip7ex2MIsuac9OK3UhF50cruH2onqVSZdt7y_s5IEeRpC6MWCt_rXvLiJabqx7IQchZSjVqnoV1n__NYJI7qKl6tU9xMe5BUed-w2zP9GSSjbJJRjHanhgDJ0qHj4MaJDUEJoGKKHBu-xELisdoac0Mfy2bW2gza7qvyfZGsmXdrV8dmwWBBsHoed1rfQ6FwqN8eUm0a8bkKNKJrgFei88XbfpYOwdSQUEiEYp3ZmIHOQe3F2_onjdUm0AcbBlXIpoCMYxGpnn2oObNteK11zNiBrmYoV0Dkx17PLwOJLmGDUESV2Y75W8hAJ0YKNTAwx5RDwErvIR-ZW7yxHJgSznRlvWClKNur4BNpp3FHi1jcuFsi1keAcBFevNMHPLjvy16OZvI9R-dC8VObNoDkufFGJd2fPBZol22FO6JQp029tFSd6WT-8fkLWcyUZYpPyOr_yzwBK7IUA48wdf0tGfH3KaeczSaoHuX5BwCGWUekkCTAppqaZQCdnBWiO3ljNmYdxal4lZYkF8IFN9vTUbq8bi_xfwReSkQk97n8dIuWrbxhMewxhcL_LsQTLPZ8CWPouaEJp-5tOKLlPWCk12YEd2s9hxX7J0iniPrWynLGXib1F376k-TnWQIKin-9PrPVQ56j-IjgOfDdtilVf_R5xIxZVrMGdx80EnyRks9EtkRBV4T1IwOHn_eMx8pLmY8nPd7xwqMA0gfZ--tl5Ct3fLxjEED61V_VJZsL3sh2V-j6TZdYbM1rrZmO8C8ABpdJVw8K77l43iyjA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishcheck.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers
activeview
pagead2.googlesyndication.com/pcs/ Frame 3D8A 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss6Si9zyXsq_OuXkbDCODmSaWNXlBZWdtb5KhxkkC4idFYfAt0DdX3A4f5AZ140Btu33Stie3DYzrsNM5okMeGLxw5ywgiG2GPulSjARCF2s4ZrgvruZ81r1o7qrql3W2scVY3Nx2WoL6kin8gOZGvbr1KN&sai=AMfl-YRc7sWHG7VSZLd8U-BmhflGHYjQsCwvQ5840KB7DqNwBv96Lh25Z3l1IZUK8vQfjUG-ZjJ0AYogdWnOjCNRQYEAcTIkb56pqVvHauD8Z9Dl_sw8qXdid2LrYPmDxSjza0KjwhuRm7MKT7OAqY3sbQ&sig=Cg0ArKJSzKvqGv2ovKcvEAE&cid=CAQSTwAvHhf_1GyUv7QiF29UdfqFUlric4kY8U9jRaRIWfvb7mqgMfz-5FwhMxPZO0tPjmRaE1zENPJMeobj2wMnWuLtofLFDK3Xq6EZZ0iUeHoYAQ&id=lidar2&mcvt=1000&p=0,0,280,1155&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240122&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2508842873&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1706097290338&rpt=1444&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:52 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 09EC 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstS5og3e9-HIFUSUitridDk3WGFSqjyIrdequ6nSAxHttNP8Tw98Dy-d1Lg-7mJwu-FSrpmGZxmm4VC4PLfffJq2qKKyq4JS8CjsQdMbxejsH4PnjniMw&sig=Cg0ArKJSzNxGN1GxNkVcEAE&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240122&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1706097291272&rpt=189&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:53 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame C4B5 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv-K3D99eyYNyegi5mL5SkVqTuz6XqdtK9DKCuYQZRlBmQ5Y_B5_stISKAsP7jde6U1_IyVhPDIOLPRxOP_OXFFhVTqeRqDlRWpkkjGb7RMfDlC0F_mTw&sig=Cg0ArKJSzCMlF0KcZsOJEAE&id=lidar2&mcvt=1001&p=0,0,600,160&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20240122&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1706097291285&rpt=113&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:53 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel.gif
px.moatads.com/ Frame F9A0 		43 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=TRAVELAUDIENCE_DISPLAY1&ol=2300941551&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K%25.K%24%3D!%5DxqxLmEV2fy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-LHlF2iVmV38nsW5MfUWeGV63nryfnddNoipOGLOPg%2Fj24vrl5%2FmliBNlAlwWxmRnpyWz&rs=1-EcfEEAlWe0wLgg%3D%3D&sc=1&os=1-AA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=160&qe=600&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=2&h=600&w=160&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fphishcheck.me&id=0&ii=2&f=1&j=https%3A%2F%2Fgoogleads.g.doubleclick.net&lp=https%3A%2F%2Fphishcheck.me&t=1706097291651&de=110223294201&cu=1706097291651&m=1676&ar=805b0ce1b97-clean&iw=4a25902&cb=0&ym=0&ll=2&lm=3&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=600&le=1&lf=210&lg=1&lh=30&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A686%3A686%3A609%3A456&aa=1&ad=1062&cn=58&gn=1&gk=1062&gl=58&ik=1062&ic=1062&ez=1&co=1062&cp=1020&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1020&cd=102&ah=1020&am=102&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=1000428%3A50000154%3A60015627%3A70020628&bo=googleads.g.doubleclick.net&bd=160x600&gw=travel198849194933&zMoatOrigSlicer1=googleads.g.doubleclick.net&zMoatOrigSlicer2=160x600&zMoatDomain=phishcheck.me&zMoatSubdomain=phishcheck.me&zMoatSSP=0&zMoatDeal=-1&zMoatIMPID=ekJpvPpWDu9e3MOA_SIxftcX2GL4hLAsPEiNzw&hv=Standard%20Image%20Ad%20finding%20&ab=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&jk=4&jm=-1&tc=0&fs=207009&na=1655835288&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.85.120 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-85-120.