www.unrefugees.org Open in urlscan Pro
52.35.28.98 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://click.e.unrefugees.org/?qs=6aadaa481c587857373858e4b5a1641ed79cafe958dd5405e4ad9ddc41d2a1ee8d483a5025f664be41e3087a7400...
Effective URL:
https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APP...
Submission: On February 09 via api (February 9th 2022, 4:26:41 pm UTC) from US — Scanned from DE

Summary HTTP 132 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 53 IPs in 7 countries across 49 domains to perform 132 HTTP transactions. The main IP is 52.35.28.98, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is www.unrefugees.org. The Cisco Umbrella rank of the primary domain is 844885.
TLS certificate: Issued by Amazon on December 8th 2021. Valid for: a year.

This is the only time www.unrefugees.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	13.111.228.216 13.111.228.216	22606 (EXACT-7) (EXACT-7)
14 22	52.35.28.98 52.35.28.98	16509 (AMAZON-02) (AMAZON-02)
7	2a03:5f80:a::... 2a03:5f80:a::b212:e7c0	50952 (DATAIX-AS...) (DATAIX-AS Peering Ltd.)
3	18.209.73.183 18.209.73.183	14618 (AMAZON-AES) (AMAZON-AES)
14	13.32.99.105 13.32.99.105	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:1b	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2606:4700:303... 2606:4700:3038::6815:e9dd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
3	151.101.193.21 151.101.193.21	54113 (FASTLY) (FASTLY)
1	18.66.112.6 18.66.112.6	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:400c:c04::5c	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
1	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
3 4	142.250.185.230 142.250.185.230	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2620:116:800d... 2620:116:800d:21:f916:5049:f87f:108e	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	3.20.2.247 3.20.2.247	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1288:80:... 2a00:1288:80:800::7001	203220 (YAHOO-DEB) (YAHOO-DEB)
1	35.190.72.228 35.190.72.228	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400c:c07::9d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	2600:9000:223... 2600:9000:223c:cc00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
10	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	212.82.100.181 212.82.100.181	34010 (YAHOO-IRD) (YAHOO-IRD)
1	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
3 7	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
1	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1	2600:9000:223... 2600:9000:223c:400:1:76cf:fe80:93a1	16509 (AMAZON-02) (AMAZON-02)
1	34.248.81.51 34.248.81.51	16509 (AMAZON-02) (AMAZON-02)
2 2	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1 2	185.33.221.50 185.33.221.50	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	54.76.200.156 54.76.200.156	16509 (AMAZON-02) (AMAZON-02)
1	3.125.70.222 3.125.70.222	16509 (AMAZON-02) (AMAZON-02)
1	23.58.216.132 23.58.216.132	16625 (AKAMAI-AS) (AKAMAI-AS)
1	18.185.129.178 18.185.129.178	16509 (AMAZON-02) (AMAZON-02)
1 1	13.32.121.9 13.32.121.9	16509 (AMAZON-02) (AMAZON-02)
1 3	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	184.73.169.224 184.73.169.224	14618 (AMAZON-AES) (AMAZON-AES)
1 2	72.247.225.98 72.247.225.98	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	185.94.180.125 185.94.180.125	35220 (SPOTX-AMS) (SPOTX-AMS)
1	2600:1f18:612... 2600:1f18:612b:4200:43f8:c79a:f116:17d6	14618 (AMAZON-AES) (AMAZON-AES)
1	18.168.101.220 18.168.101.220	16509 (AMAZON-02) (AMAZON-02)
1	52.215.247.247 52.215.247.247	16509 (AMAZON-02) (AMAZON-02)
1 2	3.126.65.212 3.126.65.212	16509 (AMAZON-02) (AMAZON-02)
2 2	151.101.130.49 151.101.130.49	54113 (FASTLY) (FASTLY)
1	151.101.66.137 151.101.66.137	54113 (FASTLY) (FASTLY)
1	52.222.206.77 52.222.206.77	16509 (AMAZON-02) (AMAZON-02)
13	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
1	162.247.243.147 162.247.243.147	13335 (CLOUDFLAR...) (CLOUDFLARENET)
132	53

1 13.111.228.216 (United States) 1 redirects

ASN22606 (EXACT-7, US)
PTR: click.e.unrefugees.org

click.e.unrefugees.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 52.35.28.98 (Boardman, United States) 14 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-35-28-98.us-west-2.compute.amazonaws.com

www.unrefugees.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a03:5f80:a::b212:e7c0 (Russian Federation)

ASN50952 (DATAIX-AS Peering Ltd., RU)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.209.73.183 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-209-73-183.compute-1.amazonaws.com

www.tfaforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 13.32.99.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-105.fra60.r.cloudfront.net

cdn.unrefugees.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:1b (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3038::6815:e9dd (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.plyr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.193.21 (United States)

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.sandbox.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.6 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-6.fra56.r.cloudfront.net

static-na.payments-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400c:c04::5c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

pay.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.98 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f98.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.230 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f6.1e100.net

4647326.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:f916:5049:f87f:108e (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.20.2.247 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-20-2-247.us-east-2.compute.amazonaws.com

collector-3219.tvsquared.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:80:800::7001 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.72.228 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 228.72.190.35.bc.googleusercontent.com

www.tp88trk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c07::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:cc00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.181 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spdc.pbp.vip.ir2.yahoo.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 193.0.160.128 (United States) 3 redirects

ASN54312 (ROCKETFUEL, US)

20668909p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
20826429p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::11 (United Kingdom)

ASN56396 (AMOBEE, GB)

r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:400:1:76cf:fe80:93a1 (United States)

ASN16509 (AMAZON-02, US)

c1.rfihub.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.248.81.51 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-81-51.eu-west-1.compute.amazonaws.com

w.usabilla.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.98 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.221.50 (Amsterdam, Netherlands) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.215.191 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
x.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.76.200.156 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-200-156.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.125.70.222 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-125-70-222.eu-central-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.58.216.132 (Berlin, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-58-216-132.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.185.129.178 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-129-178.eu-central-1.compute.amazonaws.com

bs.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.121.9 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-9.fra60.r.cloudfront.net

live.rezync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.244.174.68 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.73.169.224 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-184-73-169-224.compute-1.amazonaws.com

bpi.rtactivate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.247.225.98 (Berlin, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a72-247-225-98.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.125 (Amsterdam, Netherlands) 1 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4200:43f8:c79a:f116:17d6 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.168.101.220 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-168-101-220.eu-west-2.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.215.247.247 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-247-247.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.65.212 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-65-212.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.130.49 (United States) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.206.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-206-77.fra56.r.cloudfront.net

d6tizftlrpuof.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.243.147 (United States)

ASN13335 (CLOUDFLARENET, US)

bam-cell.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
37	unrefugees.org 15 redirects click.e.unrefugees.org www.unrefugees.org — Cisco Umbrella Rank: 844885 cdn.unrefugees.org	2 MB
24	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2 pay.google.com — Cisco Umbrella Rank: 3171 adservice.google.com — Cisco Umbrella Rank: 59 play.google.com — Cisco Umbrella Rank: 32	385 KB
10	doubleclick.net 5 redirects 4647326.fls.doubleclick.net ad.doubleclick.net — Cisco Umbrella Rank: 167 stats.g.doubleclick.net — Cisco Umbrella Rank: 67 googleads.g.doubleclick.net — Cisco Umbrella Rank: 37 cm.g.doubleclick.net — Cisco Umbrella Rank: 175	5 KB
8	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	40 KB
7	rfihub.com 3 redirects 20668909p.rfihub.com 20826429p.rfihub.com a.rfihub.com — Cisco Umbrella Rank: 2921 p.rfihub.com — Cisco Umbrella Rank: 615	10 KB
7	gstatic.com fonts.gstatic.com www.gstatic.com	266 KB
7	typekit.net use.typekit.net — Cisco Umbrella Rank: 399 p.typekit.net — Cisco Umbrella Rank: 510	150 KB
6	google.de adservice.google.de — Cisco Umbrella Rank: 9027 www.google.de — Cisco Umbrella Rank: 6342	2 KB
3	rlcdn.com 1 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 283	1013 B
3	bing.com bat.bing.com — Cisco Umbrella Rank: 331	11 KB
3	paypal.com www.paypal.com — Cisco Umbrella Rank: 2530 www.sandbox.paypal.com — Cisco Umbrella Rank: 39996	99 KB
3	tfaforms.com www.tfaforms.com — Cisco Umbrella Rank: 65938	74 KB
2	everesttech.net 2 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 491	609 B
2	bidswitch.net 1 redirects x.bidswitch.net — Cisco Umbrella Rank: 265	1 KB
2	spotxchange.com 1 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 469	1 KB
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 488	2 KB
2	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 187	2 KB
2	adnxs.com 1 redirects ib.adnxs.com — Cisco Umbrella Rank: 210	2 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 97	496 B
2	yimg.com s.yimg.com — Cisco Umbrella Rank: 372	7 KB
2	tvsquared.com collector-3219.tvsquared.com	9 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 126	114 KB
2	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 829 pixel.quantserve.com — Cisco Umbrella Rank: 374	10 KB
1	nr-data.net bam-cell.nr-data.net — Cisco Umbrella Rank: 311	622 B
1	cloudfront.net d6tizftlrpuof.cloudfront.net	2 KB
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 306	14 KB
1	krxd.net beacon.krxd.net — Cisco Umbrella Rank: 371	338 B
1	agkn.com aa.agkn.com — Cisco Umbrella Rank: 388	238 B
1	tremorhub.com partners.tremorhub.com — Cisco Umbrella Rank: 864	183 B
1	addthis.com x.dlx.addthis.com — Cisco Umbrella Rank: 982	191 B
1	rtactivate.com bpi.rtactivate.com — Cisco Umbrella Rank: 1708	109 B
1	rezync.com 1 redirects live.rezync.com — Cisco Umbrella Rank: 1871	789 B
1	serving-sys.com bs.serving-sys.com — Cisco Umbrella Rank: 1187	105 B
1	media.net contextual.media.net — Cisco Umbrella Rank: 478	615 B
1	eyeota.net ps.eyeota.net — Cisco Umbrella Rank: 845	344 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 288	239 B
1	bluekai.com 1 redirects stags.bluekai.com — Cisco Umbrella Rank: 447	676 B
1	usabilla.com w.usabilla.com — Cisco Umbrella Rank: 2976	11 KB
1	rfihub.net c1.rfihub.net — Cisco Umbrella Rank: 5862	6 KB
1	turn.com r.turn.com — Cisco Umbrella Rank: 2694	398 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	983 B
1	yahoo.com sp.analytics.yahoo.com — Cisco Umbrella Rank: 796	715 B
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 770	1 KB
1	tp88trk.com www.tp88trk.com — Cisco Umbrella Rank: 31523	18 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 99	15 KB
1	payments-amazon.com static-na.payments-amazon.com — Cisco Umbrella Rank: 11701	19 KB
1	plyr.io cdn.plyr.io — Cisco Umbrella Rank: 13707	32 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 546	30 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 50	82 KB
132	49

	Domain	Requested by
22	www.unrefugees.org	14 redirects www.unrefugees.org
14	cdn.unrefugees.org	www.unrefugees.org
13	play.google.com	www.gstatic.com
8	www.google-analytics.com	www.googletagmanager.com www.unrefugees.org www.gstatic.com www.google-analytics.com
6	www.gstatic.com	www.google.com pay.google.com www.gstatic.com
6	use.typekit.net	www.unrefugees.org use.typekit.net
5	www.google.com	www.unrefugees.org
4	p.rfihub.com	2 redirects
4	www.google.de	www.unrefugees.org
4	pay.google.com	www.unrefugees.org pay.google.com www.gstatic.com
3	idsync.rlcdn.com	1 redirects www.unrefugees.org
3	stats.g.doubleclick.net	www.google-analytics.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.unrefugees.org
3	www.tfaforms.com	www.unrefugees.org
2	www.sandbox.paypal.com	www.paypal.com
2	sync-tm.everesttech.net	2 redirects
2	x.bidswitch.net	1 redirects
2	sync.search.spotxchange.com	1 redirects
2	dsum-sec.casalemedia.com	1 redirects www.unrefugees.org
2	dpm.demdex.net	1 redirects www.unrefugees.org
2	ib.adnxs.com	1 redirects www.unrefugees.org
2	cm.g.doubleclick.net	2 redirects
2	www.facebook.com	www.unrefugees.org
2	adservice.google.de	www.unrefugees.org adservice.google.com
2	adservice.google.com	1 redirects 4647326.fls.doubleclick.net
2	ad.doubleclick.net	2 redirects
2	s.yimg.com	www.unrefugees.org s.yimg.com
2	collector-3219.tvsquared.com	www.unrefugees.org
2	connect.facebook.net	www.unrefugees.org connect.facebook.net
2	4647326.fls.doubleclick.net	1 redirects www.googletagmanager.com
1	bam-cell.nr-data.net	js-agent.newrelic.com
1	d6tizftlrpuof.cloudfront.net	www.unrefugees.org
1	js-agent.newrelic.com	www.unrefugees.org
1	beacon.krxd.net	www.unrefugees.org
1	aa.agkn.com	www.unrefugees.org
1	partners.tremorhub.com	www.unrefugees.org
1	x.dlx.addthis.com	www.unrefugees.org
1	bpi.rtactivate.com	www.unrefugees.org
1	live.rezync.com	1 redirects
1	bs.serving-sys.com	www.unrefugees.org
1	contextual.media.net	www.unrefugees.org
1	ps.eyeota.net	www.unrefugees.org
1	pixel.rubiconproject.com	www.unrefugees.org
1	stags.bluekai.com	1 redirects
1	a.rfihub.com	www.unrefugees.org
1	20826429p.rfihub.com	c1.rfihub.net
1	w.usabilla.com	www.unrefugees.org
1	c1.rfihub.net	www.unrefugees.org
1	r.turn.com	www.unrefugees.org
1	20668909p.rfihub.com	1 redirects
1	p.typekit.net	use.typekit.net
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	www.unrefugees.org
1	sp.analytics.yahoo.com	www.unrefugees.org
1	pixel.quantserve.com	www.unrefugees.org
1	rules.quantcount.com	secure.quantserve.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	www.tp88trk.com	www.googletagmanager.com
1	secure.quantserve.com	www.unrefugees.org
1	www.googleadservices.com	www.googletagmanager.com
1	static-na.payments-amazon.com	www.unrefugees.org
1	www.paypal.com	www.unrefugees.org
1	cdn.plyr.io	www.unrefugees.org
1	code.jquery.com	www.unrefugees.org
1	www.googletagmanager.com	www.unrefugees.org
1	click.e.unrefugees.org	1 redirects
132	66

This site contains links to these domains. Also see Links.

Domain
give.unrefugees.org
www.facebook.com
twitter.com
www.youtube.com
instagram.com
donate.unrefugees.org

Subject Issuer	Validity	Valid
unrefugees.org Amazon	`2021-12-08` - `2023-01-05`	a year	crt.sh
use.typekit.net DigiCert TLS RSA SHA256 2020 CA1	`2021-08-16` - `2022-08-16`	a year	crt.sh
*.tfaforms.com Amazon	`2021-06-15` - `2022-07-14`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-04-03` - `2022-04-02`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2021-11-02` - `2022-03-15`	4 months	crt.sh
static-na.payments-amazon.com Amazon	`2021-07-22` - `2022-08-20`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-01-10` - `2022-04-04`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2021-12-22` - `2022-06-22`	6 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-11-18` - `2022-02-16`	3 months	crt.sh
*.tvsquared.com Amazon	`2021-09-16` - `2022-10-14`	a year	crt.sh
*.api.fantasysports.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-01-31` - `2022-03-23`	2 months	crt.sh
tp88trk.com Go Daddy Secure Certificate Authority - G2	`2021-01-17` - `2022-02-18`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-01-10` - `2022-04-04`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
real.sp.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-10-19` - `2022-04-13`	6 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-01-10` - `2022-04-04`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-01-10` - `2022-04-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-01-10` - `2022-04-04`	3 months	crt.sh
*.rfihub.net Amazon	`2021-12-29` - `2023-01-27`	a year	crt.sh
w.usabilla.com Amazon	`2021-03-12` - `2022-04-10`	a year	crt.sh
*.rfihub.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-18` - `2022-06-18`	2 years	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2021-04-12` - `2022-04-20`	a year	crt.sh
bs.serving-sys.com Amazon	`2021-05-10` - `2022-06-08`	a year	crt.sh
rtactivate.com Amazon	`2021-05-13` - `2022-06-11`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-11-24` - `2022-04-26`	5 months	crt.sh
*.tremorhub.com Amazon	`2021-06-27` - `2022-07-26`	a year	crt.sh
*.agkn.com RapidSSL RSA CA 2018	`2020-07-25` - `2022-09-18`	2 years	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-11-03` - `2022-11-02`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-10-06` - `2022-11-07`	a year	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
www.sandbox.paypal.com DigiCert SHA2 Extended Validation Server CA	`2021-10-06` - `2022-03-24`	6 months	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-10` - `2023-02-10`	a year	crt.sh

This page contains 8 frames:

Primary Page: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Frame ID: 98C9A67EBB6D3D2667891009F3492287
Requests: 84 HTTP requests in this frame

Frame: https://4647326.fls.doubleclick.net/activityi;dc_pre=CMCJxeCE8_UCFfFEHQkdb_gNuA;src=4647326;type=unrefcms;cat=unrefhp;ord=2592338352340;gtm=2wg270;auiddc=1490820519.1644423995;~oref=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU
Frame ID: 328024AE384D00E6128C968353BD9419
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CMCJxeCE8_UCFfFEHQkdb_gNuA;src=4647326;type=unrefcms;cat=unrefhp;ord=2592338352340;gtm=2wg270;auiddc=1490820519.1644423995;~oref=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU
Frame ID: 10064F855FABCFFABC07D1ACC23BC9F3
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=CMCJxeCE8_UCFfFEHQkdb_gNuA;src=4647326;type=unrefcms;cat=unrefhp;ord=2592338352340;gtm=2wg270;auiddc=1490820519.1644423995;~oref=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU
Frame ID: 35BD94E0CC6636FB11A9002F0D6E81B9
Requests: 1 HTTP requests in this frame

