paypalfee.marketing00.com Open in urlscan Pro
2606:4700:3035::ac43:9317 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://paypalfee.marketing00.com/
Submission Tags: @phishunt_io
Submission: On April 01 via api (April 1st 2021, 9:18:01 pm UTC) from ES

Summary HTTP 95 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 18 IPs in 2 countries across 13 domains to perform 95 HTTP transactions. The main IP is 2606:4700:3035::ac43:9317, located in United States and belongs to CLOUDFLARENET, US. The main domain is paypalfee.marketing00.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 4th 2020. Valid for: a year.

This is the only time paypalfee.marketing00.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
22	2606:4700:303... 2606:4700:3035::ac43:9317	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
9	2600:9000:212... 2600:9000:2127:3e00:3:c04e:c780:93a1	16509 (AMAZON-02) (AMAZON-02)
11	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
1	2600:9000:212... 2600:9000:2127:e00:c:a9b7:ddc0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	3.213.224.136 3.213.224.136	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
2	3.122.26.231 3.122.26.231	16509 (AMAZON-02) (AMAZON-02)
1	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
18	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
95	18

22 2606:4700:3035::ac43:9317 (United States)

ASN13335 (CLOUDFLARENET, US)

paypalfee.marketing00.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2600:9000:2127:3e00:3:c04e:c780:93a1 (United States)

ASN16509 (AMAZON-02, US)

ws.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2127:e00:c:a9b7:ddc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.sharethis.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.213.224.136 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-213-224-136.compute-1.amazonaws.com

count-server.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.122.26.231 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-26-231.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	350 KB
22	marketing00.com paypalfee.marketing00.com	76 KB
12	sharethis.com ws.sharethis.com count-server.sharethis.com l.sharethis.com	75 KB
10	doubleclick.net googleads.g.doubleclick.net	77 KB
6	gstatic.com www.gstatic.com fonts.gstatic.com	106 KB
4	googletagservices.com www.googletagservices.com	136 KB
3	google.com 1 redirects adservice.google.com www.google.com	1 KB
3	google-analytics.com www.google-analytics.com ssl.google-analytics.com	17 KB
2	googleapis.com fonts.googleapis.com	2 KB
2	google.de adservice.google.de	2 KB
1	googleadservices.com partner.googleadservices.com	643 B
1	consensu.org c.sharethis.mgr.consensu.org	1 KB
1	googletagmanager.com www.googletagmanager.com	49 KB
95	13

	Domain	Requested by
22	paypalfee.marketing00.com	paypalfee.marketing00.com
18	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
11	pagead2.googlesyndication.com	paypalfee.marketing00.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
10	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
9	ws.sharethis.com	paypalfee.marketing00.com ws.sharethis.com
4	fonts.gstatic.com	fonts.googleapis.com
4	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
2	www.gstatic.com	googleads.g.doubleclick.net
2	fonts.googleapis.com	googleads.g.doubleclick.net
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	l.sharethis.com	ws.sharethis.com paypalfee.marketing00.com
2	ssl.google-analytics.com	paypalfee.marketing00.com
1	www.google.com	1 redirects
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	count-server.sharethis.com	ws.sharethis.com
1	c.sharethis.mgr.consensu.org	ws.sharethis.com
1	www.google-analytics.com	www.googletagmanager.com
1	www.googletagmanager.com	paypalfee.marketing00.com
95	19

This site contains links to these domains. Also see Links.

Domain
www.iondigital.co.uk

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-04` - `2021-08-04`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-03-11` - `2021-06-03`	3 months	crt.sh
sharethis.com Amazon	`2020-08-17` - `2021-09-16`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
sharethis.mgr.consensu.org Amazon	`2020-05-05` - `2021-06-05`	a year	crt.sh
*.googleadservices.com GTS CA 1O1	`2021-03-11` - `2021-06-03`	3 months	crt.sh
*.google.de GTS CA 1O1	`2021-03-11` - `2021-06-03`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-03-11` - `2021-06-03`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2021-03-11` - `2021-06-03`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-03-11` - `2021-06-03`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2021-03-11` - `2021-06-03`	3 months	crt.sh

This page contains 13 frames:

Primary Page: https://paypalfee.marketing00.com/
Frame ID: DC2BCE28CA5F51D2B8649B0188E99013
Requests: 48 HTTP requests in this frame

Frame: https://c.sharethis.mgr.consensu.org/portal-v2.html
Frame ID: 76A1D9EA65EFAED19F7DCA0AABE32F2F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210329/r20190131/zrt_lookup.html
Frame ID: 2A76CC9BDF07EECC0902BC80A7DBFA31
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=1814734761&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864019&bpp=23&bdt=784&idt=90&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=8548972172354&frm=20&pv=2&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=258&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=eWC1nnWFcr&p=https%3A//paypalfee.marketing00.com&dtd=109
Frame ID: 918CD84D0D11D0B4FD590908F3ABD6C3
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=3753841676&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864042&bpp=4&bdt=808&idt=95&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1170x280&correlator=8548972172354&frm=20&pv=1&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=789&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=NYd2OOBSsH&p=https%3A//paypalfee.marketing00.com&dtd=98
Frame ID: 8FC3E7382F2C30081F13FC84FC528BEF
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=1357065426&adf=1839787983&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864046&bpp=1&bdt=812&idt=97&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1170x280%2C1170x280&correlator=8548972172354&frm=20&pv=1&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=1349&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=cvWnlwF4YG&p=https%3A//paypalfee.marketing00.com&dtd=100
Frame ID: 649B9598D128ABC25A810C1DF9696E32
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&adk=1812271804&adf=3025194257&lmt=1617296961&plat=1%3A32776%2C2%3A16809992%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&ea=0&flash=0&pra=7&wgl=1&dt=1617311864253&bpp=1&bdt=1019&idt=1&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1170x280%2C1170x280%2C1170x280&nras=1&correlator=8548972172354&frm=20&pv=1&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=4&uci=a!4&fsb=1&dtd=7
Frame ID: 177821EBF97B1674D9E58128E7E00071
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 3CCF017910D29A38A3703F13463360E0
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/71hr94SUjmI4WsmVKl_xSF-LeUxrKTKLcbZwOLomvE8.js
Frame ID: 203E29EDC9AEDD569A5FCEA5370C687D
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/71hr94SUjmI4WsmVKl_xSF-LeUxrKTKLcbZwOLomvE8.js
Frame ID: 140DA19BD69592926A62709BE49CA093
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/71hr94SUjmI4WsmVKl_xSF-LeUxrKTKLcbZwOLomvE8.js
Frame ID: 1D4B5BFCAAA991E346D8B38DF53277EF
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: C3928C89AD28F8BCB73C0E286705B785
Requests: 2 HTTP requests in this frame

Frame: https://ws.sharethis.com/secure/index.html
Frame ID: 874627F32E2200FEF42C25652F590D3E
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

95
Requests

100 %
HTTPS

83 %
IPv6

13
Domains

19
Subdomains

18
IPs

2
Countries

892 kB
Transfer

2146 kB
Size

12
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://www.iondigital.co.uk/make-contact
Title: Get in touch and let us know!