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:53 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jan 2024 11:54:53 GMT
pixel.gif
travel198849194933.s.moatpixel.com/ Frame F9A0 		43 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://travel198849194933.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=1020&tet=1062&fi=1&apd=1221&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=phishcheck.me&L1id=1000428&L2id=50000154&L3id=60015627&L4id=70020628&S1id=googleads.g.doubleclick.net&S2id=160x600&ord=1706097291651&r=110223294201&t=iv&os=1&fi2=0&div1=1&ait=0&zMoatSubdomain=phishcheck.me&zMoatIMPID=ekJpvPpWDu9e3MOA_SIxftcX2GL4hLAsPEiNzw&bedc=1&nosend&q=5&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.197.124 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-197-124.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:53 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jan 2024 11:54:53 GMT
pixel.gif
px.moatads.com/ Frame F9A0 		43 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=TRAVELAUDIENCE_DISPLAY1&ol=2300941551&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K%25.K%24%3D!%5DxqxLmEV2fy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-LHlF2iVmV38nsW5MfUWeGV63nryfnddNoipOGLOPg%2Fj24vrl5%2FmliBNlAlwWxmRnpyWz&rs=1-EcfEEAlWe0wLgg%3D%3D&sc=1&os=1-AA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=160&qe=600&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=3&h=600&w=160&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fphishcheck.me&id=0&ii=2&f=1&j=https%3A%2F%2Fgoogleads.g.doubleclick.net&lp=https%3A%2F%2Fphishcheck.me&t=1706097291651&de=110223294201&cu=1706097291651&m=1677&ar=805b0ce1b97-clean&iw=4a25902&cb=0&ym=0&ll=2&lm=3&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=600&le=1&lf=210&lg=1&lh=30&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A686%3A686%3A609%3A456&aa=1&ad=1062&cn=1062&gn=1&gk=1062&gl=1062&ik=1062&ic=1062&ez=1&co=1062&cp=1020&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1020&cd=1020&ah=1020&am=1020&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=1000428%3A50000154%3A60015627%3A70020628&bo=googleads.g.doubleclick.net&bd=160x600&gw=travel198849194933&zMoatOrigSlicer1=googleads.g.doubleclick.net&zMoatOrigSlicer2=160x600&zMoatDomain=phishcheck.me&zMoatSubdomain=phishcheck.me&zMoatSSP=0&zMoatDeal=-1&zMoatIMPID=ekJpvPpWDu9e3MOA_SIxftcX2GL4hLAsPEiNzw&hv=Standard%20Image%20Ad%20finding%20&ab=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&jk=4&jm=-1&tc=0&fs=207009&na=2097642964&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.85.120 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-85-120.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:53 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jan 2024 11:54:53 GMT
pixel.gif
px.moatads.com/ Frame 99D6 		43 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=TRAVELAUDIENCE_DISPLAY1&ol=2300941551&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K%25.K%24%3D!