Frame: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fwww.unrefugees.org&mid=
Frame ID: AB654066353FD3FAC670C4E90CA0E7BF
Requests: 16 HTTP requests in this frame

Frame: https://w.usabilla.com/fa5b33ed7c80.js?lv=1
Frame ID: F0834A58CFDA89D5BCE81E0133952F58
Requests: 1 HTTP requests in this frame

Frame: https://20826429p.rfihub.com/ca.html?ver=9&rb=9587&ca=20826429&_o=9587&_t=20826429&pe=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU&pf=&ra=9579623431874709
Frame ID: A7820DF0CB4BDBEA74F57C421A338888
Requests: 20 HTTP requests in this frame

Frame: https://d6tizftlrpuof.cloudfront.net/themes/production/unhcr-button-ca8fba580979f02c2694fa49ed8ef52a.png
Frame ID: 7FFBB9695E085E1131179752AC5B4F00
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

How to Help Refugees — Aid, Relief and Donations | USA for UNHCR

Page URL History Show full URLs

https://click.e.unrefugees.org/?qs=6aadaa481c587857373858e4b5a1641ed79cafe958dd5405e4ad9ddc41d2a1ee8d483a50... HTTP 302
https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campa... Page URL

Detected technologies

Plyr (Video players) Expand

Overall confidence: 100%
Detected patterns

https://cdn\.plyr\.io/([0-9.]+)/.+\.js

Google Pay (Payment processors) Expand

Overall confidence: 100%
Detected patterns

pay\.google\.com/([a-z/]+)/pay\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Sizmek (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

serving-sys\.com/

Typekit (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+use\.typekit\.(?:net|com)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

132
Requests

80 %
HTTPS

42 %
IPv6

49
Domains

66
Subdomains

53
IPs

7
Countries

3730 kB
Transfer

6644 kB
Size

48
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://give.unrefugees.org/210714core_afgmain_p_3000?utm_medium=hero&utm_source=homepage&utm_campaign=US_PS_EN_AFS___220110&utm_content=hero&SF_onetime=7011K0000022VgPQAU&SF_monthly=7011K0000022VgQQAU
Title: DONATE NOW

Search URL Search Domain Scan URL

URL: https://give.unrefugees.org/180117CORE_MAINPG_P_3000/?SF_monthly=7011K0000022YnFQAU&SF_onetime=7011K0000022YnAQAU
Title: DONATE NOW

Search URL Search Domain Scan URL

URL: https://www.facebook.com/UNREFUGEES?SF_monthly=7011K0000022YnFQAU&SF_onetime=7011K0000022YnAQAU
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/UNRefugeeAgency?SF_monthly=7011K0000022YnFQAU&SF_onetime=7011K0000022YnAQAU
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/USAforUNHCR?SF_monthly=7011K0000022YnFQAU&SF_onetime=7011K0000022YnAQAU
Title: Youtube

Search URL Search Domain Scan URL

URL: https://instagram.com/usaforunhcr?SF_monthly=7011K0000022YnFQAU&SF_onetime=7011K0000022YnAQAU
Title: Instagram

Search URL Search Domain Scan URL

URL: https://give.unrefugees.org/191101wint_mainpg_p_3000?SF_monthly=7011K0000022YnFQAU&SF_onetime=7011K0000022YnAQAU
Title: Donate >

Search URL Search Domain Scan URL

URL: https://donate.unrefugees.org/ea-action/action?ea.client.id=1873&ea.campaign.id=80364&SF_monthly=7011K0000022YnFQAU&SF_onetime=7011K0000022YnAQAU

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://click.e.unrefugees.org/?qs=6aadaa481c587857373858e4b5a1641ed79cafe958dd5405e4ad9ddc41d2a1ee8d483a5025f664be41e3087a7400ad62e1389f5b2bd88f77 HTTP 302
https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://www.unrefugees.org/media/1003/help-icon.png?width=68&height=69 HTTP 301
https://cdn.unrefugees.org/u4uweb2020/media/1003/help-icon.png?width=68&height=69

Request Chain 7

https://www.unrefugees.org/media/1021/hope-icon.png?width=91&height=68 HTTP 301
https://cdn.unrefugees.org/u4uweb2020/media/1021/hope-icon.png?width=91&height=68

Request Chain 8

https://www.unrefugees.org/media/1020/home-icon.png?width=78&height=68 HTTP 301
https://cdn.unrefugees.org/u4uweb2020/media/1020/home-icon.png?width=78&height=68

Request Chain 9

https://www.unrefugees.org/media/1029/kid.png HTTP 301
https://cdn.unrefugees.org/u4uweb2020/media/1029/kid.png

Request Chain 10

https://www.unrefugees.org/img/unhcr-visibility-horizontal-white-cmyk-v2016.svg HTTP 301
https://cdn.unrefugees.org/u4uweb2020/img/unhcr-visibility-horizontal-white-cmyk-v2016.svg

Request Chain 11

https://www.unrefugees.org/img/unhcr-visibility-horizontal-blue-cmyk-v2016.svg HTTP 301
https://cdn.unrefugees.org/u4uweb2020/img/unhcr-visibility-horizontal-blue-cmyk-v2016.svg

Request Chain 13

https://www.unrefugees.org/img/search-icon-white.png HTTP 301
https://cdn.unrefugees.org/u4uweb2020/img/search-icon-white.png

Request Chain 23

https://www.unrefugees.org/media/z2ygiun5/afg-hunger-hero-rf1191065x1440.jpg HTTP 301
https://cdn.unrefugees.org/u4uweb2020/media/z2ygiun5/afg-hunger-hero-rf1191065x1440.jpg

Request Chain 24

https://4647326.fls.doubleclick.net/activityi;src=4647326;type=unrefcms;cat=unrefhp;ord=2592338352340;gtm=2wg270;auiddc=1490820519.1644423995;~oref=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU HTTP 302
https://4647326.fls.doubleclick.net/activityi;dc_pre=CMCJxeCE8_UCFfFEHQkdb_gNuA;src=4647326;type=unrefcms;cat=unrefhp;ord=2592338352340;gtm=2wg270;auiddc=1490820519.1644423995;~oref=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU

Request Chain 31

https://ad.doubleclick.net/ddm/activity/src=4269937;type=invmedia;cat=unhcr0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=4269937;dc_pre=CO3PxeCE8_UCFYyWsgodlMAP7g;type=invmedia;cat=unhcr0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1 HTTP 302
https://adservice.google.com/ddm/fls/p/src=4269937;dc_pre=CO3PxeCE8_UCFYyWsgodlMAP7g;type=invmedia;cat=unhcr0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1;~oref=https://www.unrefugees.org/ HTTP 302
https://adservice.google.de/ddm/fls/p/src=4269937;dc_pre=CO3PxeCE8_UCFYyWsgodlMAP7g;type=invmedia;cat=unhcr0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1;~oref=https://www.unrefugees.org/

Request Chain 58

https://www.unrefugees.org/media/1734/rf294876-1200x1200.jpg HTTP 301
https://cdn.unrefugees.org/u4uweb2020/media/1734/rf294876-1200x1200.jpg

Request Chain 59

https://www.unrefugees.org/media/3292/cash-assistance_rf110467__1200x600.jpg HTTP 301
https://cdn.unrefugees.org/u4uweb2020/media/3292/cash-assistance_rf110467__1200x600.jpg

Request Chain 60

https://www.unrefugees.org/media/1953/unhcr-innovation-rf110365-1200x1200.jpg HTTP 301
https://cdn.unrefugees.org/u4uweb2020/media/1953/unhcr-innovation-rf110365-1200x1200.jpg

Request Chain 61

https://www.unrefugees.org/media/1730/rf297199-1200x1200.jpg HTTP 301
https://cdn.unrefugees.org/u4uweb2020/media/1730/rf297199-1200x1200.jpg

Request Chain 62

https://www.unrefugees.org/media/yziheh5r/majidawinter-620x468.png HTTP 301
https://cdn.unrefugees.org/u4uweb2020/media/yziheh5r/majidawinter-620x468.png

Request Chain 63

https://www.unrefugees.org/media/ew3ghhud/helmandwinterblog-620x468.png HTTP 301
https://cdn.unrefugees.org/u4uweb2020/media/ew3ghhud/helmandwinterblog-620x468.png

Request Chain 74

https://20668909p.rfihub.com/ca.gif?rb=9587&ca=20668909&ra=15960123 HTTP 302
https://r.turn.com/r/beacon?b2=2ktLc5k8nNM07yj6GA-Hrn8gtUS_nFcwtDx5qaA26AoeU_Oup029YVIprkeGvqSpoIUReErvK66MTKJfORKOtg&cid=

Request Chain 79

https://cm.g.doubleclick.net/pixel?&in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=NTEzNDQ1NTQyMDMyODQ0ODEyMg==&forward= HTTP 302
https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESELxOtcH2-wrmEXIg2GTwTOc&google_cver=1

Request Chain 80

https://ib.adnxs.com/setuid?entity=18&code=5134455420328448122 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D5134455420328448122

Request Chain 81

https://stags.bluekai.com/site/4722?id=5134455420328448122&redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fbk_uuid%3D%24_BK_UUID%26forward%3D HTTP 302
https://p.rfihub.com/cm?bk_uuid=$_BK_UUID&forward=

Request Chain 83

https://dpm.demdex.net/ibs:dpid=1121&dpuuid=5134455420328448122&redir= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5134455420328448122&redir=

Request Chain 84

https://p.rfihub.com/cm?pub=24472&in=1 HTTP 302
https://ps.eyeota.net/match?uid=5134455420328448122&bid=omt9pi0

Request Chain 87

https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=5134455420328448122&referrer=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU HTTP 302
https://p.rfihub.com/cm?pub=39342&in=0&userid=61993616-2be5-4c5a-a750-ff87930439f0%3A1644423995.66&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D61993616-2be5-4c5a-a750-ff87930439f0%253A1644423995.66 HTTP 302
https://idsync.rlcdn.com/501709.gif?partner_uid=61993616-2be5-4c5a-a750-ff87930439f0%3A1644423995.66 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm HTTP 302
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEEKkUx-x9CQ95JhkfWUHlI4&google_cver=1

Request Chain 89

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5134455420328448122&forward= HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5134455420328448122&forward=&C=1

Request Chain 92

https://sync.search.spotxchange.com/partner?adv_id=7180&uid=5134455420328448122&img=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7180&uid=5134455420328448122&img=1&__user_check__=1&sync_id=0cbd8b8b-89c5-11ec-857d-1ac857eb0106

Request Chain 96

https://x.bidswitch.net/sync?dsp_id=119&user_id=5134455420328448122&expires=30 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5134455420328448122&expires=30

Request Chain 97

https://sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D&_test=YgPrOwAE9GVBgABB HTTP 302
https://p.rfihub.com/cm?in=1&pub=21653&userid=YgPrOwAE9GVBgABB&_test=YgPrOwAE9GVBgABB

132 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.unrefugees.org/
Redirect Chain

https://click.e.unrefugees.org/?qs=6aadaa481c587857373858e4b5a1641ed79cafe958dd5405e4ad9ddc41d2a1ee8d483a5025f664be41e3087a7400ad62e1389f5b2bd88f77
https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_m...

66 KB
26 KB

1946ms
1592ms

Document
text/html

52.35.28.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.35.28.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-35-28-98.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: fee5261115f988bf5b121a1b753e0bcc4afe1dd870926c68be6d629a8433bc37

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Wed, 09 Feb 2022 16:26:34 GMT
content-type: text/html; charset=utf-8
content-length: 25984
cache-control: private
content-encoding: gzip
vary: Accept-Encoding

Redirect headers

Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://www.unrefugees.org?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Date: Wed, 09 Feb 2022 16:26:31 GMT
Connection: close
Content-Length: 362

GET
H2 200 index.css
www.unrefugees.org/css/ 187 KB
45 KB 165ms
163ms Stylesheet
text/css 52.35.28.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.unrefugees.org/css/index.css?v=4
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.35.28.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-35-28-98.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e75598ce87e63a50d9bed385cf067f9a37d958b483170d32fed8ff63fda68252

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:34 GMT
content-encoding: gzip
last-modified: Mon, 09 Nov 2020 18:08:37 GMT
etag: "51da9058c3b6d61:0"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 45317

GET
H2 200 plyr.css
www.unrefugees.org/css/ 24 KB
6 KB 161ms
159ms Stylesheet
text/css 52.35.28.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.unrefugees.org/css/plyr.css
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.35.28.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-35-28-98.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 465ecd3c27cf42a3309af6bda6e2b8c4b9cb7a78788908904e0d6761a2c3102a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:34 GMT
content-encoding: gzip
last-modified: Sat, 23 Feb 2019 20:10:20 GMT
etag: "09e7cdb3cbd41:0"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 5865

GET
H2 200 hrp3szy.css
use.typekit.net/ 7 KB
1 KB 407ms
140ms Stylesheet
text/css 2a03:5f80:a::b212:e7c0
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/hrp3szy.css

Requested by

Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:5f80:a::b212:e7c0 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),

Reverse DNS

Software

nginx /

Resource Hash

cf433967630e3b8fd9649647332e341b65937350b65ae3bfb40504cb0f905cfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
date: Wed, 09 Feb 2022 16:26:34 GMT
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1025

GET
H2 200 wforms.js Show response
www.tfaforms.com/wForms/3.11/js/ 205 KB
63 KB 449ms
199ms Script
application/javascript 18.209.73.183
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.tfaforms.com/wForms/3.11/js/wforms.js?v=1644423993
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.209.73.183 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-209-73-183.compute-1.amazonaws.com
Software: nginx /
Resource Hash: c924e4d5c75051b47649ba7b88f37f25029abcd64589cd28816325ad1a588c02

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:34 GMT
content-encoding: gzip
x-fa-app: ecs-131-212
last-modified: Tue, 08 Feb 2022 18:23:03 GMT
server: nginx
etag: W/"6202b507-33548"
content-type: application/javascript

GET
H2 200 localization-en_US.js Show response
www.tfaforms.com/wForms/3.11/js/ 6 KB
3 KB 351ms
101ms Script
application/javascript 18.209.73.183
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.tfaforms.com/wForms/3.11/js/localization-en_US.js?v=1644423993
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.209.73.183 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-209-73-183.compute-1.amazonaws.com
Software: nginx /
Resource Hash: ce6098e1afbd9b04a3051d80e7ed6951ce80e59330bc66f74df78a71b2705a2c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:34 GMT
content-encoding: gzip
x-fa-app: ecs-164-250
last-modified: Tue, 08 Feb 2022 18:03:08 GMT
server: nginx
etag: W/"6202b05c-1989"
content-type: application/javascript

GET
H2 200 iframe_message_helper_internal.js Show response
www.tfaforms.com/js/ 21 KB
8 KB 445ms
195ms Script
application/javascript 18.209.73.183
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.tfaforms.com/js/iframe_message_helper_internal.js?v=2
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.209.73.183 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-209-73-183.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 23543aaa71824cc6fee0e06935013bab69df682ebc05c606472875c9a9a932bb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:34 GMT
content-encoding: gzip
x-fa-app: ecs-150-39
last-modified: Tue, 08 Feb 2022 18:03:08 GMT
server: nginx
etag: W/"6202b05c-531d"
content-type: application/javascript

GET
H/1.1

200
OK

help-icon.png
cdn.unrefugees.org/u4uweb2020/media/1003/
Redirect Chain

https://www.unrefugees.org/media/1003/help-icon.png?width=68&height=69
https://cdn.unrefugees.org/u4uweb2020/media/1003/help-icon.png?width=68&height=69

1 KB
2 KB

136ms
8ms

Image
image/png

13.32.99.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.unrefugees.org/u4uweb2020/media/1003/help-icon.png?width=68&height=69
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: HTTP/1.1
Server: 13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-105.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 25eb1f1d3cccbbb7f019e32423d5ebcb6c8d1a10efd0cf2dcc1bcd318e1229a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-meta-local-date-modified: 131395769613233380
Date: Wed, 09 Feb 2022 05:49:24 GMT
Via: 1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
x-amz-meta-local-date-created: 132296391734840067
Last-Modified: Wed, 25 Mar 2020 19:50:49 GMT
Server: AmazonS3
Age: 38231
ETag: "98f87b9c3809ec3c2b74653634ca1810"
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
X-Amz-Cf-Pop: FRA60-P3
Accept-Ranges: bytes
Content-Length: 1204
X-Amz-Cf-Id: VHDyDM2dHwwOkDZLe1M8O5xz-cukX1AnI-KjfGZNp_eVB9GXxBZ8UA==

Redirect headers

location: https://cdn.unrefugees.org/u4uweb2020/media/1003/help-icon.png?width=68&height=69
date: Wed, 09 Feb 2022 16:26:34 GMT
cache-control: no-cache
server: Microsoft-IIS/10.0
content-length: 208
content-type: text/html; charset=UTF-8

GET
H/1.1

200
OK

hope-icon.png
cdn.unrefugees.org/u4uweb2020/media/1021/
Redirect Chain

https://www.unrefugees.org/media/1021/hope-icon.png?width=91&height=68
https://cdn.unrefugees.org/u4uweb2020/media/1021/hope-icon.png?width=91&height=68

3 KB
4 KB

9ms
9ms

Image
image/png

13.32.99.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.unrefugees.org/u4uweb2020/media/1021/hope-icon.png?width=91&height=68
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: HTTP/1.1
Server: 13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-105.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ffeab3a1d59ae10875aae8b0ac7b8a4c74012f6bc36abe3fb620eaa9636f8f84

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-meta-local-date-modified: 131401046765185801
Date: Wed, 09 Feb 2022 06:59:24 GMT
Via: 1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
x-amz-meta-local-date-created: 132296391738050127
Last-Modified: Wed, 25 Mar 2020 19:51:04 GMT
Server: AmazonS3
Age: 34031
ETag: "8d17845cbf07cc756bca20d86cb033c9"
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
X-Amz-Cf-Pop: FRA60-P3
Accept-Ranges: bytes
Content-Length: 3240
X-Amz-Cf-Id: WdHXc6fGbUDu6ykK4Lv7UgeBYDW-19U7IF-7ZdVk44j_qMCm4QU1-A==