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 74

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

95 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
paypalfee.marketing00.com/ 12 KB
4 KB 522ms
491ms Document
text/html 2606:4700:3035::ac43:9317
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paypalfee.marketing00.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9317 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7600f69930a0136d01e0834a208b51ece9f4ea6f6cd4e571630e67ac043175e6

Request headers

:method: GET
:authority: paypalfee.marketing00.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:43 GMT
content-type: text/html
set-cookie: __cfduid=d1fa9afffe9f07fe95f1d236c79ef2bce1617311862; expires=Sat, 01-May-21 21:17:42 GMT; path=/; domain=.marketing00.com; HttpOnly; SameSite=Lax; Secure
last-modified: Thu, 01 Apr 2021 17:09:21 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
cf-request-id: 0930e5a7d700004edad13fd000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VSLQNd23Y578Pv3zaCctwbghOpBQVCfX9ufKC3DFnTyqRugZgvLNkphCSHROHNKRrY%2Fz%2BgxAL6DoQCyf3m3FLs7vHxYcpRev3YmFQsEBIVfkRMnO3s6j6AbgPO%2Fd6YXQtqIjl8Z4"}],"max_age":604800}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 6394d8862d024eda-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 128 KB
49 KB 26ms
25ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-XT16K0J2CN

Requested by

Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4e12379ade64a4083dcc185893648da9ff6d6eea3dd7e320b70c724c8a4df2ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:43 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50315
x-xss-protection: 0
expires: Thu, 01 Apr 2021 21:17:43 GMT

GET
H2 200 bootstrap.css
paypalfee.marketing00.com/assets/css/ 115 KB
16 KB 629ms
628ms Stylesheet
text/css 2606:4700:3035::ac43:9317
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paypalfee.marketing00.com/assets/css/bootstrap.css
Requested by: Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9317 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f11e015f8f05a2c3027128f99a02a6b1fe38dad2c6da1166d25d29f1ab0041fc

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:43 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 15 Oct 2012 12:52:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HxStxpiWSTm3iZ3ASv%2FTHAVJInMvYmTOB1YJbfWcipf%2BMKwldt0BkdQJFh8yIiT4p%2FKkgte4ebot4zakqJHY7LL9lWe3p%2FH1UDpSOPNYLZCYI7VoTmqSAHe0ifBaH8%2BeptHPwDZC"}],"max_age":604800}
content-type: text/css
cache-control: max-age=31536000
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 6394d8893a754eda-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0930e5a9c700004eda5f16a000000001

GET
H2 200 bootstrap-responsive.css
paypalfee.marketing00.com/assets/css/ 21 KB
4 KB 496ms
495ms Stylesheet
text/css 2606:4700:3035::ac43:9317
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paypalfee.marketing00.com/assets/css/bootstrap-responsive.css
Requested by: Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9317 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d0a4ae8e65531cca528fee30ce95a7b57d6fff7f51da7c793fde7a7eef727af

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:43 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 15 Oct 2012 12:52:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ZM2K%2Bh18ya%2F7OjZ2goD7Lm%2FHY5XHI1OCJLNBLQ0%2FLKSuV7Xz9K97Uj21pD8Bp4HHyK3HzLbei1flXiBvXT2NuTyg1vmug4tO%2BXtBgk56lzyi2%2BgRaE%2BNh3kDPaFYTzLP0qrnYowo"}],"max_age":604800}
content-type: text/css
cache-control: max-age=31536000
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 6394d8893a774eda-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0930e5a9c900004eda9baa8000000001

GET
H2 200 buttons.js Show response
ws.sharethis.com/button/ 59 KB
17 KB 35ms
12ms Script
application/javascript 2600:9000:2127:3e00:3:c04e:c780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.sharethis.com/button/buttons.js
Requested by: Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:3e00:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 101952754cb8c2ae6e1b8b8cba16dc2a9b47e6e808bd563a8b87d0561daf7d85

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 07:09:04 GMT
content-encoding: gzip
server: nginx/1.16.1
age: 137319
etag: W/"60256fd0-eabe"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 7bb80b5d9f75710222feac15033d6af0.cloudfront.net (CloudFront)
cache-control: max-age=259200
x-amz-cf-pop: PRG50-C1
x-robots-tag: noindex, nofollow
content-length: 16639
x-amz-cf-id: tDThwxn2zUVnNZy8npR1J8bzPPcb__eRcuSfJjT54l2H-RvhjYdGvw==
expires: Sat, 03 Apr 2021 07:09:04 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 133 KB
47 KB 48ms
27ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

87f8949474cd91befeb181b57d5a23ed43de14241d24de3f671b36eedb7c4d32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47705
x-xss-protection: 0
server: cafe
etag: 5069928187734612852
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 01 Apr 2021 21:17:43 GMT

GET
H2 200 united_kingdom.png
paypalfee.marketing00.com/images/ 5 KB
5 KB 499ms
490ms Image
image/png 2606:4700:3035::ac43:9317
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paypalfee.marketing00.com/images/united_kingdom.png
Requested by: Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9317 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d19e9869c67840bd1ff3c4e8cb3148cdf8e422d69e4f7c9844f5611bafa0087

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:44 GMT
cf-cache-status: MISS
last-modified: Mon, 15 Oct 2012 12:52:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=icnkfEqjj5V7TJ2iVTedT2wcWkwJK6bWy%2FMnyd9F9adpV%2BMwRyplregbktoaNDd5rUs9UN%2Fy830LmnndNTo306%2Fiasm7zrLjT0GX40hZ3OdU9V%2FlsJ0v0w9bt5MKGZKaJNM57m5y"}],"max_age":604800}
content-type: image/png
cache-control: max-age=31536000
nel: {"max_age":604800,"report_to":"cf-nel"}
accept-ranges: bytes
cf-ray: 6394d88d49054eda-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5224
cf-request-id: 0930e5ac4d00004edaa91e0000000001

GET
H2 200 europe.png
paypalfee.marketing00.com/images/ 3 KB
4 KB 502ms
494ms Image
image/png 2606:4700:3035::ac43:9317
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paypalfee.marketing00.com/images/europe.png
Requested by: Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9317 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cb281b0e1f408f4ffd6a57ce673b411be53b0093943fccdad6c7a7284320aebf