%5DxqxLmEV2fy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-4PNLd6uuVWlgP6m3tVv3EhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-mh1aRxmAS248Xw%3D%3D&sc=1&os=1-WQ%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=160&qe=600&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=2&h=600&w=160&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fphishcheck.me&id=0&ii=2&f=1&j=https%3A%2F%2Fgoogleads.g.doubleclick.net&lp=https%3A%2F%2Fphishcheck.me&t=1706097291694&de=688577920801&cu=1706097291694&m=1658&ar=805b0ce1b97-clean&iw=4a25902&cb=0&ym=0&ll=2&lm=3&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=600&le=1&lf=187&lg=1&lh=26&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A698%3A698%3A620%3A473&aa=1&ad=1060&cn=56&gn=1&gk=1060&gl=56&ik=1060&ic=1060&ez=1&co=1060&cp=1024&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1024&cd=109&ah=1024&am=109&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=1000428%3A50000154%3A60015627%3A70020628&bo=googleads.g.doubleclick.net&bd=160x600&gw=travel198849194933&zMoatOrigSlicer1=googleads.g.doubleclick.net&zMoatOrigSlicer2=160x600&zMoatDomain=phishcheck.me&zMoatSubdomain=phishcheck.me&zMoatSSP=0&zMoatDeal=-1&zMoatIMPID=9P6auMitxIESrnAvGncpsj7c6ij_KzL28aa_2g&hv=Standard%20Image%20Ad%20finding%20&ab=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&jk=4&jm=-1&tc=0&fs=207009&na=1767750893&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.85.120 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-85-120.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:53 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jan 2024 11:54:53 GMT
pixel.gif
travel198849194933.s.moatpixel.com/ Frame 99D6 		43 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://travel198849194933.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=1024&tet=1060&fi=1&apd=1225&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=phishcheck.me&L1id=1000428&L2id=50000154&L3id=60015627&L4id=70020628&S1id=googleads.g.doubleclick.net&S2id=160x600&ord=1706097291694&r=688577920801&t=iv&os=1&fi2=0&div1=1&ait=0&zMoatSubdomain=phishcheck.me&zMoatIMPID=9P6auMitxIESrnAvGncpsj7c6ij_KzL28aa_2g&bedc=1&nosend&q=5&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.197.124 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-197-124.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:53 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jan 2024 11:54:53 GMT
pixel.gif
px.moatads.com/ Frame F9A0 		43 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=2&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=TRAVELAUDIENCE_DISPLAY1&ol=2300941551&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K%25.K%24%3D!%5DxqxLmEV2fy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-LHlF2iVmV38nsW5MfUWeGV63nryfnddNoipOGLOPg%2Fj24vrl5%2FmliBNlAlwWxmRnpyWz&rs=1-EcfEEAlWe0wLgg%3D%3D&sc=1&os=1-AA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=160&qe=600&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=4&h=600&w=160&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fphishcheck.me&id=0&ii=2&f=1&j=https%3A%2F%2Fgoogleads.g.doubleclick.net&lp=https%3A%2F%2Fphishcheck.me&t=1706097291651&de=110223294201&cu=1706097291651&m=1677&ar=805b0ce1b97-clean&iw=4a25902&cb=0&ym=0&ll=2&lm=3&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=600&le=1&lf=210&lg=1&lh=30&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A686%3A686%3A609%3A456&aa=1&ad=1062&cn=1062&gn=1&gk=1062&gl=1062&ik=1062&ic=1062&ez=1&co=1062&cp=1020&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1020&cd=1020&ah=1020&am=1020&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=1000428%3A50000154%3A60015627%3A70020628&bo=googleads.g.doubleclick.net&bd=160x600&gw=travel198849194933&zMoatOrigSlicer1=googleads.g.doubleclick.net&zMoatOrigSlicer2=160x600&zMoatDomain=phishcheck.me&zMoatSubdomain=phishcheck.me&zMoatSSP=0&zMoatDeal=-1&zMoatIMPID=ekJpvPpWDu9e3MOA_SIxftcX2GL4hLAsPEiNzw&hv=Standard%20Image%20Ad%20finding%20&ab=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&jk=4&jm=-1&tc=0&fs=207009&na=1544722998&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.85.120 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-85-120.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:53 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jan 2024 11:54:53 GMT
pixel.gif