Redirect headers

location: https://cdn.unrefugees.org/u4uweb2020/media/1021/hope-icon.png?width=91&height=68
date: Wed, 09 Feb 2022 16:26:34 GMT
cache-control: no-cache
server: Microsoft-IIS/10.0
content-length: 208
content-type: text/html; charset=UTF-8

GET
H/1.1

200
OK

home-icon.png
cdn.unrefugees.org/u4uweb2020/media/1020/
Redirect Chain

https://www.unrefugees.org/media/1020/home-icon.png?width=78&height=68
https://cdn.unrefugees.org/u4uweb2020/media/1020/home-icon.png?width=78&height=68

3 KB
3 KB

27ms
8ms

Image
image/png

13.32.99.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.unrefugees.org/u4uweb2020/media/1020/home-icon.png?width=78&height=68
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: HTTP/1.1
Server: 13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-105.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9edac5450266edb6ba2574395f8d447ad0e27942e35f79c5d6aa2a4b7ea4eb88

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-meta-local-date-modified: 131401046722381976
Date: Tue, 08 Feb 2022 22:26:47 GMT
Via: 1.1 319f376925908156190f5fc160137b42.cloudfront.net (CloudFront)
Last-Modified: Wed, 25 Mar 2020 19:51:03 GMT
Server: AmazonS3
Age: 64788
ETag: "34ba571c665fa2cc741a9f33f4c664e8"
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Pop: FRA60-P3
x-amz-meta-local-date-created: 132296391737810125
Content-Length: 2628
X-Amz-Cf-Id: iGWCXWVQx31v4rpSwHwC18UeAmhKvmflHYlQOhDdBAbQM-UpZRHLmg==

Redirect headers

location: https://cdn.unrefugees.org/u4uweb2020/media/1020/home-icon.png?width=78&height=68
date: Wed, 09 Feb 2022 16:26:34 GMT
cache-control: no-cache
server: Microsoft-IIS/10.0
content-length: 208
content-type: text/html; charset=UTF-8

GET
H/1.1

200
OK

kid.png
cdn.unrefugees.org/u4uweb2020/media/1029/
Redirect Chain

https://www.unrefugees.org/media/1029/kid.png
https://cdn.unrefugees.org/u4uweb2020/media/1029/kid.png

46 KB
46 KB

33ms
14ms

Image
image/png

13.32.99.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.unrefugees.org/u4uweb2020/media/1029/kid.png
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: HTTP/1.1
Server: 13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-105.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6e999e3af5a4c58ac36f37d566a9c23f9ff35d83a0240c66bf9deab84012fa47

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-meta-local-date-modified: 131406311689821409
Date: Wed, 09 Feb 2022 05:20:35 GMT
Via: 1.1 d63ea68c8b7458d49fe25f66ef7f0a5e.cloudfront.net (CloudFront)
Last-Modified: Wed, 25 Mar 2020 19:51:12 GMT
Server: AmazonS3
Age: 39960
ETag: "ce75f90bd0a7c523c4e953a47ccdb052"
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Pop: FRA60-P3
x-amz-meta-local-date-created: 132296391740079964
Content-Length: 46864
X-Amz-Cf-Id: qI8XBblFOORwuX09OSkhyZc5HbOmyfsqA1KgzWNA0w-MjurbVhNrWg==

Redirect headers

location: https://cdn.unrefugees.org/u4uweb2020/media/1029/kid.png
date: Wed, 09 Feb 2022 16:26:34 GMT
cache-control: no-cache
server: Microsoft-IIS/10.0
content-length: 179
content-type: text/html; charset=UTF-8

GET
H/1.1

200
OK

unhcr-visibility-horizontal-white-cmyk-v2016.svg
cdn.unrefugees.org/u4uweb2020/img/
Redirect Chain

https://www.unrefugees.org/img/unhcr-visibility-horizontal-white-cmyk-v2016.svg
https://cdn.unrefugees.org/u4uweb2020/img/unhcr-visibility-horizontal-white-cmyk-v2016.svg

12 KB
5 KB

27ms
8ms

Image
image/svg+xml

13.32.99.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.unrefugees.org/u4uweb2020/img/unhcr-visibility-horizontal-white-cmyk-v2016.svg
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: HTTP/1.1
Server: 13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-105.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6bfbae61daf6218548d35bd824d5299e6f0517f156050c302ddd83fa0e8abdc8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 09 Feb 2022 03:56:30 GMT
Content-Encoding: gzip
Age: 45005
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
x-amz-meta-local-date-created: 132296392572169450
x-amz-meta-local-date-modified: 131539295639031921
Last-Modified: Thu, 04 Jun 2020 18:07:00 GMT
Server: AmazonS3
ETag: W/"589ecfd0bcfdf4d702240ce70983f8fe"
Vary: Accept-Encoding
Content-Type: image/svg+xml
Via: 1.1 372875ad1ec20daf24f3f29f14a73cd0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
X-Amz-Cf-Id: 1dOumXVb93d-TSTOYnszT4nW71dqxb7h39ZMjXAkA7N1tVrk39ClAQ==

Redirect headers

location: https://cdn.unrefugees.org/u4uweb2020/img/unhcr-visibility-horizontal-white-cmyk-v2016.svg
date: Wed, 09 Feb 2022 16:26:34 GMT
cache-control: no-cache
server: Microsoft-IIS/10.0
content-length: 213
content-type: text/html; charset=UTF-8

GET
H/1.1

200
OK

unhcr-visibility-horizontal-blue-cmyk-v2016.svg
cdn.unrefugees.org/u4uweb2020/img/
Redirect Chain

https://www.unrefugees.org/img/unhcr-visibility-horizontal-blue-cmyk-v2016.svg
https://cdn.unrefugees.org/u4uweb2020/img/unhcr-visibility-horizontal-blue-cmyk-v2016.svg

12 KB
5 KB

25ms
8ms

Image
image/svg+xml

13.32.99.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.unrefugees.org/u4uweb2020/img/unhcr-visibility-horizontal-blue-cmyk-v2016.svg
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: HTTP/1.1
Server: 13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-105.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e9027cbc9f2efbff37e09740f41c16a1ffd89eae8f1555f6a5955d3198d9c31d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 09 Feb 2022 04:52:36 GMT
Content-Encoding: gzip
Age: 41639
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
x-amz-meta-local-date-created: 132296392572149491
x-amz-meta-local-date-modified: 131539295413995338
Last-Modified: Thu, 04 Jun 2020 18:06:29 GMT
Server: AmazonS3
ETag: W/"e2c31e589985c6c3dab41cf627244301"
Vary: Accept-Encoding
Content-Type: image/svg+xml
Via: 1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
X-Amz-Cf-Id: Eahi3GWF8T7wkR2zlSjPn5zFwy8QGuOAAZjcSNZbz3kGmf5hSqSwuw==

Redirect headers

location: https://cdn.unrefugees.org/u4uweb2020/img/unhcr-visibility-horizontal-blue-cmyk-v2016.svg
date: Wed, 09 Feb 2022 16:26:34 GMT
cache-control: no-cache
server: Microsoft-IIS/10.0
content-length: 212
content-type: text/html; charset=UTF-8

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 280 KB
82 KB 89ms
63ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-XT4L

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d3a35f1db89ef3b3ad3fbc86d2f8b5364493585607081d4061f4c584bb3fde3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:34 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 83178
x-xss-protection: 0
last-modified: Wed, 09 Feb 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 09 Feb 2022 16:26:34 GMT

GET
H/1.1

200
OK

search-icon-white.png
cdn.unrefugees.org/u4uweb2020/img/
Redirect Chain

https://www.unrefugees.org/img/search-icon-white.png
https://cdn.unrefugees.org/u4uweb2020/img/search-icon-white.png

1 KB
2 KB

27ms
8ms

Image
image/png

13.32.99.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.unrefugees.org/u4uweb2020/img/search-icon-white.png
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: HTTP/1.1
Server: 13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-105.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cc41b89e82e346d38089fb2b430ff6c1864aa655f0c5003abc35d45d8b7bb1f0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-meta-local-date-modified: 132267732062509912
Date: Tue, 08 Feb 2022 20:33:58 GMT
Via: 1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
Last-Modified: Wed, 25 Mar 2020 20:14:47 GMT
Server: AmazonS3
Age: 71557
ETag: "799989474245d817e252ae409682a467"
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Pop: FRA60-P3
x-amz-meta-local-date-created: 132296392572099450
Content-Length: 1477
X-Amz-Cf-Id: Sw4MKygsEec71m7Yw5dD-8i7zZnCWlw6t3f_AxNdr5AQeDdaHjJ1bw==

Redirect headers

location: https://cdn.unrefugees.org/u4uweb2020/img/search-icon-white.png
date: Wed, 09 Feb 2022 16:26:34 GMT
cache-control: no-cache
server: Microsoft-IIS/10.0
content-length: 186
content-type: text/html; charset=UTF-8

GET
H2 200 jquery-3.4.1.min.js Show response
code.jquery.com/ 86 KB
30 KB 63ms
21ms Script
application/javascript 2001:4de0:ac18::1:a:1b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.4.1.min.js
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:1b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Request headers

Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Origin: https://www.unrefugees.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:34 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-15851"
vary: Accept-Encoding
x-hw: 1644423994.dop023.ml1.t,1644423994.cds213.ml1.hn,1644423994.cds019.ml1.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30638

GET
H2 200 plyr.js Show response
cdn.plyr.io/3.5.2/ 111 KB
32 KB 121ms
50ms Script
application/javascript 2606:4700:3038::6815:e9dd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.plyr.io/3.5.2/plyr.js
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3038::6815:e9dd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8608c7129a24079dd332403d0aef583dcefdf0bfc02914d626a6559a3ac049ad

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:34 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9190823
cf-polished: origSize=113855
x-cache: HIT, HIT
x-cache-hits: 1, 1
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: TZRW07NHA7HDTQRF
x-amz-id-2: 0qccXalry3H9NUZk5iINdmb9FQHElfmnxeKLy7LVwAVig3i9Gki/t70YUD6pD2bnXZIP6sxx1i0=
x-served-by: cache-dca12921-DCA, cache-lcy19275-LCY
last-modified: Sun, 24 Feb 2019 01:08:29 GMT
server: cloudflare
x-timer: S1635233171.217872,VS0,VE1
etag: W/"26d009457000af80d7306229fc132b15"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KeIO%2B5XsDjdSkSDe7Mrbp4tDhq8%2B%2FHc344NQqXt%2F2efgFEKp6khTEyrT2pDN8Jb3fvvN8hsFVjWowUClqcgXjbz8Cn5y4gbhG4HEBpkAYhDQkORPyhjy5XL95dyLEYnfV8yyMNqQkegqEA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Date, Cache-Control, Content-Type, Accept, Origin, Accept
cache-control: max-age=31536000
cf-ray: 6dae75ce783d0026-LHR
cf-bgj: minify

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 850 B
966 B 43ms
18ms Script
text/javascript 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4e74f30aab7e2ab9f2cd2a85f86eba31c7a3c43ccd0cd363d54e7c1590737633

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 553
x-xss-protection: 1; mode=block
expires: Wed, 09 Feb 2022 16:26:34 GMT

GET
H2 200 js Show response
www.paypal.com/sdk/ 318 KB
98 KB 51ms
10ms Script
application/javascript 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AXR8B71wtnEZHnlsTiphl1IRoxz4ZCoV5P4_FBhZeyaRBbGZXlD1_VE1c9hd2asTUQGyWBo7nyZo-_Mi&vault=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d55cd9131676d4923270ebe7fccb46bbd0f7eba44afc226216746a733c29db97

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-v8BpWnBvlQa34y0D7sGzUHqBcFOu7iSJ7D6aSNqvAphpjMmj' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-v8BpWnBvlQa34y0D7sGzUHqBcFOu7iSJ7D6aSNqvAphpjMmj' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-v8BpWnBvlQa34y0D7sGzUHqBcFOu7iSJ7D6aSNqvAphpjMmj' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-v8BpWnBvlQa34y0D7sGzUHqBcFOu7iSJ7D6aSNqvAphpjMmj' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
age: 5831
via: 1.1 varnish
x-cache: HIT
p3p: true
paypal-debug-id: f556767abd62a
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 98932
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4068-HHN
x-timer: S1644423995.594136,VS0,VE3
x-frame-options: SAMEORIGIN
date: Wed, 09 Feb 2022 16:26:34 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=10800
etag: W/"18274-gELWNS8AUEYLY7S6DWcKU/Rap84"
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 checkout.js Show response
static-na.payments-amazon.com/ 70 KB
19 KB 33ms
8ms Script
application/javascript 18.66.112.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static-na.payments-amazon.com/checkout.js
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-6.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dfedadffda8019e48ebb1eec7f7302dad8e418c42f8cbb66f90e31a5f097b043

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: FjMmaE8Yr.gX2Vd34RhWPBqwzQW9UkB5
content-encoding: br
last-modified: Tue, 25 Jan 2022 11:12:27 GMT
server: AmazonS3
age: 112
etag: W/"856520aaafd540f4105e0274abb1b18c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 0afa2d721972ae312ad1dd54e47c43ca.cloudfront.net (CloudFront)
cache-control: max-age=1200,public
date: Wed, 09 Feb 2022 16:24:43 GMT
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: HfkWMww7UuwpTxVp-yPIVqpLcsCv-qKnwkFAaBX5WUTpyO2AGGBAUw==

GET
H2 200 project.min.js Show response
www.unrefugees.org/scripts/lib/ 832 KB
695 KB 314ms
313ms Script
application/javascript 52.35.28.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.unrefugees.org/scripts/lib/project.min.js?v=5
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.35.28.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-35-28-98.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 58b1c5188f3f612e010e0c548763600ff7391f70ca402bba5c1e64b56f410b70

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:34 GMT
content-encoding: gzip
last-modified: Mon, 18 Oct 2021 15:54:39 GMT
accept-ranges: bytes
etag: "d12b447538c4d71:0"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 pay.js Show response
pay.google.com/gp/p/js/ 95 KB
31 KB 130ms
64ms Script
application/javascript 2a00:1450:400c:c04::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/js/pay.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::5c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a90a37b16f59cad1391c47c105c2b80d3691fc5c7608f05c607b0b1d576beb8a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-XRFXYnaEjHR0dLMlQDaoMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-XRFXYnaEjHR0dLMlQDaoMg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private, max-age=600
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'report-sample' 'nonce-XRFXYnaEjHR0dLMlQDaoMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-XRFXYnaEjHR0dLMlQDaoMg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Wed, 09 Feb 2022 16:26:34 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 30ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-XT4L

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 1302
date: Wed, 09 Feb 2022 16:04:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 09 Feb 2022 18:04:52 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 62ms
40ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-XT4L

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

cafe /

Resource Hash

63158f73aa9f4d442cf349762c6beac9fcf35c14c3376888e728164acfde3b86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14855
x-xss-protection: 0
server: cafe
etag: 17539559064140624452
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 09 Feb 2022 16:26:34 GMT

GET
H/1.1

200
OK

afg-hunger-hero-rf1191065x1440.jpg
cdn.unrefugees.org/u4uweb2020/media/z2ygiun5/
Redirect Chain

https://www.unrefugees.org/media/z2ygiun5/afg-hunger-hero-rf1191065x1440.jpg
https://cdn.unrefugees.org/u4uweb2020/media/z2ygiun5/afg-hunger-hero-rf1191065x1440.jpg

151 KB
152 KB

11ms
8ms

Image
image/jpeg

13.32.99.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.unrefugees.org/u4uweb2020/media/z2ygiun5/afg-hunger-hero-rf1191065x1440.jpg
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: HTTP/1.1
Server: 13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-105.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 65e90b740fdb2583cfb936a595677e199e81061439dc0f8485b76989fb98b4ae

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-meta-local-date-modified: 132860384222043668
Date: Tue, 08 Feb 2022 19:15:57 GMT
Via: 1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
Last-Modified: Fri, 07 Jan 2022 14:18:42 GMT
Server: AmazonS3
Age: 76238
ETag: "3bac985f36362bb6b00b1517139db526"
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Pop: FRA60-P3
x-amz-meta-local-date-created: 132860384222043668
Content-Length: 155036
X-Amz-Cf-Id: 2P_dJZ3FK51-RzSV9G1FkOgBcZ9vI-91-MDV-gY3YWFb5ts1wmFZlw==

Redirect headers

location: https://cdn.unrefugees.org/u4uweb2020/media/z2ygiun5/afg-hunger-hero-rf1191065x1440.jpg
date: Wed, 09 Feb 2022 16:26:34 GMT
cache-control: no-cache
server: Microsoft-IIS/10.0
content-length: 210
content-type: text/html; charset=UTF-8

GET
H3

200

activityi;dc_pre=CMCJxeCE8_UCFfFEHQkdb_gNuA;src=4647326;type=unrefcms;cat=unrefhp;ord=2592338352340;gtm=2wg270;auiddc=1490820519.1644423995;~oref=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3D... Show response
4647326.fls.doubleclick.net/ Frame 3280
Redirect Chain

https://4647326.fls.doubleclick.net/activityi;src=4647326;type=unrefcms;cat=unrefhp;ord=2592338352340;gtm=2wg270;auiddc=1490820519.1644423995;~oref=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%...
https://4647326.fls.doubleclick.net/activityi;dc_pre=CMCJxeCE8_UCFfFEHQkdb_gNuA;src=4647326;type=unrefcms;cat=unrefhp;ord=2592338352340;gtm=2wg270;auiddc=1490820519.1644423995;~oref=https%3A%2F%2Fw...