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:44 GMT
cf-cache-status: MISS
last-modified: Mon, 15 Oct 2012 12:52:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=FpWhaZoHSMN3c9fYUpsHU%2Fu%2BEqNCuUeZAfLysGsGZGyLwYCsTlOxWR7fPso6PkePgIQGOvIIO7S1fauLHWAFaIQaVuXT7rNyH9SJRgA4cyj7gbj9VZepQmXkl9Gr7gyH6ahQuHpF"}],"max_age":604800}
content-type: image/png
cache-control: max-age=31536000
nel: {"max_age":604800,"report_to":"cf-nel"}
accept-ranges: bytes
cf-ray: 6394d88d49064eda-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3320
cf-request-id: 0930e5ac4d00004eda7081a000000001

GET
H2 200 france.png
paypalfee.marketing00.com/images/ 2 KB
2 KB 515ms
507ms Image
image/png 2606:4700:3035::ac43:9317
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paypalfee.marketing00.com/images/france.png
Requested by: Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9317 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19b65f020303c310df947f1d58ba0e929bc864afaa3ef771442deedebf7e6c62

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:44 GMT
cf-cache-status: MISS
last-modified: Mon, 15 Oct 2012 12:52:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=P46H59gYa64nHwvjkiZcXPhm5l17QvmMZV9qY%2FP3PqkXy3yR6zE%2BZ%2FxxnyIXeGCKbcP8b8CohhMMQZNAYCd21%2FRxQuVKoK5RordhlGytziKU6tCPQKNLa0Vuvc3%2B%2BPkWiEiY15ho"}],"max_age":604800}
content-type: image/png
cache-control: max-age=31536000
nel: {"max_age":604800,"report_to":"cf-nel"}
accept-ranges: bytes
cf-ray: 6394d88d49074eda-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1851
cf-request-id: 0930e5ac4d00004edac3254000000001

GET
H2 200 germany.png
paypalfee.marketing00.com/images/ 2 KB
2 KB 490ms
482ms Image
image/png 2606:4700:3035::ac43:9317
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paypalfee.marketing00.com/images/germany.png
Requested by: Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9317 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16a8755db87a5d15fddb7c8270d41c3e880c257cbd7df6fa1b1fd328b9e68222

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:44 GMT
cf-cache-status: MISS
last-modified: Mon, 15 Oct 2012 12:52:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YlSSOW%2BiNduZs9HeYxkbSDmgJPO4EIbUxkJ6QgHiNOFBIsGULRfWxG3S%2FI0Q9UBqHdqkr8gHEU9n%2F1wUE6pY%2FXIb526Cluiv%2BgtDEhNXXXWcy0Pgv2q5kVEdubv546SivkxhZHjd"}],"max_age":604800}
content-type: image/png
cache-control: max-age=31536000
nel: {"max_age":604800,"report_to":"cf-nel"}
accept-ranges: bytes
cf-ray: 6394d88d49084eda-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1729
cf-request-id: 0930e5ac4e00004edaab9b9000000001

GET
H2 200 australia.png
paypalfee.marketing00.com/images/ 3 KB
4 KB 502ms
494ms Image
image/png 2606:4700:3035::ac43:9317
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paypalfee.marketing00.com/images/australia.png
Requested by: Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9317 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cfcca01915ce5b1a6974a09ae4003930198ef2de8a7ede967620b0a6ccafca09

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:44 GMT
cf-cache-status: MISS
last-modified: Mon, 15 Oct 2012 12:52:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1MOh%2BY9NSDkSECgDnGPV7vf5s7%2FNBD22wBoLKPZaHkakqDNZg0UFNGLPOOOMKWYUbdQYiAgORMjaIFDuQI%2Bl5RXBVW6WFG67bw7NTltrmi59TgqbWayyPk1m%2FJOTPEax87lEb1Mp"}],"max_age":604800}
content-type: image/png
cache-control: max-age=31536000
nel: {"max_age":604800,"report_to":"cf-nel"}
accept-ranges: bytes
cf-ray: 6394d88d490f4eda-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3447
cf-request-id: 0930e5ac5100004edabf0a8000000001

GET
H2 200 new_zealand.png
paypalfee.marketing00.com/images/ 3 KB
4 KB 506ms
498ms Image
image/png 2606:4700:3035::ac43:9317
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paypalfee.marketing00.com/images/new_zealand.png
Requested by: Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9317 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8fa871558ae92fb5f123fd4e700653029756806403abeb67139b1393b74f7643

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:44 GMT
cf-cache-status: MISS
last-modified: Mon, 15 Oct 2012 12:52:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1%2FOaJx5YxcCdfP8Mc17Rqsb1BVRBdupit9V1Svp%2Fy%2Fsu8NDSg6o7FUWpwpu5b701wMJzzj7tyHQMHmYrhClg%2Bv7XNQ07kZyOOHI5RDqSPfkqOUreu2mMulUL4tgLlWoDSHrJtYtW"}],"max_age":604800}
content-type: image/png
cache-control: max-age=31536000
nel: {"max_age":604800,"report_to":"cf-nel"}
accept-ranges: bytes
cf-ray: 6394d88d49124eda-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3310
cf-request-id: 0930e5ac5100004eda5da5e000000001

GET
H2 200 czech_republic.png
paypalfee.marketing00.com/images/ 2 KB
2 KB 513ms
506ms Image
image/png 2606:4700:3035::ac43:9317
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paypalfee.marketing00.com/images/czech_republic.png
Requested by: Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9317 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f5d6bdecf5054cbf28f1453c28de0a19896d6971f50993f84f8e54ed015acc99

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:44 GMT
cf-cache-status: MISS
last-modified: Mon, 15 Oct 2012 12:52:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6P4%2FGrueYHhoS5DASa2rbwt8FpKCbTHgn5fUx8HEyFYcCN8ijXT9xcVVMb8WvXeAcXX31iyW5Mfxy6lSMUTF4OHVQV71FKxJp42%2FWX%2BoUv37WE2vTBiTBlmVg9ydTJwXwckHcpc0"}],"max_age":604800}
content-type: image/png
cache-control: max-age=31536000
nel: {"max_age":604800,"report_to":"cf-nel"}
accept-ranges: bytes
cf-ray: 6394d88d49144eda-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2130
cf-request-id: 0930e5ac5100004eda6a208000000001

GET
H2 200 hungary.png
paypalfee.marketing00.com/images/ 2 KB
2 KB 504ms
497ms Image
image/png 2606:4700:3035::ac43:9317
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paypalfee.marketing00.com/images/hungary.png
Requested by: Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9317 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a2fe12c41d069c9e7e05d1177d7e82c2761d29d0f48836b599795762715c9009