px.moatads.com/ Frame 99D6 		43 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=TRAVELAUDIENCE_DISPLAY1&ol=2300941551&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K%25.K%24%3D!%5DxqxLmEV2fy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-4PNLd6uuVWlgP6m3tVv3EhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-mh1aRxmAS248Xw%3D%3D&sc=1&os=1-WQ%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=160&qe=600&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=3&h=600&w=160&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fphishcheck.me&id=0&ii=2&f=1&j=https%3A%2F%2Fgoogleads.g.doubleclick.net&lp=https%3A%2F%2Fphishcheck.me&t=1706097291694&de=688577920801&cu=1706097291694&m=1659&ar=805b0ce1b97-clean&iw=4a25902&cb=0&ym=0&ll=2&lm=3&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=600&le=1&lf=187&lg=1&lh=26&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A698%3A698%3A620%3A473&aa=1&ad=1060&cn=1060&gn=1&gk=1060&gl=1060&ik=1060&ic=1060&ez=1&co=1060&cp=1024&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1024&cd=1024&ah=1024&am=1024&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=1000428%3A50000154%3A60015627%3A70020628&bo=googleads.g.doubleclick.net&bd=160x600&gw=travel198849194933&zMoatOrigSlicer1=googleads.g.doubleclick.net&zMoatOrigSlicer2=160x600&zMoatDomain=phishcheck.me&zMoatSubdomain=phishcheck.me&zMoatSSP=0&zMoatDeal=-1&zMoatIMPID=9P6auMitxIESrnAvGncpsj7c6ij_KzL28aa_2g&hv=Standard%20Image%20Ad%20finding%20&ab=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&jk=4&jm=-1&tc=0&fs=207009&na=350412689&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.85.120 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-85-120.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:53 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jan 2024 11:54:53 GMT
pixel.gif
px.moatads.com/ Frame 99D6 		43 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=2&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=TRAVELAUDIENCE_DISPLAY1&ol=2300941551&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K%25.K%24%3D!%5DxqxLmEV2fy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-4PNLd6uuVWlgP6m3tVv3EhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-mh1aRxmAS248Xw%3D%3D&sc=1&os=1-WQ%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=160&qe=600&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=4&h=600&w=160&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fphishcheck.me&id=0&ii=2&f=1&j=https%3A%2F%2Fgoogleads.g.doubleclick.net&lp=https%3A%2F%2Fphishcheck.me&t=1706097291694&de=688577920801&cu=1706097291694&m=1659&ar=805b0ce1b97-clean&iw=4a25902&cb=0&ym=0&ll=2&lm=3&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=600&le=1&lf=187&lg=1&lh=26&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A698%3A698%3A620%3A473&aa=1&ad=1060&cn=1060&gn=1&gk=1060&gl=1060&ik=1060&ic=1060&ez=1&co=1060&cp=1024&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1024&cd=1024&ah=1024&am=1024&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=1000428%3A50000154%3A60015627%3A70020628&bo=googleads.g.doubleclick.net&bd=160x600&gw=travel198849194933&zMoatOrigSlicer1=googleads.g.doubleclick.net&zMoatOrigSlicer2=160x600&zMoatDomain=phishcheck.me&zMoatSubdomain=phishcheck.me&zMoatSSP=0&zMoatDeal=-1&zMoatIMPID=9P6auMitxIESrnAvGncpsj7c6ij_KzL28aa_2g&hv=Standard%20Image%20Ad%20finding%20&ab=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&jk=4&jm=-1&tc=0&fs=207009&na=1301485295&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.85.120 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-85-120.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.ads.travelaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jan 2024 11:54:53 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jan 2024 11:54:53 GMT

Verdicts & Comments Add Verdict or Comment