709 B
544 B

41ms
25ms

Document
text/html

142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4647326.fls.doubleclick.net/activityi;dc_pre=CMCJxeCE8_UCFfFEHQkdb_gNuA;src=4647326;type=unrefcms;cat=unrefhp;ord=2592338352340;gtm=2wg270;auiddc=1490820519.1644423995;~oref=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-XT4L

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

3d28231f9ef22d1dda3eda53efba92cebd5a9f34a7d311282bb580751e1dda7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 09 Feb 2022 16:26:34 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 519
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 09 Feb 2022 16:26:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://4647326.fls.doubleclick.net/activityi;dc_pre=CMCJxeCE8_UCFfFEHQkdb_gNuA;src=4647326;type=unrefcms;cat=unrefhp;ord=2592338352340;gtm=2wg270;auiddc=1490820519.1644423995;~oref=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 bat.js Show response
bat.bing.com/ 36 KB
11 KB 50ms
33ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-XT4L
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: dfed159907574337d5a3198b898e17e6f0d6c5c325d8ee2fd2343b7cddb34994

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:33 GMT
content-encoding: gzip
last-modified: Fri, 03 Dec 2021 01:53:50 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A9085A78F0EB4BF383B777FD51FCCFD2 Ref B: FRAEDGE1318 Ref C: 2022-02-09T16:26:34Z
etag: "0cb09ee8e7d71:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 10468

GET
H2 200 aquant.js Show response
secure.quantserve.com/ 24 KB
10 KB 48ms
9ms Script
application/javascript 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/aquant.js?a=p-SLcBYqRUU3yLq
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: b236dccee1a0d5280842bdff52b4005e2b0c9ee5d74a15db3e939c53306576d3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:34 GMT
content-encoding: gzip
etag: "yoD6mq4JTyPdtDBolW+GUg=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Wed, 16 Feb 2022 16:26:34 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
26 KB 23ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 26236
x-xss-protection: 0
pragma: public
x-fb-debug: 8XVcQ5/YrwlTfRbZDG5JPayDbSLXjWgkLeWi/2niVKgrKjEw8JZKuOOX5Ilm5++sm9gqF4Uvu/11FkZr1GWE4w==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Wed, 09 Feb 2022 16:26:34 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK tv2track.js Show response
collector-3219.tvsquared.com/ 20 KB
9 KB 447ms
108ms Script
application/javascript 3.20.2.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-3219.tvsquared.com/tv2track.js
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.20.2.247 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-20-2-247.us-east-2.compute.amazonaws.com
Software: nginx /
Resource Hash: a463aa6666ce0abcabf8033013cfe881fdbfb570389aff471d400a45b3a496d4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 09 Feb 2022 16:26:35 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Feb 2022 15:32:34 GMT
Server: nginx
ETag: "61fbf592-2133"
Content-Type: application/javascript
Cache-Control: max-age=600
Connection: keep-alive
X-Robots-Tag: noindex
Content-Length: 8499
Expires: Wed, 09 Feb 2022 16:36:35 GMT

GET
H2 200 ytc.js Show response
s.yimg.com/wi/ 15 KB
6 KB 77ms
22ms Script
application/javascript 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/ytc.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

10354e9bc6b485028971a1f58fccff5c89d722db324d42bc07963aab24ebb956

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Wed, 09 Feb 2022 16:17:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 539
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
content-length: 5748
x-amz-id-2: g0IJXcBpjG3fvs7+catSJGK8Wy/3m56iMli1dpMqp5pD2PTTLyDbz/FjTplgOFUOmGShCsAm/88=
referrer-policy: no-referrer-when-downgrade
x-amz-expiration: expiry-date="Wed, 22 Feb 2023 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified: Mon, 17 Jan 2022 12:00:39 GMT
server: ATS
etag: "13a189bb8f25228852b3279db3659c28-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: JRYTWMB537G5CWDY
x-xss-protection: 1; mode=block
cache-control: public,max-age=3600
x-amz-version-id: pAIvW1wzOXi43b8v53GVflu.j8ZqoXS3
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 everflow.js Show response
www.tp88trk.com/scripts/sdk/ 58 KB
18 KB 133ms
109ms Script
text/javascript 35.190.72.228
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.tp88trk.com/scripts/sdk/everflow.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-XT4L
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.72.228 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 228.72.190.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 4d309da2d949bae921ce9aed5bdf4a3a573ad19b65d68b0a26019099942134b6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:34 GMT
via: 1.1 google
server: nginx
vary: Origin
content-type: text/javascript
content-encoding: gzip
cache-control: max-age=14400
x-eflow-request-id: 8d8fbcda-f61e-425d-a3e3-aee5c9dff884
alt-svc: clear

GET
H2

200

/
adservice.google.de/ddm/fls/p/src=4269937;dc_pre=CO3PxeCE8_UCFYyWsgodlMAP7g;type=invmedia;cat=unhcr0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1;~oref=https://www.unrefugees...
Redirect Chain

https://ad.doubleclick.net/ddm/activity/src=4269937;type=invmedia;cat=unhcr0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?
https://ad.doubleclick.net/ddm/activity/src=4269937;dc_pre=CO3PxeCE8_UCFYyWsgodlMAP7g;type=invmedia;cat=unhcr0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?
https://adservice.google.com/ddm/fls/p/src=4269937;dc_pre=CO3PxeCE8_UCFYyWsgodlMAP7g;type=invmedia;cat=unhcr0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1;~oref=https://www.u...
https://adservice.google.de/ddm/fls/p/src=4269937;dc_pre=CO3PxeCE8_UCFYyWsgodlMAP7g;type=invmedia;cat=unhcr0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1;~oref=https://www.un...

42 B
737 B

65ms
43ms

Image
image/gif

2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.de/ddm/fls/p/src=4269937;dc_pre=CO3PxeCE8_UCFYyWsgodlMAP7g;type=invmedia;cat=unhcr0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1;~oref=https://www.unrefugees.org/

Requested by

Protocol

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Feb 2022 16:26:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 09 Feb 2022 16:26:34 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/html; charset=UTF-8
location: https://adservice.google.de/ddm/fls/p/src=4269937;dc_pre=CO3PxeCE8_UCFYyWsgodlMAP7g;type=invmedia;cat=unhcr0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1;~oref=https://www.unrefugees.org/
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
444 B 59ms
19ms XHR
text/plain 2a00:1450:400c:c07::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-1473340-18&cid=589410312.1644423995&jid=585389278&gjid=2100806118&_gid=1788208001.1644423995&_u=YGBAiAABBAAAAE~&z=2084062023

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.unrefugees.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 09 Feb 2022 16:26:34 GMT
content-type: text/plain
access-control-allow-origin: https://www.unrefugees.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 53ms
19ms XHR
text/plain 2a00:1450:400c:c07::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-3754388-9&cid=589410312.1644423995&jid=554286023&gjid=1822451941&_gid=1788208001.1644423995&_u=YGDAiAABBAAAAE~&z=2007893619

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.unrefugees.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 09 Feb 2022 16:26:34 GMT
content-type: text/plain
access-control-allow-origin: https://www.unrefugees.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 9ms
8ms Image
image/gif 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=750576586&t=pageview&_s=1&dl=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU&ul=en-us&de=UTF-8&dt=How%20to%20Help%20Refugees%20%E2%80%94%20Aid%2C%20Relief%20and%20Donations%20%7C%20USA%20for%20UNHCR&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAiAABB~&jid=585389278&gjid=2100806118&cid=589410312.1644423995&tid=UA-1473340-18&_gid=1788208001.1644423995&gtm=2wg270XT4L&cd3=USA&z=1249904444

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Feb 2022 21:53:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 66766
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
91 B 9ms
8ms Image
image/gif 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=750576586&t=pageview&_s=1&dl=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU&ul=en-us&de=UTF-8&dt=How%20to%20Help%20Refugees%20%E2%80%94%20Aid%2C%20Relief%20and%20Donations%20%7C%20USA%20for%20UNHCR&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDAiAABBAAAAE~&jid=554286023&gjid=1822451941&cid=589410312.1644423995&tid=UA-3754388-9&_gid=1788208001.1644423995&gtm=2wg270XT4L&cd1=7011K0000022YnAQAU&cd2=7011K0000022YnFQAU&z=823240919

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Feb 2022 21:53:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 66766
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 363860773806760 Show response
connect.facebook.net/signals/config/ 307 KB
88 KB 64ms
64ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/363860773806760?v=2.9.52&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

809e7747623ab9ba5cab02ec3efeaff9a5e5373be0b0c550e7e186f6f072319c

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: xKzH0mRBM6vqtuBgoXJpHvLSWb/EzGYUBxuCINK+sCy9IsEKnmyhXyo84oQt8HIHSfGW20GPp4jNuzm4XeiAkQ==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Wed, 09 Feb 2022 16:26:34 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/957115417/ 3 KB
2 KB 46ms
24ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/957115417/?random=1644423994747&cv=9&fst=1644423994747&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg270&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU&tiba=How%20to%20Help%20Refugees%20%E2%80%94%20Aid%2C%20Relief%20and%20Donations%20%7C%20USA%20for%20UNHCR&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fe8f1d182e47ae6bd7e9068d96091065be45050baa44cc128f09e9ff5dc0fc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Feb 2022 16:26:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1193
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rules-p-SLcBYqRUU3yLq.js Show response
rules.quantcount.com/ 1 KB
1 KB 57ms
7ms Script
application/javascript 2600:9000:223c:cc00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-SLcBYqRUU3yLq.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/aquant.js?a=p-SLcBYqRUU3yLq
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:cc00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: abb49f99cde4315e7ad50087b6a1888b1d6e0db45625f351904fac2b1879ecf7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 15:49:49 GMT
content-encoding: gzip
age: 3113
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
last-modified: Mon, 10 Apr 2017 23:36:03 GMT
server: AmazonS3
etag: W/"0f8ea059094652069af02158b35f2356"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 2af4ee189e50805a67bd62bbd51ad0dc.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: -QrHKz6vbhODINEUd0YxkEWf9kqUrmfFEbPG_MBCMqGz6TktutXmqw==

GET
H2 204 5612726.js Show response
bat.bing.com/p/action/ 0
116 B 236ms
236ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/p/action/5612726.js
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 09 Feb 2022 16:26:34 GMT
cache-control: private,max-age=1800
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 41704632CBAE4427BB815C213F5E25B6 Ref B: FRAEDGE1318 Ref C: 2022-02-09T16:26:34Z
x-cache: CONFIG_NOCACHE

GET
H2 200 10095779.json Show response
s.yimg.com/wi/config/ 46 B
683 B 65ms
22ms XHR
application/octet-stream 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/config/10095779.json

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

81f701abbdb3dcd7318338357add41af96a3b776549dc928c4703cf1cf9f2ffe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 15:54:39 GMT
x-content-type-options: nosniff
age: 1916
x-amz-server-side-encryption: AES256
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id: GG3RATTP3HBV1DX8
x-amz-id-2: AO1iQ7Sjp08PvHD8D23j0I43xvd71HIc5CHaS1oI4b2RdtVquJDDF+9FIuulTHBuPCQEFnw4pHU=
accept-ranges: bytes
referrer-policy: no-referrer-when-downgrade
x-amz-expiration: expiry-date="Sun, 04 Sep 2022 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified: Fri, 30 Jul 2021 20:49:06 GMT
server: ATS
etag: "ca96ec3516187adbafe0fb0d4f2e4932"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
access-control-allow-methods: GET
x-amz-version-id: A6WkUtqwqovvPfHbvCBjlnyQPLaVaalT
access-control-allow-origin: *
x-xss-protection: 1; mode=block
content-length: 46
content-type: application/octet-stream

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 50ms
32ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-1473340-18&cid=589410312.1644423995&jid=585389278&_u=YGBAiAABBAAAAE~&z=1049218175

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Feb 2022 16:26:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 60ms
35ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-1473340-18&cid=589410312.1644423995&jid=585389278&_u=YGBAiAABBAAAAE~&z=1049218175

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Feb 2022 16:26:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 52ms
34ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3754388-9&cid=589410312.1644423995&jid=554286023&_u=YGDAiAABBAAAAE~&z=1827398383

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Feb 2022 16:26:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 59ms
34ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3754388-9&cid=589410312.1644423995&jid=554286023&_u=YGDAiAABBAAAAE~&z=1827398383

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Feb 2022 16:26:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/957115417/ 42 B
64 B 35ms
26ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/957115417/?random=1644423994747&cv=9&fst=1644422400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg270&sendb=1&frm=0&url=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU&tiba=How%20to%20Help%20Refugees%20%E2%80%94%20Aid%2C%20Relief%20and%20Donations%20%7C%20USA%20for%20UNHCR&async=1&fmt=3&is_vtc=1&random=3184750869&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Feb 2022 16:26:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/957115417/ 42 B
548 B 41ms
25ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/957115417/?random=1644423994747&cv=9&fst=1644422400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg270&sendb=1&frm=0&url=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU&tiba=How%20to%20Help%20Refugees%20%E2%80%94%20Aid%2C%20Relief%20and%20Donations%20%7C%20USA%20for%20UNHCR&async=1&fmt=3&is_vtc=1&random=3184750869&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Feb 2022 16:26:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel;r=1121017287;labels=_fp.event.Homepage;rf=0;a=p-SLcBYqRUU3yLq;url=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campa...
pixel.quantserve.com/ 35 B
371 B 27ms
12ms Image
image/gif 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1121017287;labels=_fp.event.Homepage;rf=0;a=p-SLcBYqRUU3yLq;url=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU;uht=2;fpan=1;fpa=P0-47956794-1644423994819;pbc=;ns=0;ce=1;qjs=1;qv=b4915a16-20220201183321;cm=;gdpr=0;ref=;d=unrefugees.org;je=0;sr=1600x1200x24;dst=0;et=1644423994818;tzo=0;ogl=title.How%20to%20Help%20Refugees%20%E2%80%94%20Aid%252C%20Relief%20and%20Donations%20%7C%20USA%20for%20UNHCR%2Ctype.website%2Curl.https%3A%2F%2Fwww%252Eunrefugees%252Eorg%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_sour%2Cimage.https%3A%2F%2Fwww%252Eunrefugees%252Eorg%2Fmedia%2F1884%2Fusa-for-unhcr-helping-refugees-rf237115-12%2Cdescription.USA%20for%20UNHCR%20helps%20to%20save%252C%20protect%20and%20rebuild%20the%20lives%20of%20millions%20of%20refuge

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Feb 2022 16:26:34 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 dc_pre=CMCJxeCE8_UCFfFEHQkdb_gNuA;src=4647326;type=unrefcms;cat=unrefhp;ord=2592338352340;gtm=2wg270;auiddc=1490820519.1644423995;~oref=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26ut... Show response
adservice.google.com/ddm/fls/i/ Frame 1006 708 B
590 B 69ms
47ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CMCJxeCE8_UCFfFEHQkdb_gNuA;src=4647326;type=unrefcms;cat=unrefhp;ord=2592338352340;gtm=2wg270;auiddc=1490820519.1644423995;~oref=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU

Requested by

Host: 4647326.fls.doubleclick.net
URL: https://4647326.fls.doubleclick.net/activityi;dc_pre=CMCJxeCE8_UCFfFEHQkdb_gNuA;src=4647326;type=unrefcms;cat=unrefhp;ord=2592338352340;gtm=2wg270;auiddc=1490820519.1644423995;~oref=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee9c9d2a2b78f7f91df184e055f4a530db5430b87e6d14f23760af76020e32ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://4647326.fls.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 09 Feb 2022 16:26:34 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 516
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 /
www.facebook.com/tr/ 44 B
406 B 24ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=363860773806760&ev=PageView&dl=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU&rl=&if=false&ts=1644423994855&sw=1600&sh=1200&v=2.9.52&r=stable&ec=0&o=30&fbp=fb.1.1644423994853.1225467834&it=1644423994742&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:34 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Wed, 09 Feb 2022 16:26:34 GMT

GET
H2 200 sp.pl
sp.analytics.yahoo.com/ 43 B
715 B 105ms
31ms Image
image/gif 212.82.100.181
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/sp.pl?a=10000&d=Wed%2C%2009%20Feb%202022%2016%3A26%3A34%20GMT&n=0&b=How%20to%20Help%20Refugees%20%E2%80%94%20Aid%2C%20Relief%20and%20Donations%20%7C%20USA%20for%20UNHCR&.yp=10095779&f=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU&enc=UTF-8&yv=1.12.0&tagmgr=gtm

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.181 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

spdc.pbp.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Feb 2022 16:26:34 GMT
x-content-type-options: nosniff
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 43
referrer-policy: strict-origin-when-cross-origin
expires: Wed, 09 Feb 2022 16:26:34 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
983 B 40ms
16ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Kalam|Lato&display=swap

Requested by

Host: www.unrefugees.org
URL: https://www.unrefugees.org/css/index.css?v=4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e9a096ea993d41984504d287daa350470a8d4127016369c337d4b593f7268883

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 09 Feb 2022 16:26:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 09 Feb 2022 16:26:34 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 09 Feb 2022 16:26:34 GMT

GET
H2 200 dc_pre=CMCJxeCE8_UCFfFEHQkdb_gNuA;src=4647326;type=unrefcms;cat=unrefhp;ord=2592338352340;gtm=2wg270;auiddc=1490820519.1644423995;~oref=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26ut... Show response
adservice.google.de/ddm/fls/i/ Frame 35BD 194 B
306 B 53ms
48ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/dc_pre=CMCJxeCE8_UCFfFEHQkdb_gNuA;src=4647326;type=unrefcms;cat=unrefhp;ord=2592338352340;gtm=2wg270;auiddc=1490820519.1644423995;~oref=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CMCJxeCE8_UCFfFEHQkdb_gNuA;src=4647326;type=unrefcms;cat=unrefhp;ord=2592338352340;gtm=2wg270;auiddc=1490820519.1644423995;~oref=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://adservice.google.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 09 Feb 2022 16:26:34 GMT
expires: Wed, 09 Feb 2022 16:26:34 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 177
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v22/ 23 KB
24 KB 29ms
7ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Kalam|Lato&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.unrefugees.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 19:30:55 GMT
x-content-type-options: nosniff
age: 593739
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23580
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:14:03 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 02 Feb 2023 19:30:55 GMT