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:44 GMT
cf-cache-status: MISS
last-modified: Mon, 15 Oct 2012 12:52:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Gs84XAvEWPRCwUXI3FZYc%2FJzzuFmj%2FsUR6iVCW6OtLH3iqBMEv%2Fb0U0bgpQAddspGml%2FRAcnmAFA4z02l02AehrpXuRp4xHrA3yKL1B8mTG7Oj6A4HBvK14Z6pwjqUwCxA3E9bBt"}],"max_age":604800}
content-type: image/png
cache-control: max-age=31536000
nel: {"max_age":604800,"report_to":"cf-nel"}
accept-ranges: bytes
cf-ray: 6394d88d49154eda-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1618
cf-request-id: 0930e5ac5100004edabdb54000000001

GET
H2 200 poland.png
paypalfee.marketing00.com/images/ 1 KB
2 KB 505ms
498ms Image
image/png 2606:4700:3035::ac43:9317
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paypalfee.marketing00.com/images/poland.png
Requested by: Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9317 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 647d5c4d8f56c80b293be43484165e24d282f1107eb5b86153fafd0006248094

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:44 GMT
cf-cache-status: MISS
last-modified: Mon, 15 Oct 2012 12:52:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=nHfSpeybHh9Lzg%2F%2BlS342ZSpSS6sQycRYfJqahqSMbGi73yex0RQ0HtD8men0kAHkDK1nQkws7qq%2BLI8Xog1z%2FnN%2B0l5SDSSU6PE1luQqmc6QwS8O8B60daLWjqXtJvQ8dw7D%2BR6"}],"max_age":604800}
content-type: image/png
cache-control: max-age=31536000
nel: {"max_age":604800,"report_to":"cf-nel"}
accept-ranges: bytes
cf-ray: 6394d88d49164eda-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1353
cf-request-id: 0930e5ac5200004edad7328000000001

GET
H2 200 denmark.png
paypalfee.marketing00.com/images/ 2 KB
2 KB 494ms
487ms Image
image/png 2606:4700:3035::ac43:9317
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paypalfee.marketing00.com/images/denmark.png
Requested by: Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9317 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 831217af2ead632b1820052f596cfd4e01d4a0609d1119a0788a6e6fad0b25dc

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:44 GMT
cf-cache-status: MISS
last-modified: Mon, 15 Oct 2012 12:52:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=v%2F6VyxUjXjkHRCmsry0OStpv8tJ5Hk%2BFeURr%2Bps9tEy0P2VqBeEmDAZIjupQ0ebpzHqGljy1d9HlfkcdU1kWKNPPoeUZ%2Bxfw%2FeE0qzNzWY0HWaeAuAjuOHojcLHhzIPWjK6CFd4L"}],"max_age":604800}
content-type: image/png
cache-control: max-age=31536000
nel: {"max_age":604800,"report_to":"cf-nel"}
accept-ranges: bytes
cf-ray: 6394d88d49174eda-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1803
cf-request-id: 0930e5ac5200004eda58087000000001

GET
H2 200 norway.png
paypalfee.marketing00.com/images/ 2 KB
2 KB 496ms
489ms Image
image/png 2606:4700:3035::ac43:9317
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paypalfee.marketing00.com/images/norway.png
Requested by: Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9317 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a0df493831cf966e314dc378d6c75c6466408f532888aba6e629b86c950ad03

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:44 GMT
cf-cache-status: MISS
last-modified: Mon, 15 Oct 2012 12:52:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=p2ngF0i7j7iQiBKzfUmIHB0fHWX8Qkfb%2BQs7jVK4r06VaCbDAPMHK848PSF6X8eSg2LZXOzR8zRQFKXkzYD6bPkAovEoKdJUJnhZKByOk9%2BBzbAajK6kndk7ib6cnr8dQG8B7%2Bot"}],"max_age":604800}
content-type: image/png
cache-control: max-age=31536000
nel: {"max_age":604800,"report_to":"cf-nel"}
accept-ranges: bytes
cf-ray: 6394d88d49184eda-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2012
cf-request-id: 0930e5ac5200004edaa105f000000001

GET
H2 200 sweden.png
paypalfee.marketing00.com/images/ 2 KB
2 KB 518ms
512ms Image
image/png 2606:4700:3035::ac43:9317
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paypalfee.marketing00.com/images/sweden.png
Requested by: Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9317 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e819a05c11de8156efd880b0c9c3e1d2d905cc9add30b42948365b6a63ce102

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:44 GMT
cf-cache-status: MISS
last-modified: Mon, 15 Oct 2012 12:52:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dyTUNnDlBE%2Fxc1jfs70v%2B12aXBKwDETMF8l07cQGqyg7lbVx7ezI%2BAcM8YoevjCJgpiV%2FU0AALcHfe8fczfxodoBFuAIBbYlR99XSso%2BKNC8VbV9iiAnksDMVhlnODZnuvtxw5ry"}],"max_age":604800}
content-type: image/png
cache-control: max-age=31536000
nel: {"max_age":604800,"report_to":"cf-nel"}
accept-ranges: bytes
cf-ray: 6394d88d49194eda-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1970
cf-request-id: 0930e5ac5200004eda5f190000000001

GET
H2 200 switzerland.png
paypalfee.marketing00.com/images/ 2 KB
2 KB 519ms
513ms Image
image/png 2606:4700:3035::ac43:9317
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paypalfee.marketing00.com/images/switzerland.png
Requested by: Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9317 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e106fb45608552504afe498dd8aa78fdb0a7aa670333d6536935e4d755879ad

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:44 GMT
cf-cache-status: MISS
last-modified: Mon, 15 Oct 2012 12:52:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=hDzmnKIJPHI1BluTQjOQncuE%2F6C7VRc2CC2L8su1Wd1C3mIIdOohCADB%2BIIW5Udq6rIlm5Y%2FAgnwogZoHe6bEBE%2BBgANZsxG11ik1FpphW6q2Ek5lQge2t12I%2Ft5q9qXGuqzuq5m"}],"max_age":604800}
content-type: image/png
cache-control: max-age=31536000
nel: {"max_age":604800,"report_to":"cf-nel"}
accept-ranges: bytes
cf-ray: 6394d88d491b4eda-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1782
cf-request-id: 0930e5ac5300004eda94bbc000000001

GET
H2 200 singapore.png
paypalfee.marketing00.com/images/ 2 KB
3 KB 515ms
509ms Image
image/png 2606:4700:3035::ac43:9317
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paypalfee.marketing00.com/images/singapore.png
Requested by: Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9317 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 578ae20de50703973c94c06a961407dc279c01a9ed26487ce3c833003af19ce3