82 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 function| $ function| jQuery object| bootbox number| recent_sub_beacon_id function| get_recent_submissions function| vote function| display_messages function| search function| check object| jQuery111006119314685721446 object| currentUser string| submit_url string| login_url string| index object| google_js_reporting_queue number| google_srt object| google_persistent_state_async object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_tag_data object| google_reactive_ads_global_state object| adsbygoogle object| google_sa_queue function| google_process_slots object| google_ama_state function| google_spfd number| google_unique_id object| google_sv_map number| google_rum_task_id_counter string| google_user_agent_client_hint function| google_sa_impl object| google_image_requests number| google_global_correlator object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages object| google_llp object| googlefc boolean| adsbygoogle_ama_fc_has_run object| default_ContributorServingResponseClientJs object| _F_toggles object| __googlefc string| __fcInvoked string| __fcexpdef string| N2M2MjI1MzM1NjQ1NWUzNWxvYWRlcl9qcw== string| N2M2MjI1MzM1NjQ1NWUzNWNhY2hlZF9qcw== object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady function| __uspapi object| __uspapiManager boolean| __uspapiPostMessageReady object| __gppEventListeners function| __gpp object| __gppManager boolean| __gppPostMessageReady object| googletag object| GoogleGcLKhOms boolean| eda7b4cc-5f60-4caa-aeac-a0461d9519e9 function| googleCompanionsServicePresent function| googleGetCompanionAdSlots function| googleSetCompanionAdContents function| google_companion_error

27 Cookies

Domain/Path Name / Value
phishcheck.me/ Name: csrftoken
Value: Nsfr5CIeuMk46ACGIzULF6fqaf9EvTKLWt6QRFmZ4WWaZbK67Zr4fEHmCtedPTVF
phishcheck.me/ Name: sessionid
Value: xwifwf5llf2hh6ep9y1vc52uee1ach7a
.phishcheck.me/ Name: __gads
Value: ID=cf8e26cedd468686:T=1706097290:RT=1706097290:S=ALNI_MaOURgTX5d7e5A0n2Q9HBEae3AtzA
.phishcheck.me/ Name: __gpi
Value: UID=00000d4828af7ef9:T=1706097290:RT=1706097290:S=ALNI_MZ3Lu6im7vRfyYQG_nUxw4o7R38Fw
.travelaudience.com/ Name: _tracker
Value: %7B%22pb%22%3A%2290000%22%2C%22UUID%22%3A%229EE8ACEC-6472-4FC3-9249-BD370958F37D%22%7D
.casalemedia.com/ Name: CMID
Value: ZbD6i0sBuk7E0NXjJkgSXgAA
.casalemedia.com/ Name: CMPS
Value: 5193
.casalemedia.com/ Name: CMPRO
Value: 5193
.adnxs.com/ Name: XANDR_PANID
Value: 2Jiw9VH6eyqDUTUTg44yZ32oy0pbBpPVY_TOB91XoNMGKVVOt4TCrXfRnxMBMm76DMmIck-_ceK9ZgOIwZVL4t_9KP9ceuK_UyHqkMcNf4Q.
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.adnxs.com/ Name: uuid2
Value: 3092956379452550220
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2C''@ZuZW!@wnfH8K6pQK`!5=E<*L5?%Lzg>ku'fC0]cc/W-RYw7O0m?/C`:'oKGnS-N:%nugO%v4VB%nnqK*?c'S
.doubleclick.net/ Name: IDE
Value: AHWqTUkvMBk_dtkGcXGpOXt_fZux09lfgYtMDDBQvmzIzSGWRExRzIZYbOHj9aUlP_U
.phishcheck.me/ Name: __eoi
Value: ID=caa3a71ef74c5fd3:T=1706097291:RT=1706097291:S=AA-AfjaEquJrI6Vu6VYYJH78tR6a
.quantserve.com/ Name: d
Value: EE8BCQH9KoEA
.quantserve.com/ Name: mc
Value: 65b0fa8b-c902c-c6167-51711
.ctnsnet.com/ Name: cid_fa2ce41ed50b442b955d615479e8c87f
Value: 1
.ctnsnet.com/ Name: gid_CAESEJvH_ed8nlR-MNI1E55AjAI
Value: 1
.w55c.net/ Name: wfivefivec
Value: W7Hm5XKg1RsBQf5
.doubleclick.net/ Name: DSID
Value: NO_DATA
.w55c.net/ Name: matchgoogle
Value: 5
.adform.net/ Name: C
Value: 1
.adform.net/ Name: uid
Value: 8107219912572748333
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~ZbD6iwAQ3SbfZQBH
.googleadservices.com/ Name: ar_debug
Value: 1
.tribalfusion.com/ Name: ANON_ID
Value: aunt6Zawl6h7bQQwbPBqU8flOrUDEYo8YtusXb7rbn14TBN300BRQLJpUY6Zba8B1vGCaOQUqnAMOfEN5bZa4WsvpP6KmgP
.phishcheck.me/ Name: FCNEC
Value: %5B%5B%22AKsRol8D6o_dYRu3qdrl4MrvyDkVxrjjcUdLEBuAtEsoNdL0Ch7qFIykxg5Fv7pK947p_Rc2UsBSz3ImNewVRDuC8Sd08bNE2-ftym3x5yGWEedwp9wi6wyuhoj6uQIyBDHSrH_anR2li94WX_auApikjNDOc-Xj9g%3D%3D%22%5D%5D

4 Console Messages

Source Level URL
Text
violation error URL: https://z.moatads.com/travel198849194933/moatad.js(Line 139)
Message:
Permissions policy violation: accelerometer is not allowed in this document.