GET
H2 200 p.css
p.typekit.net/ 5 B
181 B 98ms
83ms Stylesheet
text/css 2a03:5f80:a::b212:e7c0
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=hrp3szy&ht=tk&f=139.140.171.173.174.175.176.15701.15703.15705.15708&a=1630018&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/hrp3szy.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7c0 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://use.typekit.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:35 GMT
last-modified: Fri, 10 Sep 2021 23:46:21 GMT
server: nginx
etag: "613bee4d-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 l
use.typekit.net/af/180254/00000000000000000001522c/27/ 45 KB
45 KB 345ms
94ms Font
application/font-woff2 2a03:5f80:a::b212:e7c0
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/180254/00000000000000000001522c/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/hrp3szy.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7c0 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: nginx /
Resource Hash: 947400cb0578d5d44becd19f25d99de0e786a8f7e251ffb284c10430c2e67865

Request headers

Referer: https://use.typekit.net/hrp3szy.css
Origin: https://www.unrefugees.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:35 GMT
server: nginx
etag: "d8f0e75543cc417069e2148d573e1b3687264d73"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 45996

GET
H2 200 l
use.typekit.net/af/925423/00000000000000003b9b038f/27/ 19 KB
20 KB 512ms
265ms Font
application/font-woff2 2a03:5f80:a::b212:e7c0
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/925423/00000000000000003b9b038f/27/l?subset_id=2&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/hrp3szy.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7c0 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: nginx /
Resource Hash: b2691aa6e8dff80c0760181397a93de4b7da5706594bb540ab430095109a889a

Request headers

Referer: https://use.typekit.net/hrp3szy.css
Origin: https://www.unrefugees.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:35 GMT
server: nginx
etag: "af967ea1356382090341795946181a15b4b5bcf0"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 19892

GET
H2 200 l
use.typekit.net/af/8e11d4/00000000000000003b9b038c/27/ 19 KB
19 KB 326ms
203ms Font
application/font-woff2 2a03:5f80:a::b212:e7c0
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/8e11d4/00000000000000003b9b038c/27/l?subset_id=2&fvd=n6&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/hrp3szy.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7c0 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: nginx /
Resource Hash: 53e973a71dbbd98dc8572115b4a939b3343f7406ea7f918bc8701cd92e890084

Request headers

Referer: https://use.typekit.net/hrp3szy.css
Origin: https://www.unrefugees.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:35 GMT
server: nginx
etag: "50fb462bb968fa8996b7f205254cfa92e534ea41"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 19604

GET
H/1.1

200
OK

rf294876-1200x1200.jpg
cdn.unrefugees.org/u4uweb2020/media/1734/
Redirect Chain

https://www.unrefugees.org/media/1734/rf294876-1200x1200.jpg
https://cdn.unrefugees.org/u4uweb2020/media/1734/rf294876-1200x1200.jpg

124 KB
125 KB

14ms
14ms

Image
image/jpeg

13.32.99.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.unrefugees.org/u4uweb2020/media/1734/rf294876-1200x1200.jpg
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: HTTP/1.1
Server: 13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-105.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 974bbcde9b2a24d0afc97b45967991edc77a5db2e3a3de635a439d9a74f5e98f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-meta-local-date-modified: 131509848570430279
Date: Wed, 09 Feb 2022 16:26:35 GMT
Via: 1.1 372875ad1ec20daf24f3f29f14a73cd0.cloudfront.net (CloudFront)
Last-Modified: Wed, 25 Mar 2020 19:58:44 GMT
Server: AmazonS3
Age: 34031
ETag: "89785ebdf4415bc89001663c2d490271"
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Pop: FRA60-P3
x-amz-meta-local-date-created: 132296391850119854
Content-Length: 126966
X-Amz-Cf-Id: 3_o_TEuHMMm1nUKU9NiHcc63A_yj_E1YMEfiWlG-n8w_qSdsOKQnHQ==

Redirect headers

location: https://cdn.unrefugees.org/u4uweb2020/media/1734/rf294876-1200x1200.jpg
date: Wed, 09 Feb 2022 16:26:35 GMT
cache-control: no-cache
server: Microsoft-IIS/10.0
content-length: 194
content-type: text/html; charset=UTF-8

GET
H/1.1

200
OK

cash-assistance_rf110467__1200x600.jpg
cdn.unrefugees.org/u4uweb2020/media/3292/
Redirect Chain

https://www.unrefugees.org/media/3292/cash-assistance_rf110467__1200x600.jpg
https://cdn.unrefugees.org/u4uweb2020/media/3292/cash-assistance_rf110467__1200x600.jpg

35 KB
36 KB

13ms
13ms

Image
image/jpeg

13.32.99.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.unrefugees.org/u4uweb2020/media/3292/cash-assistance_rf110467__1200x600.jpg
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: HTTP/1.1
Server: 13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-105.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bb7ae1c4a852bbcaf95cf4fbf9a6a4fe490aae2f92d7aa3e47762b9157ea67aa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-meta-local-date-modified: 132095863945053552
Date: Wed, 09 Feb 2022 16:26:35 GMT
Via: 1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
Last-Modified: Wed, 25 Mar 2020 20:09:30 GMT
Server: AmazonS3
Age: 21367
ETag: "f7a6a5fe957ca7ca0151d86cfda065e4"
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Pop: FRA60-P3
x-amz-meta-local-date-created: 132296392007969900
Content-Length: 36313
X-Amz-Cf-Id: 5g6VzeKtKLWVx6u9WYNzmDY2JcCaOuRbgjukkn2LrDfgDXiKZzgLdQ==

Redirect headers

location: https://cdn.unrefugees.org/u4uweb2020/media/3292/cash-assistance_rf110467__1200x600.jpg
date: Wed, 09 Feb 2022 16:26:35 GMT
cache-control: no-cache
server: Microsoft-IIS/10.0
content-length: 210
content-type: text/html; charset=UTF-8

GET
H/1.1

200
OK

unhcr-innovation-rf110365-1200x1200.jpg
cdn.unrefugees.org/u4uweb2020/media/1953/
Redirect Chain

https://www.unrefugees.org/media/1953/unhcr-innovation-rf110365-1200x1200.jpg
https://cdn.unrefugees.org/u4uweb2020/media/1953/unhcr-innovation-rf110365-1200x1200.jpg

105 KB
105 KB

8ms
8ms

Image
image/jpeg

13.32.99.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.unrefugees.org/u4uweb2020/media/1953/unhcr-innovation-rf110365-1200x1200.jpg
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: HTTP/1.1
Server: 13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-105.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d5ce31b0fd3a4db6853d139bc58df72f45f6ad8c19c79ce314644f881ce8df8e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-meta-local-date-modified: 131528141990240105
Date: Wed, 09 Feb 2022 06:59:25 GMT
Via: 1.1 d63ea68c8b7458d49fe25f66ef7f0a5e.cloudfront.net (CloudFront)
x-amz-meta-local-date-created: 132296391865669956
Last-Modified: Wed, 25 Mar 2020 20:00:16 GMT
Server: AmazonS3
Age: 34031
ETag: "0166c7d23197611e472e35df6b3f41bd"
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Connection: keep-alive
X-Amz-Cf-Pop: FRA60-P3
Accept-Ranges: bytes
Content-Length: 107143
X-Amz-Cf-Id: 2VOkSd9Hc5eILpPVjTxG2eUi2AwAjqyzv_wneAjS-X97Nmp1tTej3w==

Redirect headers

location: https://cdn.unrefugees.org/u4uweb2020/media/1953/unhcr-innovation-rf110365-1200x1200.jpg
date: Wed, 09 Feb 2022 16:26:35 GMT
cache-control: no-cache
server: Microsoft-IIS/10.0
content-length: 211
content-type: text/html; charset=UTF-8

GET
H/1.1

200
OK

rf297199-1200x1200.jpg
cdn.unrefugees.org/u4uweb2020/media/1730/
Redirect Chain

https://www.unrefugees.org/media/1730/rf297199-1200x1200.jpg
https://cdn.unrefugees.org/u4uweb2020/media/1730/rf297199-1200x1200.jpg

79 KB
80 KB

8ms
8ms

Image
image/jpeg

13.32.99.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.unrefugees.org/u4uweb2020/media/1730/rf297199-1200x1200.jpg
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: HTTP/1.1
Server: 13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-105.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f7d583ab492d692f32365a861acac4b6c3cc0d1b31d692c4d42bcf5f2a6c2e44

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-meta-local-date-modified: 131509848481514324
Date: Tue, 08 Feb 2022 19:16:03 GMT
Via: 1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
Last-Modified: Wed, 25 Mar 2020 19:58:42 GMT
Server: AmazonS3
Age: 76233
ETag: "4bc835f46426e5b13a906254ce20e888"
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Pop: FRA60-P3
x-amz-meta-local-date-created: 132296391849849828
Content-Length: 81211
X-Amz-Cf-Id: Ex9HtwF0hsBv03UBbWht04p5yzJBz8wAZBvjQIrLtJHBHkgekK_OeQ==

Redirect headers

location: https://cdn.unrefugees.org/u4uweb2020/media/1730/rf297199-1200x1200.jpg
date: Wed, 09 Feb 2022 16:26:35 GMT
cache-control: no-cache
server: Microsoft-IIS/10.0
content-length: 194
content-type: text/html; charset=UTF-8

GET
H/1.1

200
OK

majidawinter-620x468.png
cdn.unrefugees.org/u4uweb2020/media/yziheh5r/
Redirect Chain

https://www.unrefugees.org/media/yziheh5r/majidawinter-620x468.png
https://cdn.unrefugees.org/u4uweb2020/media/yziheh5r/majidawinter-620x468.png

422 KB
422 KB

12ms
12ms

Image
image/png

13.32.99.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.unrefugees.org/u4uweb2020/media/yziheh5r/majidawinter-620x468.png
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: HTTP/1.1
Server: 13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-105.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 98b1c4017864eb68976f5c3d4155a59dd7281943f5d6fedb415f13bb642cfdc3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-meta-local-date-modified: 132876854113548837
Date: Wed, 09 Feb 2022 16:26:35 GMT
Via: 1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
Last-Modified: Wed, 26 Jan 2022 15:43:43 GMT
Server: AmazonS3
Age: 21367
ETag: "ea11ba6cb96b0be18ef030b648396c03"
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Pop: FRA60-P3
x-amz-meta-local-date-created: 132876854113548837
Content-Length: 431997
X-Amz-Cf-Id: 2IbT8uZW4yoMCLwQM4CkvAf1bd6qlK4C4ZyVzuYaxdNnVrpAMbh9Dg==

Redirect headers

location: https://cdn.unrefugees.org/u4uweb2020/media/yziheh5r/majidawinter-620x468.png
date: Wed, 09 Feb 2022 16:26:35 GMT
cache-control: no-cache
server: Microsoft-IIS/10.0
content-length: 200
content-type: text/html; charset=UTF-8

GET
H/1.1

200
OK

helmandwinterblog-620x468.png
cdn.unrefugees.org/u4uweb2020/media/ew3ghhud/
Redirect Chain

https://www.unrefugees.org/media/ew3ghhud/helmandwinterblog-620x468.png
https://cdn.unrefugees.org/u4uweb2020/media/ew3ghhud/helmandwinterblog-620x468.png

549 KB
550 KB

19ms
18ms

Image
image/png

13.32.99.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.unrefugees.org/u4uweb2020/media/ew3ghhud/helmandwinterblog-620x468.png
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: HTTP/1.1
Server: 13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-105.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dbb41fc26e922bc2a1c4fb2d9d2482c11e0daa616fea96c53449312ef81520a2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-meta-local-date-modified: 132875151209970835
Date: Wed, 09 Feb 2022 06:59:25 GMT
Via: 1.1 319f376925908156190f5fc160137b42.cloudfront.net (CloudFront)
Last-Modified: Mon, 24 Jan 2022 16:28:43 GMT
Server: AmazonS3
Age: 34031
ETag: "73ad165b2517db66c5c5441b52dc1bef"
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Pop: FRA60-P3
x-amz-meta-local-date-created: 132875151209970835
Content-Length: 562295
X-Amz-Cf-Id: -tR8c6xq96MORBtiTAkT5kxjsc23EPTk_vW30GirezLruwH4ajTiFw==

Redirect headers

location: https://cdn.unrefugees.org/u4uweb2020/media/ew3ghhud/helmandwinterblog-620x468.png
date: Wed, 09 Feb 2022 16:26:35 GMT
cache-control: no-cache
server: Microsoft-IIS/10.0
content-length: 205
content-type: text/html; charset=UTF-8

GET
H2 403 ethiopialist.png
www.unrefugees.org/media/5thloe13/ 58 B
58 B 165ms
163ms Image
text/html 52.35.28.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.unrefugees.org/media/5thloe13/ethiopialist.png
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.35.28.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-35-28-98.us-west-2.compute.amazonaws.com
Software: Microsoft-IIS/10.0 /
Resource Hash: c54008cfaffe2e6442ed8bfedc1c3511572980a7af2796ff3a76fedd5d4d1fba

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:35 GMT
server: Microsoft-IIS/10.0
content-length: 58
content-type: text/html

GET
H2 403 yemen-rf246329-1440x700-v2.jpg
www.unrefugees.org/media/1534/ 58 B
58 B 165ms
163ms Image
text/html 52.35.28.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.unrefugees.org/media/1534/yemen-rf246329-1440x700-v2.jpg
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.35.28.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-35-28-98.us-west-2.compute.amazonaws.com
Software: Microsoft-IIS/10.0 /
Resource Hash: c54008cfaffe2e6442ed8bfedc1c3511572980a7af2796ff3a76fedd5d4d1fba

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:35 GMT
server: Microsoft-IIS/10.0
content-length: 58
content-type: text/html

GET
H2 403 search-icon.png
www.unrefugees.org/img/ 58 B
58 B 163ms
161ms Image
text/html 52.35.28.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.unrefugees.org/img/search-icon.png
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/css/index.css?v=4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.35.28.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-35-28-98.us-west-2.compute.amazonaws.com
Software: Microsoft-IIS/10.0 /
Resource Hash: c54008cfaffe2e6442ed8bfedc1c3511572980a7af2796ff3a76fedd5d4d1fba

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/css/index.css?v=4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:35 GMT
server: Microsoft-IIS/10.0
content-length: 58
content-type: text/html

GET
H2 200 l
use.typekit.net/af/219c30/00000000000000003b9b0389/27/ 19 KB
19 KB 159ms
117ms Font
application/font-woff2 2a03:5f80:a::b212:e7c0
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/219c30/00000000000000003b9b0389/27/l?subset_id=2&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/hrp3szy.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7c0 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: nginx /
Resource Hash: 087eea56d7a820a2a7a9c182616af459f127761730aeeff62c1ca82706ac02c8

Request headers

Referer: https://use.typekit.net/hrp3szy.css
Origin: https://www.unrefugees.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:35 GMT
server: nginx
etag: "7c243ed5f8437a6687e49316f96967fcfd3feb05"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 19156

GET
H2 200 fontello.woff2
www.unrefugees.org/font/ 4 KB
5 KB 163ms
162ms Font
application/x-font-woff2 52.35.28.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.unrefugees.org/font/fontello.woff2?47325548
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/css/index.css?v=4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.35.28.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-35-28-98.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: fd8c794bb43e5220596bc1c5d50f865268cd2655c86f0d3175875d7e1c3afcc6

Request headers

Referer: https://www.unrefugees.org/css/index.css?v=4
Origin: https://www.unrefugees.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:35 GMT
last-modified: Wed, 17 May 2017 10:53:35 GMT
accept-ranges: bytes
etag: "bc6dfed4fbced21:0"
content-length: 4328
content-type: application/x-font-woff2

GET
H2 200 l
use.typekit.net/af/220823/000000000000000000015231/27/ 45 KB
45 KB 155ms
114ms Font
application/font-woff2 2a03:5f80:a::b212:e7c0
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/220823/000000000000000000015231/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/hrp3szy.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7c0 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: nginx /
Resource Hash: e2324ad785ba5747059f48d4790a7783d6a85b04ca91d3312af124e1fb254136

Request headers

Referer: https://use.typekit.net/hrp3szy.css
Origin: https://www.unrefugees.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:35 GMT
server: nginx
etag: "25d9000ed11ad93413dd9fab416a1870c8ae46cd"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 46068

GET
H/1.1 200
OK tv2track.php
collector-3219.tvsquared.com/ 42 B
276 B 110ms
109ms Image
image/gif 3.20.2.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://collector-3219.tvsquared.com/tv2track.php?action_name=How%20to%20Help%20Refugees%20%E2%80%94%20Aid%2C%20Relief%20and%20Donations%20%7C%20USA%20for%20UNHCR&idsite=TV-63728109-1&rec=1&r=293562&h=16&m=26&s=35&url=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU&_id=981cfbfda8f8a344&_idts=1644423995&_idvc=0&_idn=1&_viewts=&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=0&java=0&gears=0&ag=0&cookie=1&res=1600x1200&gt_ms=1593
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.20.2.247 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-20-2-247.us-east-2.compute.amazonaws.com
Software: nginx /
Resource Hash: f0c71e3da5b3fcab3c66af1cf0cdbf262c97b9330b7b37116f1ae2ab18bdc660

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 09 Feb 2022 16:26:35 GMT
Server: nginx
Connection: keep-alive
Request-Id: 25e27fa4-6bf1-4498-ab1d-ee7724a8bf11
P3p: CP='OTI DSP COR NID STP UNI OTPa OUR'
Content-Length: 42
Content-Type: image/gif

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/1p3YWy80wlZ7Q8QFR1gjazwU/ 356 KB
140 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/1p3YWy80wlZ7Q8QFR1gjazwU/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebc6ea0f875078e989460766ea6ae585b43650cb2408daf4183e72a4101881f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Origin: https://www.unrefugees.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:16:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 577
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 143107
x-xss-protection: 0
last-modified: Mon, 31 Jan 2022 05:04:01 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 09 Feb 2023 16:16:58 GMT

GET
H3 200 payframe Show response
pay.google.com/gp/p/ui/ Frame AB65 17 KB
7 KB 222ms
201ms Document
text/html 2a00:1450:400c:c04::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fwww.unrefugees.org&mid=

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/js/pay.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c04::5c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a2c8cc38927a639c484917bb7b9bd7a2aac9aa68b3f7b0d1b41f3176cf98b7a7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-o4IW8N4hj+/+BcEW53YZEA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-o4IW8N4hj+/+BcEW53YZEA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU

Response headers

content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-ua-compatible: IE=edge
expires: Wed, 09 Feb 2022 16:26:35 GMT
date: Wed, 09 Feb 2022 16:26:35 GMT
cache-control: private, max-age=3600
strict-transport-security: max-age=31536000
content-security-policy: script-src 'report-sample' 'nonce-o4IW8N4hj+/+BcEW53YZEA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-o4IW8N4hj+/+BcEW53YZEA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
cross-origin-resource-policy: same-site
cross-origin-opener-policy: same-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 204 0
bat.bing.com/action/ 0
150 B 221ms
221ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5612726&tm=gtm002&Ver=2&mid=c600f9fa-ea2c-42ec-b0f3-6860fbcd1308&sid=0c8b8cd089c511ecbdc88b2c3945e395&vid=0c8b796089c511ecafba3326333150b0&vids=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=How%20to%20Help%20Refugees%20%E2%80%94%20Aid,%20Relief%20and%20Donations%20%7C%20USA%20for%20UNHCR&kw=Home&p=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU&r=&lt=3473&evt=pageLoad&msclkid=N&sv=1&rn=413698
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Feb 2022 16:26:34 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C755D9009E9941A092C53C6A0E17FDAE Ref B: FRAEDGE1318 Ref C: 2022-02-09T16:26:35Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

beacon
r.turn.com/r/
Redirect Chain

https://20668909p.rfihub.com/ca.gif?rb=9587&ca=20668909&ra=15960123
https://r.turn.com/r/beacon?b2=2ktLc5k8nNM07yj6GA-Hrn8gtUS_nFcwtDx5qaA26AoeU_Oup029YVIprkeGvqSpoIUReErvK66MTKJfORKOtg&cid=

43 B
398 B

103ms
54ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/beacon?b2=2ktLc5k8nNM07yj6GA-Hrn8gtUS_nFcwtDx5qaA26AoeU_Oup029YVIprkeGvqSpoIUReErvK66MTKJfORKOtg&cid=
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Feb 2022 16:26:35 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

Location: https://r.turn.com/r/beacon?b2=2ktLc5k8nNM07yj6GA-Hrn8gtUS_nFcwtDx5qaA26AoeU_Oup029YVIprkeGvqSpoIUReErvK66MTKJfORKOtg&cid=
Date: Wed, 09 Feb 2022 16:26:35 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 tc.min.js Show response
c1.rfihub.net/js/ 19 KB
6 KB 42ms
6ms Script
application/x-javascript 2600:9000:223c:400:1:76cf:fe80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/tc.min.js
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:400:1:76cf:fe80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 15:59:05 GMT
content-encoding: gzip
last-modified: Wed, 09 Feb 2022 15:58:55 GMT
server: Jetty(9.3.29.v20201019)
age: 1650
x-cache: Hit from cloudfront
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
via: 1.1 22993faf725ff29c940e58cb14ddf668.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
x-amz-cf-pop: FRA56-P2
content-type: application/x-javascript
content-length: 6162
x-amz-cf-id: aMQcnqEK45mqDuRjnMyyd-V1vMqmQctDS_u_JwqyI-KJP2bPKI5Hhg==
expires: Wed, 09 Feb 2022 16:59:05 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
90 B 19ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=363860773806760&ev=Microdata&dl=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU&rl=&if=false&ts=1644423995386&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22How%20to%20Help%20Refugees%20%E2%80%94%20Aid%2C%20Relief%20and%20Donations%20%7C%20USA%20for%20UNHCR%22%2C%22meta%3Akeywords%22%3A%22Home%22%2C%22meta%3Adescription%22%3A%22USA%20for%20UNHCR%20helps%20to%20save%2C%20protect%20and%20rebuild%20the%20lives%20of%20millions%20of%20refugees.%20Learn%20how%20you%20can%20help.%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22How%20to%20Help%20Refugees%20%E2%80%94%20Aid%2C%20Relief%20and%20Donations%20%7C%20USA%20for%20UNHCR%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.unrefugees.org%2Fmedia%2F1884%2Fusa-for-unhcr-helping-refugees-rf237115-1200x1200.jpg%22%2C%22og%3Adescription%22%3A%22USA%20for%20UNHCR%20helps%20to%20save%2C%20protect%20and%20rebuild%20the%20lives%20of%20millions%20of%20refugees.%20Learn%20how%20you%20can%20help.%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.52&r=stable&ec=1&o=30&fbp=fb.1.1644423994853.1225467834&it=1644423994742&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:35 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Wed, 09 Feb 2022 16:26:35 GMT

GET
H2 200 fa5b33ed7c80.js Show response
w.usabilla.com/ Frame F083 36 KB
11 KB 102ms
31ms Script
text/javascript 34.248.81.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://w.usabilla.com/fa5b33ed7c80.js?lv=1
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.81.51 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-81-51.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: afcf054c4bdad4ed68c4375aa7b5dcfd85cb4590f0acb277a2ea8c10c5cf9855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Feb 2022 16:26:35 GMT
content-encoding: gzip
x-widget-server: 2.1
etag: "e7a48aa406ebb0a379f46328a67076b1"
content-type: text/javascript
cache-control: public,max-age=0
content-length: 11144

GET
H/1.1 200
OK ca.html Show response
20826429p.rfihub.com/ Frame A782 3 KB
4 KB 86ms
22ms Document
text/html 193.0.160.128
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://20826429p.rfihub.com/ca.html?ver=9&rb=9587&ca=20826429&_o=9587&_t=20826429&pe=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU&pf=&ra=9579623431874709
Requested by: Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.128 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: acc5ebfcb5847578dcf7a30b569096b3115e8208f0c854259e31ea263bd80bc5

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU

Response headers

Date: Wed, 09 Feb 2022 16:26:35 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Content-Type: text/html;charset=utf-8
Content-Length: 3014
Server: Jetty(9.3.29.v20201019)

GET
H/1.1

200
OK

cm
a.rfihub.com/ Frame A782
Redirect Chain

https://cm.g.doubleclick.net/pixel?&in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=NTEzNDQ1NTQyMDMyODQ0ODEyMg==&forward=
https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESELxOtcH2-wrmEXIg2GTwTOc&google_cver=1

42 B
1 KB

57ms
15ms

Image
image/gif

193.0.160.128
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESELxOtcH2-wrmEXIg2GTwTOc&google_cver=1
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: HTTP/1.1
Server: 193.0.160.128 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 09 Feb 2022 16:26:35 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Wed, 09 Feb 2022 16:26:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESELxOtcH2-wrmEXIg2GTwTOc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 311
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame A782
Redirect Chain

https://ib.adnxs.com/setuid?entity=18&code=5134455420328448122
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D5134455420328448122

43 B
1 KB

40ms
40ms

Image
image/gif

185.33.221.50
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D5134455420328448122

Requested by

Protocol

HTTP/1.1

Server

185.33.221.50 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Feb 2022 16:26:35 GMT
X-Proxy-Origin: 193.27.14.42; 193.27.14.42; 728.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: cb9dd9df-da6c-4151-86e0-d769872d6c19
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 09 Feb 2022 16:26:35 GMT
X-Proxy-Origin: 193.27.14.42; 193.27.14.42; 728.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 9518fc3e-c4a0-4974-81c2-caca09a5114c
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D5134455420328448122
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

cm
p.rfihub.com/ Frame A782
Redirect Chain

https://stags.bluekai.com/site/4722?id=5134455420328448122&redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fbk_uuid%3D%24_BK_UUID%26forward%3D
https://p.rfihub.com/cm?bk_uuid=$_BK_UUID&forward=

42 B
1 KB

17ms
17ms

Image
image/gif

193.0.160.128
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.rfihub.com/cm?bk_uuid=$_BK_UUID&forward=
Protocol: HTTP/1.1
Server: 193.0.160.128 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 09 Feb 2022 16:26:35 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

Location: https://p.rfihub.com/cm?bk_uuid=$_BK_UUID&forward=
Date: Wed, 09 Feb 2022 16:26:35 GMT
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame A782 0
239 B 33ms
9ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=5134455420328448122&
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Content-Type: image/gif

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/ Frame A782
Redirect Chain

https://dpm.demdex.net/ibs:dpid=1121&dpuuid=5134455420328448122&redir=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5134455420328448122&redir=

42 B
943 B

34ms
34ms

Image
image/gif

54.76.200.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5134455420328448122&redir=

Requested by

Protocol

HTTP/1.1

Server

54.76.200.156 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-76-200-156.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v027-0e1375e85.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: irpcWSuIQ3c=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v027-0760b286c.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: qX9VXgc9RKw=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5134455420328448122&redir=
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1

200
OK

match
ps.eyeota.net/ Frame A782
Redirect Chain

https://p.rfihub.com/cm?pub=24472&in=1
https://ps.eyeota.net/match?uid=5134455420328448122&bid=omt9pi0

0
344 B

44ms
10ms

Image
text/plain

3.125.70.222
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match?uid=5134455420328448122&bid=omt9pi0
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: HTTP/1.1
Server: 3.125.70.222 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-125-70-222.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 09 Feb 2022 16:26:35 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

Location: https://ps.eyeota.net/match?uid=5134455420328448122&bid=omt9pi0
Date: Wed, 09 Feb 2022 16:26:35 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 cksync.php
contextual.media.net/ Frame A782 45 B
615 B 132ms
85ms Image
image/gif 23.58.216.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=rkt&ovsid=5134455420328448122

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.58.216.132 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-58-216-132.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
server: Apache
date: Wed, 09 Feb 2022 16:26:35 GMT
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 45
x-mnet-hl2: E
expires: Wed, 09 Feb 2022 16:26:35 GMT

GET
H2 200 serving
bs.serving-sys.com/ Frame A782 0
105 B 54ms
8ms Image
text/plain 18.185.129.178
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bs.serving-sys.com/serving?cn=um&dpid=12&rtu=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D17945%26userid%3D%5B%25tp_UserID%25%5D
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.185.129.178 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-185-129-178.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:35 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-length: 0
p3p: CP="NOI DEVa OUR BUS UNI"

GET
H2

200

362358.gif
idsync.rlcdn.com/ Frame A782
Redirect Chain

https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=5134455420328448122&referrer=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_sourc...
https://p.rfihub.com/cm?pub=39342&in=0&userid=61993616-2be5-4c5a-a750-ff87930439f0%3A1644423995.66&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D61993616-2be5-4c5a-a750-ff87930439f0...
https://idsync.rlcdn.com/501709.gif?partner_uid=61993616-2be5-4c5a-a750-ff87930439f0%3A1644423995.66
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEEKkUx-x9CQ95JhkfWUHlI4&google_cver=1

42 B
301 B

16ms
16ms

Image
image/gif

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEEKkUx-x9CQ95JhkfWUHlI4&google_cver=1
Protocol: H2
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Feb 2022 16:26:35 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

Redirect headers

pragma: no-cache
date: Wed, 09 Feb 2022 16:26:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEEKkUx-x9CQ95JhkfWUHlI4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 289
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
bpi.rtactivate.com/tag/ Frame A782 43 B
109 B 401ms
193ms Image
image/gif 184.73.169.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bpi.rtactivate.com/tag/?id=11017&user_id=5134455420328448122
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 184.73.169.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-184-73-169-224.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:35 GMT
server: awselb/2.0
content-length: 43
content-type: image/gif

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A782
Redirect Chain

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5134455420328448122&forward=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5134455420328448122&forward=&C=1

43 B
1006 B

33ms
33ms

Image
image/gif

72.247.225.98
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5134455420328448122&forward=&C=1
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: HTTP/1.1
Server: 72.247.225.98 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-247-225-98.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 09 Feb 2022 16:26:35 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 09 Feb 2022 16:26:35 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 09 Feb 2022 16:26:35 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5134455420328448122&forward=&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 295
Expires: Wed, 09 Feb 2022 16:26:35 GMT

GET
H2 200 360947.gif
idsync.rlcdn.com/ Frame A782 42 B
418 B 31ms
15ms Image
image/gif 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/360947.gif?partner_uid=5134455420328448122
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 09 Feb 2022 16:26:35 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

GET
H2 200 rocketfuel_sync
x.dlx.addthis.com/e/ Frame A782 43 B
191 B 241ms
175ms Image
image/gif 104.111.215.191
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://x.dlx.addthis.com/e/rocketfuel_sync?na_exid=5134455420328448122

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.215.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-215-191.deploy.static.akamaitechnologies.com

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=2628000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Feb 2022 16:26:35 GMT
cache-control: max-age=0, no-cache, no-store
expires: Wed, 09 Feb 2022 16:26:35 GMT
content-length: 43
strict-transport-security: max-age=2628000
content-type: image/gif

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame A782
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7180&uid=5134455420328448122&img=1
https://sync.search.spotxchange.com/partner?adv_id=7180&uid=5134455420328448122&img=1&__user_check__=1&sync_id=0cbd8b8b-89c5-11ec-857d-1ac857eb0106

43 B
548 B

16ms
16ms

Image
image/gif

185.94.180.125
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7180&uid=5134455420328448122&img=1&__user_check__=1&sync_id=0cbd8b8b-89c5-11ec-857d-1ac857eb0106
Protocol: HTTP/1.1
Server: 185.94.180.125 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 09 Feb 2022 16:26:35 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 69
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Wed, 09 Feb 2022 16:26:35 GMT
Server: nginx
Location: /partner?adv_id=7180&uid=5134455420328448122&img=1&__user_check__=1&sync_id=0cbd8b8b-89c5-11ec-857d-1ac857eb0106
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 72
Connection: keep-alive
Content-Length: 0

GET
H2 200 sync
partners.tremorhub.com/ Frame A782 43 B
183 B 345ms
92ms Image
image/gif 2600:1f18:612b:4200:43f8:c79a:f116:17d6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partners.tremorhub.com/sync?UIRF=5134455420328448122&r=iEzJ52UzIchs
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4200:43f8:c79a:f116:17d6 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:35 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

GET
H2 200 g.pixel
aa.agkn.com/adscores/ Frame A782 43 B
238 B 76ms
20ms Image
image/gif 18.168.101.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aa.agkn.com/adscores/g.pixel?sid=9212192898&rf=5134455420328448122
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.168.101.220 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-168-101-220.eu-west-2.compute.amazonaws.com
Software: AAWebServer /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Feb 2022 16:26:35 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
expires: 0

GET
H2 204 usermatch.gif
beacon.krxd.net/ Frame A782 0
338 B 233ms
28ms Image
text/plain 52.215.247.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner_id=rfuel&partner_user_id=5134455420328448122
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.247.247 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-215-247-247.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:26:35 GMT
cache-control: private, no-cache, no-store
x-request-time: D=51 t=1644423995
x-served-by: beacon-n002-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1

200
OK

sync
x.bidswitch.net/ul_cb/ Frame A782
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=119&user_id=5134455420328448122&expires=30
https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5134455420328448122&expires=30

43 B
495 B

10ms
10ms

Image
image/gif

3.126.65.212
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5134455420328448122&expires=30
Protocol: HTTP/1.1
Server: 3.126.65.212 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-65-212.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 09 Feb 2022 16:26:35 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

Location: https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5134455420328448122&expires=30
Date: Wed, 09 Feb 2022 16:26:35 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

cm
p.rfihub.com/ Frame A782
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D
https://sync-tm.everesttech.net/ct/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D&_test=YgPrOwAE9GVBgABB
https://p.rfihub.com/cm?in=1&pub=21653&userid=YgPrOwAE9GVBgABB&_test=YgPrOwAE9GVBgABB

42 B
1 KB

18ms
18ms

Image
image/gif

193.0.160.128
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.rfihub.com/cm?in=1&pub=21653&userid=YgPrOwAE9GVBgABB&_test=YgPrOwAE9GVBgABB
Protocol: HTTP/1.1
Server: 193.0.160.128 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://20826429p.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 09 Feb 2022 16:26:36 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Wed, 09 Feb 2022 16:26:35 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1644423996.996278,VS0,VE0
x-served-by: cache-cdg20752-CDG
x-cache: HIT
location: https://p.rfihub.com/cm?in=1&pub=21653&userid=YgPrOwAE9GVBgABB&_test=YgPrOwAE9GVBgABB
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

POST
H3 404 cspreport
pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/ Frame AB65 2 KB
2 KB 22ms
22ms Other
text/html 2a00:1450:400c:c04::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400c:c04::5c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101

Request headers

Referer: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fwww.unrefugees.org&mid=
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Wed, 09 Feb 2022 16:26:35 GMT
referrer-policy: no-referrer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1608
content-type: text/html; charset=UTF-8

GET
H3 200 m=_b,_tp Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mdHPulYeIkE.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AM... Frame AB65 148 KB
52 KB 22ms
8ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mdHPulYeIkE.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrjEccaga3GAGgSuXUJtwL-uGSmUig/m=_b,_tp

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fwww.unrefugees.org&mid=

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f45561bf0d66a19b97fd29c28ffec442d6a8ff6bd65d32aa0d1ad39e9505b39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 08 Feb 2022 17:13:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83597
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53008
x-xss-protection: 0
last-modified: Tue, 08 Feb 2022 06:25:17 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Feb 2023 17:13:18 GMT

GET
H3 200 m=byfTOb,lsjVmc,LEikZe Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mdHPulYeIkE.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.tHz... Frame AB65 36 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mdHPulYeIkE.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.tHz89CYTEo4.L.B1.O/am=DAAE/d=1/exm=_b,_tp/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrgH_tZNQQqN8Rigng_PCY5m6sAjTw/ee=cEt90b:ws9Tlc;rXjWyb:VWuaCc;uY49fb:COQbmf;Oj465e:KG2eXe;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=byfTOb,lsjVmc,LEikZe

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mdHPulYeIkE.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrjEccaga3GAGgSuXUJtwL-uGSmUig/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

938b90214bc1f765b4dd29ea2151b05b5464669aedec8fb00d853383b3d204ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 08 Feb 2022 17:13:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83592
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13491
x-xss-protection: 0
last-modified: Tue, 01 Feb 2022 02:26:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Feb 2023 17:13:23 GMT