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:44 GMT
cf-cache-status: MISS
last-modified: Mon, 15 Oct 2012 12:52:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zEWYu36%2BmCo0A%2BlxjBs7Ta6%2FUvxWJWKtAoWuaRiMv6SZtpGQ8uNQSkFRW8NPSNG5yaZ4f4so9PZsFZji2oqstHWnzAGcGHWfChMuJozwRMp6EG%2FaOx%2BmX9HACrThR7paE9mBDvQC"}],"max_age":604800}
content-type: image/png
cache-control: max-age=31536000
nel: {"max_age":604800,"report_to":"cf-nel"}
accept-ranges: bytes
cf-ray: 6394d88d59214eda-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2475
cf-request-id: 0930e5ac5400004eda800aa000000001

GET
H2 200 hong_kong.png
paypalfee.marketing00.com/images/ 3 KB
3 KB 508ms
502ms Image
image/png 2606:4700:3035::ac43:9317
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paypalfee.marketing00.com/images/hong_kong.png
Requested by: Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9317 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f2a5ba2771970cc06f91162851cd9ddb891f9e63652d8355e9d60c07b128a409

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:44 GMT
cf-cache-status: MISS
last-modified: Mon, 15 Oct 2012 12:52:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=CRDExpYG0BwVa5BWTsy3N8aflrgh8ertYtRxj37xx2eMraHBvfxkLAJMXl3qcnG6%2BE1WvqtX1WxV%2BNhGFzirxFV6fZIaw82ZbSO48ZNtGZeir4cLFKXJ7ow7RBRPX9KEMQt6dZGx"}],"max_age":604800}
content-type: image/png
cache-control: max-age=31536000
nel: {"max_age":604800,"report_to":"cf-nel"}
accept-ranges: bytes
cf-ray: 6394d88d59224eda-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3207
cf-request-id: 0930e5ac5400004eda6f297000000001

GET
H2 200 japan.png
paypalfee.marketing00.com/images/ 2 KB
2 KB 512ms
506ms Image
image/png 2606:4700:3035::ac43:9317
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paypalfee.marketing00.com/images/japan.png
Requested by: Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9317 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 073dfe2608b9fd35339826a4282f33e70b06d420a6b5d2d36fa00dbde476bea7

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:44 GMT
cf-cache-status: MISS
last-modified: Mon, 15 Oct 2012 12:52:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=TldqrH%2Fx9cEFOPSrKx1fe1Oezns0obNLE%2FuTv9ZHqvrbnv4fOTufegDzx3o4pjchTIUQNMPFey%2FxbDW92CDq%2BkItOdIAjsq6rjpvXVO2E8H9Lmf5414lBwhFe0l88%2FRl%2FGYFVUqI"}],"max_age":604800}
content-type: image/png
cache-control: max-age=31536000
nel: {"max_age":604800,"report_to":"cf-nel"}
accept-ranges: bytes
cf-ray: 6394d88d59234eda-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2220
cf-request-id: 0930e5ac5400004eda700a4000000001

GET
H2 200 canada.png
paypalfee.marketing00.com/images/ 3 KB
3 KB 525ms
520ms Image
image/png 2606:4700:3035::ac43:9317
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paypalfee.marketing00.com/images/canada.png
Requested by: Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9317 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 303e8b2c06f07ee6bd4058e41424739f74fcbc5c7e8989085acf5c394d2e79d3

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:44 GMT
cf-cache-status: MISS
last-modified: Mon, 15 Oct 2012 12:52:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=eWh5vFWhEoeDyyyc8CAR0khjXE0AgynKT4kQiRfXb4NgswMU1%2BGaj6TRafEC8rbAOjQuGpEpAlb49oljmHDCErSRbVnyLRLlestsOePthEZd0X93AgyaBL5OjP%2FrrirXrtzT82MK"}],"max_age":604800}
content-type: image/png
cache-control: max-age=31536000
nel: {"max_age":604800,"report_to":"cf-nel"}
accept-ranges: bytes
cf-ray: 6394d88d59244eda-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2813
cf-request-id: 0930e5ac5400004eda8f23c000000001

GET
H2 200 united_states.png
paypalfee.marketing00.com/images/ 3 KB
4 KB 515ms
510ms Image
image/png 2606:4700:3035::ac43:9317
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paypalfee.marketing00.com/images/united_states.png
Requested by: Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9317 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ee78e49f2b8e2ea508e214441566c33ba6e5f97c93bd44a404a681b1346f7c05

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:44 GMT
cf-cache-status: MISS
last-modified: Mon, 15 Oct 2012 12:52:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mptHaMWjY36zuat0M%2B8tsfjtXt3IR6vEcAYpCZHj%2FPk0fqAzkakZ4T6FfYSHzHxOy4DWnH9SF3FvSHMJRwo3E7YtaB%2BjI5wXEtsFQJ6gkWC0RJMzHzQI%2BRfbKyjjP%2FVT1QAe3kaN"}],"max_age":604800}
content-type: image/png
cache-control: max-age=31536000
nel: {"max_age":604800,"report_to":"cf-nel"}
accept-ranges: bytes
cf-ray: 6394d88d59254eda-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3458
cf-request-id: 0930e5ac5500004edab6362000000001

GET
H2 200 calculator.js Show response
paypalfee.marketing00.com/ 7 KB
2 KB 517ms
517ms Script
application/javascript 2606:4700:3035::ac43:9317
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paypalfee.marketing00.com/calculator.js
Requested by: Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:9317 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9019cfb4c5d92481da965bb1a7e024e654c819f815826e5de994caebe2e0a8a3

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:44 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 15 Oct 2012 12:52:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qepqdy2V%2Ff9NFMu16TUQfdMnhkfEOGB7fVADlWuDBKIglJS3Q2fyUThZYnjRB9lnj4t7ZzsMnC2kyeid6jsWutVR1y1xFu%2BxN7TLhPSbZVgXK5gxAHY7h0b5p0OyymuuJpeVK3Bd"}],"max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 6394d88c5f8a4eda-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0930e5abb800004edac8b62000000001

POST
H2 204 collect
www.google-analytics.com/g/ 0
79 B 13ms
13ms Other
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-XT16K0J2CN&gtm=2oe3o0&_p=1085424970&sr=1600x1200&ul=en-us&cid=1903232114.1617311863&_s=1&dl=https%3A%2F%2Fpaypalfee.marketing00.com%2F&dt=PayPal%20Fee%20Calculator&sid=1617311863&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XT16K0J2CN
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 01 Apr 2021 21:17:43 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://paypalfee.marketing00.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 11ms
6ms Script
text/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 19 Mar 2021 19:22:18 GMT
server: Golfe2
age: 5769
date: Thu, 01 Apr 2021 19:41:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Thu, 01 Apr 2021 21:41:34 GMT