javascript warning URL: https://z.moatads.com/travel198849194933/moatad.js(Line 139)
Message:
The deviceorientation events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
violation error URL: https://z.moatads.com/travel198849194933/moatad.js(Line 139)
Message:
Permissions policy violation: accelerometer is not allowed in this document.
javascript warning URL: https://z.moatads.com/travel198849194933/moatad.js(Line 139)
Message:
The deviceorientation events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
ad.doubleclick.net
ads.travelaudience.com
ajax.googleapis.com
c1.adform.net
cdnjs.cloudflare.com
cm.g.doubleclick.net
cms.quantserve.com
dis.criteo.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
googleads.g.doubleclick.net
ib.adnxs.com
ius.ctnsnet.com
match.adsrvr.org
mb.moatads.com
netdna.bootstrapcdn.com
odr.mookie1.com
onetag-sys.com
pagead2.googlesyndication.com
phishcheck.me
pm.w55c.net
px.moatads.com
rtb.ads.travelaudience.com
s.tribalfusion.com
s0.2mdn.net
static.travelaudience.com
sync-tm.everesttech.net
sync.teads.tv
tpc.googlesyndication.com
travel198849194933.s.moatpixel.com
www.google.com
www.googleadservices.com
www.googletagservices.com
www.gstatic.com
www.paypalobjects.com
x.bidswitch.net
z.moatads.com
104.18.36.155
130.162.160.243
142.250.184.198
142.250.185.226
142.93.23.27
151.101.194.49
172.217.16.194
178.250.1.9
185.89.210.180
192.229.221.25
2.16.97.41
2.19.85.120
2606:4700::6811:180e
2606:4700::6812:18ad
2606:4700::6812:bcf
2620:116:800d:21:5ed4:8d5d:fed7:f5ef
2a00:1450:4001:802::2001
2a00:1450:4001:813::2003
2a00:1450:4001:828::2004
2a00:1450:4001:828::200a
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2002
2a00:1450:4001:830::2006
2a00:1450:4001:830::200a
2a00:1450:4001:831::2003
2a00:1450:4001:831::200e
34.160.236.64
35.186.193.173
35.187.184.108
35.190.0.66
35.214.149.91
35.244.170.237
37.157.5.133
51.75.86.98
52.223.40.198
52.57.64.28
95.101.197.124
0b833840de04344fdd95f89a9d472078817a4551d9239cda785e4b3ae75fa590
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0db3be559e2ede132b39c1986d8049022061fcdd4253f9fd328a65258e833c2a
0e739e03db0cc93821d515e42b6c7efcfa946fc773f153b78f7e405cc4f81289
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
19501ff45cc2c370977ec54de776f01e27cf53954826e0556aa665a76c9c140a
1fc09dc438a98d7b7f7bc62eb016c89c2c253792773bff7ef102287fd2a80725
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
242b74e6d4d539082c6eb8ec75a99a64b4756fa8de5089ae9b701756a0453d61
25cf0f0ce42f8acd9ea6facc223f54105c7fd0cce63fb7bb5d83e6600100acbd
26f64f8bbe24fd08534113bcb1e61988c2e941edf55834661e776ac266cecb68
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
332f2c85f961f74d4b347428b118ce64cfe69db1f1cd2e84986959ecb32e1fd7
3384e396c88e07cd7d0e46d5361eff9ab20ff9f65dfb94436030ccd116943bc6
33a91bd6d378215fcd413c279aa88d48bda6c8b2ef7695892777c87de37de256
34b519177096c8a3856bd61cc9b83c161bab0a6370d360391e847b8579ea7113
39b752928c723222cf1a05d1a77a7f64ce5a8f055f3d1052ad03a2f2d6370265
3d8945eaac12dff7cd51c9ea32e170e08add61f9a540bf808087a443aaa252a7
3f77f7e2b0606d55613429fc375f64a40289fd47b32acde99551429b8177fed0
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c4bdefb43f4c3b5fb7fc1da0cf4582acc4dcfd5650bf5c3fea5958b10ce0fe2
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
547fd459bc266dc8d1bfcc83ce9f4426735447dae12ed61fdbe2a66a2cec4518