GET
H3 200 m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mdHPulYeIkE.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.tHz... Frame AB65 73 KB
27 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mdHPulYeIkE.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.tHz89CYTEo4.L.B1.O/am=DAAE/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrgH_tZNQQqN8Rigng_PCY5m6sAjTw/ee=cEt90b:ws9Tlc;rXjWyb:VWuaCc;uY49fb:COQbmf;Oj465e:KG2eXe;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mdHPulYeIkE.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrjEccaga3GAGgSuXUJtwL-uGSmUig/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1238053d32c5a1eb266998fa9d6a2198764f767dc7347c3fcdf2ef632f21aa9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 08 Feb 2022 17:13:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83591
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27595
x-xss-protection: 0
last-modified: Tue, 01 Feb 2022 02:26:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Feb 2023 17:13:24 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ Frame AB65 49 KB
20 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mdHPulYeIkE.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.tHz89CYTEo4.L.B1.O/am=DAAE/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrgH_tZNQQqN8Rigng_PCY5m6sAjTw/ee=cEt90b:ws9Tlc;rXjWyb:VWuaCc;uY49fb:COQbmf;Oj465e:KG2eXe;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 1303
date: Wed, 09 Feb 2022 16:04:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 09 Feb 2022 18:04:52 GMT

GET
H3 200 pay Show response
pay.google.com/gp/p/ui/ Frame AB65 1 MB
342 KB 72ms
71ms XHR
text/html 2a00:1450:400c:c04::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/pay

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mdHPulYeIkE.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrjEccaga3GAGgSuXUJtwL-uGSmUig/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c04::5c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

79b01ab4e87c171373b7dc0bdc6baca3ad28a209312cb36076458f72fc4aff3a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-xwPuIPmBofH125IM/KD+xQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-xwPuIPmBofH125IM/KD+xQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: same-site
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge
server: ESF
cross-origin-opener-policy: unsafe-none
date: Wed, 09 Feb 2022 16:26:35 GMT
x-frame-options: DENY
content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: private, max-age=3600
content-security-policy: script-src 'report-sample' 'nonce-xwPuIPmBofH125IM/KD+xQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-xwPuIPmBofH125IM/KD+xQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
expires: Wed, 09 Feb 2022 16:26:35 GMT

GET
H2 200 nr-1215.min.js Show response
js-agent.newrelic.com/ 36 KB
14 KB 29ms
7ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1215.min.js
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 18395fd1ef75de4f03f701f5a5020563aed55e1539b3200605053f2c924211bb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: mrZZlI3m.d3cabi4HqLBBkr4pQ2c77UF
content-encoding: gzip
etag: "615035bb6557b191e767e19087efabaf"
x-amz-request-id: Q3HY1PNXY8TR1JKC
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 13666
x-amz-id-2: vufw9riA1/AZuDRdL2YM0H7A49KcGNwlGDUuSDYJ2ktT+9HT9gECAeZa/fHF13NGGalFATZWX8c=
x-served-by: cache-hhn4073-HHN
last-modified: Mon, 24 Jan 2022 22:13:53 GMT
server: AmazonS3
x-timer: S1644423996.715954,VS0,VE0
date: Wed, 09 Feb 2022 16:26:35 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 20862

GET
H/1.1 200
OK unhcr-button-ca8fba580979f02c2694fa49ed8ef52a.png
d6tizftlrpuof.cloudfront.net/themes/production/ Frame 7FFB 2 KB
2 KB 31ms
7ms Image
image/png 52.222.206.77
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d6tizftlrpuof.cloudfront.net/themes/production/unhcr-button-ca8fba580979f02c2694fa49ed8ef52a.png
Requested by: Host: www.unrefugees.org
URL: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.206.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-206-77.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 90b232dae4b3477832ee21493d7558ace8cf6e9b8bc97f9c552f301da013f1da

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Fri, 03 Sep 2021 06:47:22 GMT
Via: 1.1 d79861a030d3421826a919f9c2b00146.cloudfront.net (CloudFront)
Connection: keep-alive
Last-Modified: Tue, 05 Feb 2019 19:50:28 GMT
Server: AmazonS3
Age: 13772354
ETag: "ca8fba580979f02c2694fa49ed8ef52a"
X-Cache: Hit from cloudfront
x-amz-version-id: .SrcatzoiMfoqGSBwRAbfAVYaagZkb9i
Cache-Control: max-age=315360000, no-transform, public
X-Amz-Cf-Pop: FRA56-P3
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 1768
X-Amz-Cf-Id: Sj0CGppUTjdTPqaitalLRprWMvhYsgJVJWL_1SJuApCIbzmtOcuwRA==

POST
H3 200 log Show response
play.google.com/ Frame AB65 131 B
155 B 58ms
42ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mdHPulYeIkE.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrjEccaga3GAGgSuXUJtwL-uGSmUig/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 09 Feb 2022 16:26:35 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Wed, 09 Feb 2022 16:26:35 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 60ms
38ms Preflight
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Wed, 09 Feb 2022 16:26:35 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 09 Feb 2022 16:26:35 GMT
cache-control: private

POST
H3 200 log Show response
play.google.com/ Frame AB65 131 B
155 B 56ms
42ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mdHPulYeIkE.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrjEccaga3GAGgSuXUJtwL-uGSmUig/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 09 Feb 2022 16:26:35 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Wed, 09 Feb 2022 16:26:35 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 53ms
39ms Preflight
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Wed, 09 Feb 2022 16:26:35 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 09 Feb 2022 16:26:35 GMT
cache-control: private

POST
H3 200 log Show response
play.google.com/ Frame AB65 131 B
155 B 58ms
43ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mdHPulYeIkE.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrjEccaga3GAGgSuXUJtwL-uGSmUig/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 09 Feb 2022 16:26:35 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Wed, 09 Feb 2022 16:26:35 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 47ms
38ms Preflight
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Wed, 09 Feb 2022 16:26:35 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 09 Feb 2022 16:26:35 GMT
cache-control: private

POST
H3 200 log Show response
play.google.com/ Frame AB65 131 B
155 B 54ms
41ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mdHPulYeIkE.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrjEccaga3GAGgSuXUJtwL-uGSmUig/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 09 Feb 2022 16:26:35 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Wed, 09 Feb 2022 16:26:35 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 41ms
39ms Preflight
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Wed, 09 Feb 2022 16:26:35 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 09 Feb 2022 16:26:35 GMT
cache-control: private

POST
H3 200 log Show response
play.google.com/ Frame AB65 131 B
155 B 55ms
43ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mdHPulYeIkE.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrjEccaga3GAGgSuXUJtwL-uGSmUig/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 09 Feb 2022 16:26:35 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Wed, 09 Feb 2022 16:26:35 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 41ms
40ms Preflight
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Wed, 09 Feb 2022 16:26:35 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 09 Feb 2022 16:26:35 GMT
cache-control: private

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 39ms
38ms Preflight
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://pay.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://pay.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Wed, 09 Feb 2022 16:26:35 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 09 Feb 2022 16:26:35 GMT
cache-control: private

POST
H3 200 log Show response
play.google.com/ Frame AB65 131 B
155 B 47ms
41ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mdHPulYeIkE.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrjEccaga3GAGgSuXUJtwL-uGSmUig/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 09 Feb 2022 16:26:35 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Wed, 09 Feb 2022 16:26:35 GMT

GET
H3 200 m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mdHPulYeIkE.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.tHz... Frame AB65 17 KB
7 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mdHPulYeIkE.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.tHz89CYTEo4.L.B1.O/am=DAAE/d=1/exm=Das5Le,IZT63,LEikZe,PrPYRd,Ru0Pgb,ZyYHPb,_b,_tp,byfTOb,hc6Ubd,lsjVmc,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrgH_tZNQQqN8Rigng_PCY5m6sAjTw/ee=cEt90b:ws9Tlc;rXjWyb:VWuaCc;uY49fb:COQbmf;Oj465e:KG2eXe;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=Wt6vjf,hhhU8,FCpbqb,WhJNk

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mdHPulYeIkE.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrjEccaga3GAGgSuXUJtwL-uGSmUig/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d8bf1bc8d407357c006ef518e1698c92a0f337a7c921badee75b110d26ede5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 08 Feb 2022 17:13:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83590
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7184
x-xss-protection: 0
last-modified: Tue, 01 Feb 2022 02:26:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Feb 2023 17:13:25 GMT

GET
H3 200 m=lwddkf,EFQ78c Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mdHPulYeIkE.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.tHz... Frame AB65 8 KB
3 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mdHPulYeIkE.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.tHz89CYTEo4.L.B1.O/am=DAAE/d=1/exm=Das5Le,FCpbqb,IZT63,LEikZe,PrPYRd,Ru0Pgb,WhJNk,Wt6vjf,ZyYHPb,_b,_tp,byfTOb,hc6Ubd,hhhU8,lsjVmc,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrgH_tZNQQqN8Rigng_PCY5m6sAjTw/ee=cEt90b:ws9Tlc;rXjWyb:VWuaCc;uY49fb:COQbmf;Oj465e:KG2eXe;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=lwddkf,EFQ78c

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mdHPulYeIkE.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrjEccaga3GAGgSuXUJtwL-uGSmUig/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11d6ea186a1d04e895bcef528762f8da172a4d32fa8cbe76a6128f8bf31a4d92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 08 Feb 2022 17:13:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83590
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3337
x-xss-protection: 0
last-modified: Tue, 01 Feb 2022 02:26:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Feb 2023 17:13:25 GMT

POST
H2 200 logger Show response
www.sandbox.paypal.com/xoplatform/logger/api/ 814 B
1 KB 162ms
162ms XHR
application/json 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sandbox.paypal.com/xoplatform/logger/api/logger

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AXR8B71wtnEZHnlsTiphl1IRoxz4ZCoV5P4_FBhZeyaRBbGZXlD1_VE1c9hd2asTUQGyWBo7nyZo-_Mi&vault=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0217bbd76b7c809dc313b5f1ebdf49df8ee81f23a7d258aec05464b64489ccd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
content-type: application/json

Response headers

date: Wed, 09 Feb 2022 16:26:36 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS, MISS
paypal-debug-id: 18ff0bbe78cfe
server-timing: content-encoding;desc=br
content-encoding: br
x-served-by: cache-fra19149-FRA, cache-hhn4039-HHN
x-timer: S1644423996.053262,VS0,VE155
etag: W/"32e-2kS5+wt4ICCQeB8AkK55vlHH7cQ"
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.unrefugees.org
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0, 0

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 16ms
16ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=750576586&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU&ul=en-us&de=UTF-8&dt=How%20to%20Help%20Refugees%20%E2%80%94%20Aid%2C%20Relief%20and%20Donations%20%7C%20USA%20for%20UNHCR&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=%2F&el=25%25&_u=aGDACEABBAAAAG~&jid=1644690431&gjid=645703752&cid=589410312.1644423995&tid=UA-3754388-9&_gid=1788208001.1644423995&_r=1&gtm=2wg270XT4L&z=391900827

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 09 Feb 2022 16:26:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.unrefugees.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
7ms Image
image/gif 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=750576586&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU&ul=en-us&de=UTF-8&dt=How%20to%20Help%20Refugees%20%E2%80%94%20Aid%2C%20Relief%20and%20Donations%20%7C%20USA%20for%20UNHCR&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=%2F&el=50%25&_u=aGDACEABBAAAAG~&jid=&gjid=&cid=589410312.1644423995&tid=UA-3754388-9&_gid=1788208001.1644423995&gtm=2wg270XT4L&z=119202917

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Feb 2022 10:06:50 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 22785
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 11ms
7ms Image
image/gif 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=750576586&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU&ul=en-us&de=UTF-8&dt=How%20to%20Help%20Refugees%20%E2%80%94%20Aid%2C%20Relief%20and%20Donations%20%7C%20USA%20for%20UNHCR&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=%2F&el=75%25&_u=aGDACEABBAAAAG~&jid=&gjid=&cid=589410312.1644423995&tid=UA-3754388-9&_gid=1788208001.1644423995&gtm=2wg270XT4L&z=524813978

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Feb 2022 10:06:50 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 22785
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 10ms
7ms Image
image/gif 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=750576586&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.unrefugees.org%2F%3Futm_medium%3Demail%26utm_cid%3D0031K0000387GhHQAU%26utm_source%3Du4u-appeal%26utm_campaign%3DUS_PS_EN_AFS_APPEAL___220209%26utm_content%3Dnewengagedsubs%26SF_onetime%3D7011K0000022YnAQAU%26SF_monthly%3D7011K0000022YnFQAU&ul=en-us&de=UTF-8&dt=How%20to%20Help%20Refugees%20%E2%80%94%20Aid%2C%20Relief%20and%20Donations%20%7C%20USA%20for%20UNHCR&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=%2F&el=100%25&_u=aGDACEABBAAAAG~&jid=&gjid=&cid=589410312.1644423995&tid=UA-3754388-9&_gid=1788208001.1644423995&gtm=2wg270XT4L&z=23910058

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Feb 2022 10:06:50 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 22785
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK c33294f5df Show response
bam-cell.nr-data.net/1/ 49 B
622 B 259ms
144ms Script
text/javascript 162.247.243.147
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/1/c33294f5df?a=90069622,1775549790,1744190278&v=1215.1253ab8&to=YQNTMBRRXxZTAkJZVlhJchEVRF4IHSdZQlRFJV4KEkJeCV4ERB9PXwNG&rst=3896&ck=0&ref=https://www.unrefugees.org/&ap=361&be=2668&fe=3813&dc=3472&perf=%7B%22timing%22:%7B%22of%22:1644423991877,%22n%22:0,%22f%22:697,%22dn%22:697,%22dne%22:737,%22c%22:737,%22s%22:892,%22ce%22:1051,%22rq%22:1051,%22rp%22:2643,%22rpe%22:2644,%22dl%22:2647,%22di%22:3472,%22ds%22:3472,%22de%22:3473,%22dc%22:3812,%22l%22:3812,%22le%22:3823%7D,%22navigation%22:%7B%7D%7D&fp=3197&fcp=3197&at=TURQRlxLTBg%3D&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1215.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.147 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Wed, 09 Feb 2022 16:26:36 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
access-control-allow-credentials: true
CF-Ray: 6dae75d65f475c7a-FRA

POST
H3 200 log Show response
play.google.com/ Frame AB65 131 B
155 B 47ms
42ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.mdHPulYeIkE.es5.O/am=DAAE/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfrjEccaga3GAGgSuXUJtwL-uGSmUig/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Wed, 09 Feb 2022 16:26:35 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Wed, 09 Feb 2022 16:26:35 GMT

OPTIONS
H2 200 logger
www.sandbox.paypal.com/xoplatform/logger/api/ Frame 0
0 298ms
157ms Preflight 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sandbox.paypal.com/xoplatform/logger/api/logger

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.unrefugees.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://www.unrefugees.org
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: 18f84f164fdad
x-content-type-options: nosniff
accept-ranges: none
via: 1.1 varnish, 1.1 varnish
content-encoding: br
date: Wed, 09 Feb 2022 16:26:36 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-fra19140-FRA, cache-hhn4039-HHN
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1644423996.895210,VS0,VE151
vary: accept-encoding
server-timing: content-encoding;desc=br

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 41ms
20ms XHR
text/plain 2a00:1450:400c:c07::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-3754388-9&cid=589410312.1644423995&jid=1644690431&gjid=645703752&_gid=1788208001.1644423995&_u=aGDACEABBAAAAG~&z=365832867

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 09 Feb 2022 16:26:35 GMT
content-type: text/plain
access-control-allow-origin: https://www.unrefugees.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 33ms
33ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3754388-9&cid=589410312.1644423995&jid=1644690431&_u=aGDACEABBAAAAG~&z=1683870895

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Feb 2022 16:26:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 49ms
32ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3754388-9&cid=589410312.1644423995&jid=1644690431&_u=aGDACEABBAAAAG~&z=1683870895

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.unrefugees.org/?utm_medium=email&utm_cid=0031K0000387GhHQAU&utm_source=u4u-appeal&utm_campaign=US_PS_EN_AFS_APPEAL___220209&utm_content=newengagedsubs&SF_onetime=7011K0000022YnAQAU&SF_monthly=7011K0000022YnFQAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Feb 2022 16:26:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