GET
H2 200 async-buttons.js Show response
ws.sharethis.com/button/ 89 KB
19 KB 15ms
10ms Script
application/javascript 2600:9000:2127:3e00:3:c04e:c780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.sharethis.com/button/async-buttons.js
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/buttons.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:3e00:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: f3bc548fe0ec38e954e193e2048fcd89948a61e9b321e69476b807cfb530215b

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 30 Mar 2021 09:22:33 GMT
content-encoding: gzip
server: nginx/1.16.1
age: 215711
etag: W/"60257011-16245"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 7bb80b5d9f75710222feac15033d6af0.cloudfront.net (CloudFront)
cache-control: max-age=259200
x-amz-cf-pop: PRG50-C1
x-robots-tag: noindex, nofollow
content-length: 18815
x-amz-cf-id: ZZ2gW0o70LpBjC9pnR8pR_DvTC04MO6u1SWvLnr7ZhvKhDYWqQXi2Q==
expires: Fri, 02 Apr 2021 09:22:32 GMT

GET
H2 200 portal-v2.html Show response
c.sharethis.mgr.consensu.org/ Frame 76A1 2 KB
1 KB 33ms
9ms Document
text/html 2600:9000:2127:e00:c:a9b7:ddc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.sharethis.mgr.consensu.org/portal-v2.html
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/buttons.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:e00:c:a9b7:ddc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: ac84513c4c5ea7e4458e91c46e33ba71b56e19fabf93cc079ffcb01a975c2e3d

Request headers

:method: GET
:authority: c.sharethis.mgr.consensu.org
:scheme: https
:path: /portal-v2.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://paypalfee.marketing00.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://paypalfee.marketing00.com/

Response headers

content-type: text/html; charset=utf-8
content-encoding: gzip
date: Thu, 01 Apr 2021 20:18:36 GMT
cache-control: max-age=3600, public
etag: W/"83a-K1Ex0xzH2LCxSyRnDnyZEg18N68"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0bb58964819755c192fe9c24c342bd1a.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
x-amz-cf-id: 2B9pAsGgu_Vz4ZyFb6M8MRbuxo344brVJbzJLYPTzt7c5HZBDxo2gg==
age: 3548

GET
H3-Q050 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
378 B 40ms
26ms Image
image/gif 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=841263471&utmhn=paypalfee.marketing00.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=PayPal%20Fee%20Calculator&utmhid=1085424970&utmr=-&utmp=%2F&utmht=1617311863994&utmac=UA-10828846-14&utmcc=__utma%3D138094257.1903232114.1617311863.1617311864.1617311864.1%3B%2B__utmz%3D138094257.1617311864.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=2142697446&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAABAAAE~

Requested by

Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Apr 2021 21:17:44 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 buttons-secure.css
ws.sharethis.com/button/css/ 23 KB
4 KB 10ms
10ms Stylesheet
text/css 2600:9000:2127:3e00:3:c04e:c780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.sharethis.com/button/css/buttons-secure.css
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/async-buttons.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:3e00:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 95dc1b83a7c030dd13ab3e29df921f10e04208b28734f172ea232854264c3b05

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 00:27:15 GMT
content-encoding: gzip
last-modified: Thu, 11 Feb 2021 17:57:38 GMT
server: nginx/1.16.1
age: 80586
etag: W/"60257012-5a76"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 7bb80b5d9f75710222feac15033d6af0.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
x-robots-tag: noindex, nofollow
content-length: 3851
x-amz-cf-id: EsNOSkkbetK-zxRhROAHn4f3NKTCxqxJFB8qk1xUIFQUkfTbeKsHeQ==

GET
H/1.1 200
OK get_counts Show response
count-server.sharethis.com/v2.0/ 100 B
346 B 454ms
117ms Script
text/javascript 3.213.224.136
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://count-server.sharethis.com/v2.0/get_counts?url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&cb=stButtons.processCB&wd=true
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/async-buttons.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.213.224.136 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-213-224-136.compute-1.amazonaws.com
Software: / Express
Resource Hash: bdc406f34dcc42df6b9b3f36359d0f4c6fed20a31e2583b3da22fb36af5205ce

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 01 Apr 2021 21:17:44 GMT
Cache-Control: public, max-age=900
ETag: 30429843226130646f4f6380397dff1f
Connection: keep-alive
X-Powered-By: Express
Content-Length: 100
Content-Type: text/javascript; charset=utf-8

GET
H3-Q050 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210329/r20190131/ 227 KB
85 KB 59ms
45ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210329/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5042304306806244&plah=paypalfee.marketing00.com&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

311e18f635513141cf583a4fa0ac2828f450c8197eb57853475194676faaebe2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 86637
x-xss-protection: 0
server: cafe
etag: 7600525576280132900
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 01 Apr 2021 21:17:44 GMT

GET
H2 200 facebook_counter.png
ws.sharethis.com/images/2017/ 2 KB
3 KB 10ms
10ms Image
image/png 2600:9000:2127:3e00:3:c04e:c780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ws.sharethis.com/images/2017/facebook_counter.png
Requested by: Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:3e00:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 3488c49147b809d1e457c14a37bf3a79b0455fd159c121325e8f737eea45eb75

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 19:07:06 GMT
via: 1.1 7bb80b5d9f75710222feac15033d6af0.cloudfront.net (CloudFront)
server: nginx/1.16.1
age: 4241438
etag: "60256fcb-977"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: PRG50-C1
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 2423
x-amz-cf-id: tbQDqWFyqAoV3aLOBku8rZKv1EDlw8kehVrmnCIFawAkLWbTAaeDyw==
expires: Fri, 11 Feb 2022 19:07:06 GMT

GET
H2 200 twitter_counter.png
ws.sharethis.com/images/2017/ 2 KB
3 KB 10ms
10ms Image
image/png 2600:9000:2127:3e00:3:c04e:c780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ws.sharethis.com/images/2017/twitter_counter.png
Requested by: Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:3e00:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: aeae37bae2130513ef8b5ea4fde8fd776b32ff8969b848b59399a63d9455e29a

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 19:07:06 GMT
via: 1.1 7bb80b5d9f75710222feac15033d6af0.cloudfront.net (CloudFront)
server: nginx/1.16.1
age: 4241438
etag: "60256fcb-9ae"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: PRG50-C1
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 2478
x-amz-cf-id: 0zuuOLneDym5IkuNCAj4sXkvitMHK0BJoZKmytiPueffZCpWpvJGWA==
expires: Fri, 11 Feb 2022 19:07:06 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210329/r20190131/ Frame 2A76 10 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210329/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ee8a97200cf0e24af175070d017d0bdabe6c619ede7bf7c5585e90de0f39798