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54db8dca7039b548a0aa4e5e22fcea2a4e536b8aaec0b13a750dbc61ca3f3538
559ed27b48f52ad1c65466a95a120b8264f7dea4a23d31f2ebb3b5beca3321f6
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5828ff27c35c12c94d0d8b3cdfd77b28606034437c009902d28cf7f5bcb6a907
5854719c83c89d43c7728ea403c0aa646a540f45faaa6502dcc5f8e7131238d4
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
612d21d60c26be7bf7a1e099959a6f939e37ca776d81e8e3c9f00a3b73eb4250
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61ce0440ca94ab6604a2c760ac161c0d0634e059e9c3a89e82b1e6efe1f469a0
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
789f13eeffbcd5a94d003f92dda5b3cadb25cdda4781ad8be01332f0254da6a8
7b77c8e2035c90a1b42a52f3a97665ce2f5a41f140f5fecb43d755c4ddb66fcc
898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1
8ad699b94dcb8ac5c24ab5f4e6bfaa6fa8ddd26d90ff42fc3e395a8310684512
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
9080181aa8eefa0e9dc0df53eecf7bd2e4238c23452f28fe4dc7d6009dfae190
92016595204fe1edcc5030715ad76820727b191e02471967613e58d9436d1a15
923963e0a56b84c4438f2359121e855e147a01a78a2591c471179cfc9bf0e784
96910c945a6cb680f3eccbb2c9bfb9405c03b5daaddd4c15b94d83eb42c08a87
97c530c44249746307c2b01b37eed0f53757d139bc4243798f468c71da9844da
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a122bce420d60fd8d80b6d49110b7fbe427175ea7a327bed2591d135bc92ccf8
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ad2011589699e6f1fbd716af022e7069cca8e54f4bf8637143c2eaf876c02f83
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
baccf45a36486a2abc76291138c8661c88e8a2aa1ad74d279882ae80245e0fb4
bea79c9a6f49deeccdb97aa043f55c13a14191aff4de645caa197b8a02e5ec23
c2a69649d15f908464902e679f465757cff39c3f59f8d92f4117987152c50303
c7f7157221d56dc9071ea516565617d52972c64bdb93e15068fb5c77fd60cbda
c88f2bfe24b1ea2b1edf5c3b678de67ae68b5b457e8001eba865be15b6e126d5
c8c38714236c1b847b96fbebaba10af1574a7f4d567f8cfbdb3dfe2997ab18fb
caaed4b4058e2c702b5c75580c003035120e5bb122d2f102e5f7a33922d8013e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d32c9d8b90c6b5b6f788af6e9629136553146a68f8e4f62a69d29fa970efd744
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
d5dc8f0e43d36678bfec4beb79ea87672a4d127693e591f8cc31e43c273c3f5d
d699f303990ce9bd7d7c97e9bd3cad6a46ecf2532f475cf22ae58213237821b9
d6ea1b131386b994d1c42f103b142a8c6a39df572b10638db0b41104ca371010
db3a779e892add0433a2120a00827db775102b2a9ebe1d9e04fa6bd698de206a
db3df22768fe7273aa43d8f6cf193b406b1cb15f5d4a26ad36f73e5fdf86a331
e05edee09b002722d47693fb43c49a87ceba8c23a1bfbdb353913c948444478c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4b41ce99748632ecedeac8aa0714711b401e9608da0df8d336cbdcfad9ef7b9
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e61ccefe2cfcfa663fe2cd010e214ea4287b9f566a04392fef0b3ed9b435cce7
e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c
eb4fec10d8f4484b291b7c7d0de59d1b4375e000029fd1a128ad10c270d8d803
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef34301455784e8a56ecc7a80985d6fd317ddd8328b6232dc0bc3223d79c91c2
f10edb0fc5923f00bd49d48ee40d65f46afc75d0d166bff8367b308ea9154909
f58309f6361e67c1bfc3f0cd9fe217c931c95911b21129dbafb364e2a8902c19
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390
fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e
ff68e62bfad368b268ac29f8664b8272695df200782ecdffbb0c4637460879a3