110 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

48 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.unrefugees.org/	1970-01-20 02:56:39	Name: _gcl_au Value: 1.1.1490820519.1644423995
.google.com/	1970-01-20 05:10:35	Name: NID Value: 511=Qphv1AOnXvjl4vLwT1sEN5Q-_sErZs9ksOUhHsPC9clgIz0HkFfcntqCaVpj5adwnk9aYlSR8IYNGXWm47tL3THmK0ArVpJH2pkK7Fc2pN6NsZiO3YZGAuy_J0WocM1dNRhiTSTRkdy0g8Y5shcybGDDOf2DaDN5bBdBpF5-c80
.unrefugees.org/	1970-01-20 18:18:15	Name: _ga Value: GA1.2.589410312.1644423995
.unrefugees.org/	1970-01-20 00:48:30	Name: _gid Value: GA1.2.1788208001.1644423995
.unrefugees.org/	1970-01-20 00:47:04	Name: _dc_gtm_UA-1473340-18 Value: 1
.unrefugees.org/	1970-01-20 00:47:04	Name: _dc_gtm_UA-3754388-9 Value: 1
.bing.com/	1970-01-20 10:08:39	Name: MUID Value: 2D58530A058F631C05D4424C045D62C8
.quantserve.com/	1970-01-20 10:17:18	Name: mc Value: 6203eb3a-cdbad-1e902-bc9af
.unrefugees.org/	1970-01-20 02:56:39	Name: _fbp Value: fb.1.1644423994853.1225467834
.unrefugees.org/	1970-01-20 10:11:32	Name: __qca Value: P0-47956794-1644423994819
.facebook.com/	1970-01-20 02:56:39	Name: fr Value: 0GpNBW77iGO2gTMmg..BiA-s6...1.0.BiA-s6.
.yahoo.com/	1970-01-20 09:33:01	Name: A3 Value: d=AQABBDrrA2ICEMrrQeI06uszDSR4CsJpJikFEgEBAQE8BWINYgAAAAAA_eMAAA&S=AQAAAji2PgjaEQF8_kGruMEyMu4
www.tfaforms.com/	1970-01-20 00:57:08	Name: AWSALBTGCORS Value: bkM1Dg3M+miRhVqkiUyIEUK+CG1XewJxATYawETuhtSL9I4hjlppHrNSIOa7d2inTTG7xAWIerAMDU3iyP+7axYum5KyuPTLdnu1ErxVCZlw1oFZz9Puf4EqZxgP/yt6a0k2gPVbcsuQdfb9hRaKsfloWKtlAcW99CzCMlG5Tixk
www.unrefugees.org/	1970-01-20 18:18:15	Name: _tq_id.TV-63728109-1.cc0b Value: 981cfbfda8f8a344.1644423995.0.1644423995..
.unrefugees.org/	1970-01-20 00:48:30	Name: _uetsid Value: 0c8b8cd089c511ecbdc88b2c3945e395
.unrefugees.org/	1970-01-20 10:08:39	Name: _uetvid Value: 0c8b796089c511ecafba3326333150b0
www.unrefugees.org/	1970-01-20 00:57:08	Name: AWSALB Value: h7Db9jJdw1KAmWEGrA7/QW93kpBdMld0BphOH+tE2z3V0MVEZoyYuAMf5+SREKU8zmGd7X0RhfIyptBSmcHg1NEjPG/OjzMWn7Tv4fBHwsnJLSp5rNuZ5FsQrNP/
www.unrefugees.org/	1970-01-20 00:57:08	Name: AWSALBCORS Value: h7Db9jJdw1KAmWEGrA7/QW93kpBdMld0BphOH+tE2z3V0MVEZoyYuAMf5+SREKU8zmGd7X0RhfIyptBSmcHg1NEjPG/OjzMWn7Tv4fBHwsnJLSp5rNuZ5FsQrNP/
.rfihub.com/	1970-01-20 10:08:39	Name: rud Value: H4sIAAAAAAAAAOMSNjU0NjExNTUxMjA2sjAxsTA0MhLiM9Q1dA0q1zXPCDRPiSiR4jU0MzExMTK2tDQ1sTQFAMGhSm80AAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjU0NjExNTUxMjA2sjAxsTA0MhLiM9Q1dA0q1zXPCDRPiSgBAKMUX5AlAAAA
.doubleclick.net/	1970-01-20 10:08:39	Name: IDE Value: AHWqTUnEkQRz_ZoasNulWJtua7KQaBPszBWPeIrp3mDYxIxWgJP_svhzJ47XFlf770E
.turn.com/	1970-01-20 05:06:15	Name: uid Value: 2610051117685486147
.rlcdn.com/	1970-01-20 09:32:39	Name: rlas3 Value: JO8ygaXMofQzGJfjyBO71ZsTZ5wAZpNs4LQDkwIoYdU=
.adnxs.com/	1970-01-20 02:56:39	Name: uuid2 Value: 4798124327801960029
.eyeota.net/	1970-01-20 00:47:04	Name: SERVERID Value: 17643~DM
.media.net/	1970-01-20 09:32:39	Name: visitor-id Value: 2874255957578661000V10
.media.net/	1970-01-20 09:31:13	Name: data-rk Value: 5134455420328448122~~3
.demdex.net/	1970-01-20 05:06:15	Name: demdex Value: 92006035674552900050148142715336445915
.casalemedia.com/	1970-01-20 09:32:39	Name: CMID Value: YgPrO1wH3rmWf06Gun2mRgAA
.casalemedia.com/	1970-01-20 02:56:39	Name: CMPS Value: 3236
.adnxs.com/	1970-01-20 02:56:39	Name: anj Value: dTM7k!M4/YErk#WF']wIg2Iljh5:e0!]tbPl1MNu::wpAk`W>$e8P3Xe8tfLfQTr9dY0DuD2'+1%$G7d!AXTO:4=sB!'ALR6@3%_
.dpm.demdex.net/	1970-01-20 05:06:15	Name: dpm Value: 92006035674552900050148142715336445915
.spotxchange.com/	1970-01-20 09:32:43	Name: audience Value: 0cbd8b4d-89c5-11ec-857d-1ac857eb0106
.casalemedia.com/	1970-01-20 02:56:39	Name: CMPRO Value: 1150
.casalemedia.com/	1970-01-20 09:32:39	Name: CMRUM3 Value: 396203eb3b27605134455420328448122
.casalemedia.com/	1970-01-20 00:48:30	Name: CMST Value: YgPrO2ID6zsA
.bidswitch.net/	1970-01-20 09:32:39	Name: tuuid Value: 44df30aa-0252-411f-bb22-afe058fba4c1
.bidswitch.net/	1970-01-20 09:32:39	Name: c Value: 1644423995
.bidswitch.net/	1970-01-20 09:32:39	Name: tuuid_lu Value: 1644423995
.rezync.com/	1970-01-20 05:05:47	Name: zync-uuid Value: 61993616-2be5-4c5a-a750-ff87930439f0:1644423995.66
live.rezync.com/	1970-01-20 05:06:15	Name: sd-session-id Value: .eJwVy0ELgjAYgOG_Et_Zw5wbiNAh0Eu0DcmSdZGyQZtuhZsEE_97dnzheRfoPmqyd6dcgCJMs0qgH_VWHooFvI5WDVAATTNCKCUYZTgnJE8xhjUBr7zXb9fp51_vHpvkpqKiYZg1MjB7HPkZIRmvr1NbZbw5hJuVhMchsrKOopVfYSrMyxoxw7bvMnMj97CuP5C8MHI.FOV8uw.Q8E81TtDGsssLvoguOf2YStsmfs
.unrefugees.org/	1970-01-20 00:47:04	Name: _gat_UA-3754388-9 Value: 1
.rlcdn.com/	1970-01-20 02:13:27	Name: pxrc Value: CLvWj5AGEgYIuuoBEAA=
.krxd.net/	1970-01-20 05:06:15	Name: _kuid_ Value: OpwqVgfS
.everesttech.net/	1970-01-20 09:32:39	Name: everest_g_v2 Value: g_surferid~YgPrOwAE9GVBgABB
.rfihub.com/	1970-01-20 10:08:39	Name: smd Value: H4sIAAAAAAAAAOPiNTQzMTExMra0NDUztDBCcM0MDI0BO1x1pR4AAAA
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAAAOOSMXR2dA129anwL0n2MNItL8p1jfBMN3IPKQ_xT1biVIl38o4PDfV0WcUoEJkeUORf7uhq6R7mlO7o5NTEYmRmaGlpbGZopmuUlGqqa5JsmqibaG5qoJuWZmFuaWxgYmyZZmBlaGZiYmJkbGlpqmdmBgCHrYfwcQAAAA
.rfihub.com/	1970-01-20 10:08:39	Name: eud Value: H4sIAAAAAAAAAOOSMXR2dA129anwL0n2MNItL8p1jfBMN3IPKQ_xT1biVIl38o4PDfV0CeI1NDMxMTEytrQ0NTM0z0LimlsYz2JE4ptYWq5C459C479C4_9C409iQuXPQuMvQuOvQuNvQuPvQlfPgsq_hcZfxCoQmR5Q5F_u6GrpHuaU7ujktIoVocTMwNBoEyuaFdxoXkLjTxI2MjO0tDQ2MzTTNUpKNdU1STZN1E00NzXQTUuzMLc0NjAxtkwzsEJo0jMzmyWMHM6mJouEUQ19hMYHANte8JnPAQAA

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-XT4L(Line 82) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-XT4L(Line 82) Message: Unrecognized feature: 'conversion-measurement'.
network	error	URL: https://www.unrefugees.org/img/search-icon.png Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://www.unrefugees.org/media/1534/yemen-rf246329-1440x700-v2.jpg Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://www.unrefugees.org/media/5thloe13/ethiopialist.png Message: Failed to load resource: the server responded with a status of 403 ()
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
network	error	URL: https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20668909p.rfihub.com
20826429p.rfihub.com
4647326.fls.doubleclick.net
a.rfihub.com
aa.agkn.com
ad.doubleclick.net
adservice.google.com
adservice.google.de
bam-cell.nr-data.net
bat.bing.com
beacon.krxd.net
bpi.rtactivate.com
bs.serving-sys.com
c1.rfihub.net
cdn.plyr.io
cdn.unrefugees.org
click.e.unrefugees.org
cm.g.doubleclick.net
code.jquery.com
collector-3219.tvsquared.com
connect.facebook.net
contextual.media.net
d6tizftlrpuof.cloudfront.net
dpm.demdex.net
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
ib.adnxs.com
idsync.rlcdn.com
js-agent.newrelic.com
live.rezync.com
p.rfihub.com
p.typekit.net
partners.tremorhub.com
pay.google.com
pixel.quantserve.com
pixel.rubiconproject.com
play.google.com
ps.eyeota.net
r.turn.com
rules.quantcount.com
s.yimg.com
secure.quantserve.com
sp.analytics.yahoo.com
stags.bluekai.com
static-na.payments-amazon.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.search.spotxchange.com
use.typekit.net
w.usabilla.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.paypal.com
www.sandbox.paypal.com
www.tfaforms.com
www.tp88trk.com
www.unrefugees.org
x.bidswitch.net
x.dlx.addthis.com
104.111.215.191
13.111.228.216
13.32.121.9
13.32.99.105
142.250.185.230
142.250.186.98
151.101.130.49
151.101.193.21
151.101.66.137
162.247.243.147
172.217.23.98
18.168.101.220
18.185.129.178
18.209.73.183
18.66.112.6
184.73.169.224
185.33.221.50
185.94.180.125
193.0.160.128
2001:4de0:ac18::1:a:1b
2001:678:cb4:bbbb::11
212.82.100.181
23.58.216.132
2600:1f18:612b:4200:43f8:c79a:f116:17d6
2600:9000:223c:400:1:76cf:fe80:93a1
2600:9000:223c:cc00:6:44e3:f8c0:93a1
2606:4700:3038::6815:e9dd
2620:116:800d:21:f916:5049:f87f:108e
2620:1ec:c11::200
2a00:1288:80:800::7001
2a00:1450:4001:808::200e
2a00:1450:4001:80f::2002
2a00:1450:4001:810::200e
2a00:1450:4001:811::200a
2a00:1450:4001:813::2003
2a00:1450:4001:827::2003
2a00:1450:4001:82b::2002
2a00:1450:4001:830::2002
2a00:1450:4001:831::2004
2a00:1450:4001:831::2008
2a00:1450:400c:c04::5c
2a00:1450:400c:c07::9d
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a03:5f80:a::b212:e7c0
3.125.70.222
3.126.65.212
3.20.2.247
34.248.81.51
35.190.72.228
35.244.174.68
52.215.247.247
52.222.206.77
52.35.28.98
54.76.200.156
69.173.144.165
72.247.225.98
0217bbd76b7c809dc313b5f1ebdf49df8ee81f23a7d258aec05464b64489ccd1
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
087eea56d7a820a2a7a9c182616af459f127761730aeeff62c1ca82706ac02c8
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
10354e9bc6b485028971a1f58fccff5c89d722db324d42bc07963aab24ebb956
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11d6ea186a1d04e895bcef528762f8da172a4d32fa8cbe76a6128f8bf31a4d92
1238053d32c5a1eb266998fa9d6a2198764f767dc7347c3fcdf2ef632f21aa9d
18395fd1ef75de4f03f701f5a5020563aed55e1539b3200605053f2c924211bb
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1d8bf1bc8d407357c006ef518e1698c92a0f337a7c921badee75b110d26ede5e
1fe8f1d182e47ae6bd7e9068d96091065be45050baa44cc128f09e9ff5dc0fc6
23543aaa71824cc6fee0e06935013bab69df682ebc05c606472875c9a9a932bb
25eb1f1d3cccbbb7f019e32423d5ebcb6c8d1a10efd0cf2dcc1bcd318e1229a0
27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8
3d28231f9ef22d1dda3eda53efba92cebd5a9f34a7d311282bb580751e1dda7e
465ecd3c27cf42a3309af6bda6e2b8c4b9cb7a78788908904e0d6761a2c3102a
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d309da2d949bae921ce9aed5bdf4a3a573ad19b65d68b0a26019099942134b6
4e74f30aab7e2ab9f2cd2a85f86eba31c7a3c43ccd0cd363d54e7c1590737633
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
53e973a71dbbd98dc8572115b4a939b3343f7406ea7f918bc8701cd92e890084
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
58b1c5188f3f612e010e0c548763600ff7391f70ca402bba5c1e64b56f410b70
63158f73aa9f4d442cf349762c6beac9fcf35c14c3376888e728164acfde3b86
65e90b740fdb2583cfb936a595677e199e81061439dc0f8485b76989fb98b4ae
6bfbae61daf6218548d35bd824d5299e6f0517f156050c302ddd83fa0e8abdc8
6e999e3af5a4c58ac36f37d566a9c23f9ff35d83a0240c66bf9deab84012fa47
79b01ab4e87c171373b7dc0bdc6baca3ad28a209312cb36076458f72fc4aff3a
7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f
7f45561bf0d66a19b97fd29c28ffec442d6a8ff6bd65d32aa0d1ad39e9505b39
809e7747623ab9ba5cab02ec3efeaff9a5e5373be0b0c550e7e186f6f072319c
81f701abbdb3dcd7318338357add41af96a3b776549dc928c4703cf1cf9f2ffe
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8608c7129a24079dd332403d0aef583dcefdf0bfc02914d626a6559a3ac049ad
90b232dae4b3477832ee21493d7558ace8cf6e9b8bc97f9c552f301da013f1da
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
938b90214bc1f765b4dd29ea2151b05b5464669aedec8fb00d853383b3d204ff
947400cb0578d5d44becd19f25d99de0e786a8f7e251ffb284c10430c2e67865
974bbcde9b2a24d0afc97b45967991edc77a5db2e3a3de635a439d9a74f5e98f
98b1c4017864eb68976f5c3d4155a59dd7281943f5d6fedb415f13bb642cfdc3
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9edac5450266edb6ba2574395f8d447ad0e27942e35f79c5d6aa2a4b7ea4eb88
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2c8cc38927a639c484917bb7b9bd7a2aac9aa68b3f7b0d1b41f3176cf98b7a7
a463aa6666ce0abcabf8033013cfe881fdbfb570389aff471d400a45b3a496d4
a90a37b16f59cad1391c47c105c2b80d3691fc5c7608f05c607b0b1d576beb8a
abb49f99cde4315e7ad50087b6a1888b1d6e0db45625f351904fac2b1879ecf7
acc5ebfcb5847578dcf7a30b569096b3115e8208f0c854259e31ea263bd80bc5
afcf054c4bdad4ed68c4375aa7b5dcfd85cb4590f0acb277a2ea8c10c5cf9855
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b236dccee1a0d5280842bdff52b4005e2b0c9ee5d74a15db3e939c53306576d3
b2691aa6e8dff80c0760181397a93de4b7da5706594bb540ab430095109a889a
bb7ae1c4a852bbcaf95cf4fbf9a6a4fe490aae2f92d7aa3e47762b9157ea67aa
c54008cfaffe2e6442ed8bfedc1c3511572980a7af2796ff3a76fedd5d4d1fba
c924e4d5c75051b47649ba7b88f37f25029abcd64589cd28816325ad1a588c02
cc41b89e82e346d38089fb2b430ff6c1864aa655f0c5003abc35d45d8b7bb1f0
ce6098e1afbd9b04a3051d80e7ed6951ce80e59330bc66f74df78a71b2705a2c
cf433967630e3b8fd9649647332e341b65937350b65ae3bfb40504cb0f905cfb
d3a35f1db89ef3b3ad3fbc86d2f8b5364493585607081d4061f4c584bb3fde3c
d55cd9131676d4923270ebe7fccb46bbd0f7eba44afc226216746a733c29db97
d5ce31b0fd3a4db6853d139bc58df72f45f6ad8c19c79ce314644f881ce8df8e
d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
dbb41fc26e922bc2a1c4fb2d9d2482c11e0daa616fea96c53449312ef81520a2
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dfed159907574337d5a3198b898e17e6f0d6c5c325d8ee2fd2343b7cddb34994
dfedadffda8019e48ebb1eec7f7302dad8e418c42f8cbb66f90e31a5f097b043
e2324ad785ba5747059f48d4790a7783d6a85b04ca91d3312af124e1fb254136
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e75598ce87e63a50d9bed385cf067f9a37d958b483170d32fed8ff63fda68252
e9027cbc9f2efbff37e09740f41c16a1ffd89eae8f1555f6a5955d3198d9c31d
e9a096ea993d41984504d287daa350470a8d4127016369c337d4b593f7268883
ebc6ea0f875078e989460766ea6ae585b43650cb2408daf4183e72a4101881f0
ee9c9d2a2b78f7f91df184e055f4a530db5430b87e6d14f23760af76020e32ee
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c71e3da5b3fcab3c66af1cf0cdbf262c97b9330b7b37116f1ae2ab18bdc660
f7d583ab492d692f32365a861acac4b6c3cc0d1b31d692c4d42bcf5f2a6c2e44
fd8c794bb43e5220596bc1c5d50f865268cd2655c86f0d3175875d7e1c3afcc6
fee5261115f988bf5b121a1b753e0bcc4afe1dd870926c68be6d629a8433bc37
ffeab3a1d59ae10875aae8b0ac7b8a4c74012f6bc36abe3fb620eaa9636f8f84

www.unrefugees.org Open in urlscan Pro 52.35.28.98 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

132 Requests

80 %HTTPS

42 %IPv6

49 Domains

66 Subdomains

53 IPs

7 Countries

3730 kBTransfer

6644 kBSize

48 Cookies

8 Outgoing links

Page URL History

Redirected requests

132 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.unrefugees.org Open in urlscan Pro
52.35.28.98 Public Scan

Screenshot
Live screenshot

Full Image

132
Requests

80 %
HTTPS

42 %
IPv6

49
Domains

66
Subdomains

53
IPs

7
Countries

3730 kB
Transfer

6644 kB
Size

48
Cookies

132 HTTP transactions
0 data transactions