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210329/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://paypalfee.marketing00.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://paypalfee.marketing00.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 31 Mar 2021 22:50:27 GMT
expires: Wed, 14 Apr 2021 22:50:27 GMT
content-type: text/html; charset=UTF-8
etag: 13254444762018554669
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4647
x-xss-protection: 0
age: 80837
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 bubble_arrow.png
ws.sharethis.com/secure/images/ 979 B
1 KB 10ms
10ms Image
image/png 2600:9000:2127:3e00:3:c04e:c780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ws.sharethis.com/secure/images/bubble_arrow.png
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/css/buttons-secure.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:3e00:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 516630dc137782b6ea784ed6891b487b8a2fff9be9ed921977008453039cc1fe

Request headers

Referer: https://ws.sharethis.com/button/css/buttons-secure.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 19:07:06 GMT
via: 1.1 7bb80b5d9f75710222feac15033d6af0.cloudfront.net (CloudFront)
server: nginx/1.16.1
age: 4241438
etag: "60257011-3d3"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: PRG50-C1
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 979
x-amz-cf-id: ujt2ed1VlR4V6oz78_MKsWfUzPpAIBpwlBRMnDdkxQy1J7bmIoasIQ==
expires: Fri, 11 Feb 2022 19:07:06 GMT

GET
H2 200 googleplus_16.png
ws.sharethis.com/images/2017/ 2 KB
2 KB 10ms
10ms Image
image/png 2600:9000:2127:3e00:3:c04e:c780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ws.sharethis.com/images/2017/googleplus_16.png
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/css/buttons-secure.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:3e00:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 592a848da6f427ea5d9169179bd309484f531d3c23c5aaf858afa22fc28d40c8

Request headers

Referer: https://ws.sharethis.com/button/css/buttons-secure.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 19:07:07 GMT
via: 1.1 7bb80b5d9f75710222feac15033d6af0.cloudfront.net (CloudFront)
server: nginx/1.16.1
age: 4241437
etag: "60256fcb-61f"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: PRG50-C1
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 1567
x-amz-cf-id: d98poSJx8j6Jy5BvKLwMWZmS-ZzA3baFl27kr_C-ruJ8Ion0gRNiew==
expires: Fri, 11 Feb 2022 19:07:07 GMT

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
347 B 140ms
35ms XHR
text/plain 3.122.26.231
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/pview?event=pview&version=buttons.js&lang=en&sessionID=1617311863876.43090&hostname=paypalfee.marketing00.com&location=%2F&product=widget&fcmp=false&fcmpv2=false&publisher=ur-8de7ea91-a1bb-bc0-8950-273c74abb77c&bsamesite=true&consent_cookie_duration=223&consent_duration=223&gdpr_domain=.consensu.org&gdpr_method=cookie&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&title=PayPal%20Fee%20Calculator&sop=false&description=Calculate%20PayPal%20fees%20easily%20with%20PayPal%20Fee%20Calc%20from%20Ion%20Digital
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/buttons.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.122.26.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-26-231.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 01 Apr 2021 21:17:44 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: https://paypalfee.marketing00.com
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 205 B
643 B 146ms
68ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=paypalfee.marketing00.com&callback=_gfp_s_&client=ca-pub-5042304306806244

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210329/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5042304306806244&plah=paypalfee.marketing00.com&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ae3406469c4433cc4b51f0faa3441d12ba96eb38d61dcb668131c3f33dae9da6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 194
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
799 B 38ms
18ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=paypalfee.marketing00.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 01 Apr 2021 21:17:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 33ms
14ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=paypalfee.marketing00.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 01 Apr 2021 21:17:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 918C 71 KB
23 KB 362ms
347ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=1814734761&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864019&bpp=23&bdt=784&idt=90&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=8548972172354&frm=20&pv=2&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=258&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=eWC1nnWFcr&p=https%3A//paypalfee.marketing00.com&dtd=109

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

211e2c3229fae2c5dd99220690985832243c51ff8076ee149be448e7fb37515f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=1814734761&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864019&bpp=23&bdt=784&idt=90&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=8548972172354&frm=20&pv=2&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=258&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=eWC1nnWFcr&p=https%3A//paypalfee.marketing00.com&dtd=109
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://paypalfee.marketing00.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://paypalfee.marketing00.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 01 Apr 2021 21:17:44 GMT
server: cafe
content-length: 23963
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 01-Apr-2021 21:32:44 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 01 Apr 2021 21:17:44 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 32ms
14ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

234e58e81d77759daf07d771662c4e4b7711301f3a867a8bbf78651dfc13c2f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1617218226621639"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28276
x-xss-protection: 0
expires: Thu, 01 Apr 2021 21:17:44 GMT

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8FC3 71 KB
23 KB 554ms
550ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=3753841676&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864042&bpp=4&bdt=808&idt=95&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1170x280&correlator=8548972172354&frm=20&pv=1&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=789&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=NYd2OOBSsH&p=https%3A//paypalfee.marketing00.com&dtd=98

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

266a70ac742929bf46550f5b610cb3315ae037c5f8dc207b37624b636738bcbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=3753841676&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864042&bpp=4&bdt=808&idt=95&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1170x280&correlator=8548972172354&frm=20&pv=1&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=789&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=NYd2OOBSsH&p=https%3A//paypalfee.marketing00.com&dtd=98
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://paypalfee.marketing00.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://paypalfee.marketing00.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 01 Apr 2021 21:17:44 GMT
server: cafe
content-length: 23662
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 01-Apr-2021 21:32:44 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 01 Apr 2021 21:17:44 GMT
cache-control: private

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 649B 79 KB
25 KB 341ms
341ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=1357065426&adf=1839787983&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864046&bpp=1&bdt=812&idt=97&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1170x280%2C1170x280&correlator=8548972172354&frm=20&pv=1&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=1349&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=cvWnlwF4YG&p=https%3A//paypalfee.marketing00.com&dtd=100

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c6b7fea7462c7a260f2c3bb3a0e7939d1f218e3029100c98489911801f4fe000

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=1357065426&adf=1839787983&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864046&bpp=1&bdt=812&idt=97&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1170x280%2C1170x280&correlator=8548972172354&frm=20&pv=1&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=1349&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=cvWnlwF4YG&p=https%3A//paypalfee.marketing00.com&dtd=100
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://paypalfee.marketing00.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://paypalfee.marketing00.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 01 Apr 2021 21:17:44 GMT
server: cafe
content-length: 25568
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 01-Apr-2021 21:32:44 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 01 Apr 2021 21:17:44 GMT
cache-control: private

GET
H/1.1 204
No Content pview
l.sharethis.com/ 0
315 B 37ms
37ms Image
text/plain 3.122.26.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.sharethis.com/pview?event=pview&version=buttons.js&lang=en&sessionID=1617311863876.43090&hostname=paypalfee.marketing00.com&location=%2F&product=widget&fcmp=false&fcmpv2=false&publisher=ur-8de7ea91-a1bb-bc0-8950-273c74abb77c&bsamesite=true&consent_cookie_duration=223&consent_duration=223&gdpr_domain=.consensu.org&gdpr_method=cookie&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&title=PayPal%20Fee%20Calculator&sop=false&description=Calculate%20PayPal%20fees%20easily%20with%20PayPal%20Fee%20Calc%20from%20Ion%20Digital&gdpr_domain=.consensu.org&gdpr_method=cookie&description=Calculate%20PayPal%20fees%20easily%20with%20PayPal%20Fee%20Calc%20from%20Ion%20Digital&img_pview=true
Requested by: Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.122.26.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-26-231.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 01 Apr 2021 21:17:44 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
777 B 42ms
29ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=paypalfee.marketing00.com

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 01 Apr 2021 21:17:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
531 B 44ms
30ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=paypalfee.marketing00.com

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 01 Apr 2021 21:17:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
88 B 38ms
38ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&tn=DIV&cls=navbar%20navbar-inverse%20navbar-fixed-top&ign=false

Requested by

Host: paypalfee.marketing00.com
URL: https://paypalfee.marketing00.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Apr 2021 21:17:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1778 0
549 B 15ms
15ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&adk=1812271804&adf=3025194257&lmt=1617296961&plat=1%3A32776%2C2%3A16809992%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&ea=0&flash=0&pra=7&wgl=1&dt=1617311864253&bpp=1&bdt=1019&idt=1&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1170x280%2C1170x280%2C1170x280&nras=1&correlator=8548972172354&frm=20&pv=1&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=4&uci=a!4&fsb=1&dtd=7

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5042304306806244&output=html&adk=1812271804&adf=3025194257&lmt=1617296961&plat=1%3A32776%2C2%3A16809992%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&ea=0&flash=0&pra=7&wgl=1&dt=1617311864253&bpp=1&bdt=1019&idt=1&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1170x280%2C1170x280%2C1170x280&nras=1&correlator=8548972172354&frm=20&pv=1&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=4&uci=a!4&fsb=1&dtd=7
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://paypalfee.marketing00.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://paypalfee.marketing00.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 01 Apr 2021 21:17:44 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 01-Apr-2021 21:32:44 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 01 Apr 2021 21:17:44 GMT
cache-control: private

GET
H2 200 13913999261139030253
tpc.googlesyndication.com/daca_images/simgad/ Frame 649B 68 KB
69 KB 28ms
8ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/13913999261139030253

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=1357065426&adf=1839787983&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864046&bpp=1&bdt=812&idt=97&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1170x280%2C1170x280&correlator=8548972172354&frm=20&pv=1&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=1349&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=cvWnlwF4YG&p=https%3A//paypalfee.marketing00.com&dtd=100

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2489cc7309575fc6c5a247f0ea5af2f4758e0ab37bb01914ae5f4934beefed8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 10:10:03 GMT
x-content-type-options: nosniff
age: 126461
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69954
x-xss-protection: 0
last-modified: Wed, 02 Dec 2020 00:49:46 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Mar 2022 10:10:03 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210331/r20110914/ Frame 649B 17 KB
7 KB 27ms
7ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210331/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4e10c54a966ed5abeeac2aca4cfa968f317497770f59ec94af6d712db96e7d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:15:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 127
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7115
x-xss-protection: 0
server: cafe
etag: 8094203328658613728
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Apr 2021 21:15:37 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210331/r20110914/client/ Frame 649B 2 KB
1 KB 39ms
22ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210331/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:16:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 63
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Apr 2021 21:16:41 GMT

GET
H2 200 transparent.png
tpc.googlesyndication.com/pagead/images/ Frame 649B 67 B
196 B 38ms
21ms Image
image/png 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/transparent.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 01 Apr 2021 03:52:27 GMT
x-content-type-options: nosniff
server: cafe
age: 62717
etag: 2462972746714251406
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67
x-xss-protection: 0
expires: Fri, 02 Apr 2021 03:52:27 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 649B 118 KB
36 KB 43ms
30ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8727cf8bd32a94a8d93d7c75469184dada14c6cadf02178c17db5ee06f832b0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1617218245166195"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36656
x-xss-protection: 0
expires: Thu, 01 Apr 2021 21:17:44 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210331/r20110914/client/ Frame 649B 13 KB
6 KB 37ms
19ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210331/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9581d69ef8a7435f061d76045cc929310f436366f9ced3b9b9811ca6ed26feb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5599
x-xss-protection: 0
server: cafe
etag: 2241650964481140939
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Apr 2021 21:17:09 GMT

GET
H3-Q050 200 adview
googleads.g.doubleclick.net/pagead/ Frame 649B 0
0 43ms
43ms Fetch
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CO0XoeDhmYMrOCtrb7_UPkpSpiAf7-cKMYvn4nPDADK-2vs-IChABIIyn6XJglYq4gsgHoAGY7uqhA8gBAqkCoRhj03jAsz6oAwHIA8kEqgTFAU_QoI7KuAEkhzlZxDWD18xfdSRMaPWj2jnGsJeyNZjXDYe0It0wMywLhUdjOQaf_ohy4RBMmGIsGwnOmaqWPXKDUEizWGELok21qF1knLGj4gfkPYCgCs1tgAHcSHhMlOPlHlfM_7xUEcip62f-tM-SRiyVgyiDw13D0aKfJOiTwTZ8E7MVTmFVmwohzCL-w5_SToThPrnmWJF0L0OdzZuwKHeUUE3z9So2VSknkfK84A7Yc45dijn3Y7PEkBR8HOV4giJwwASl5ZW5oAOSBQQIBBgBkgUECAUYBKAGAoAH0JGVXqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBCG1gfSCAkIgOGAEBABGB-ACgHICwHYEw2yFxoKGAgAEhRwdWItNTA0MjMwNDMwNjgwNjI0NA&sigh=l6nrulXJYEE&tpd=AGWhJmu5atokhnKWJR6DPxxHHdzGDAFh4zCTgCxyy3yLCtadpA

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=1357065426&adf=1839787983&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864046&bpp=1&bdt=812&idt=97&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1170x280%2C1170x280&correlator=8548972172354&frm=20&pv=1&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=1349&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=cvWnlwF4YG&p=https%3A//paypalfee.marketing00.com&dtd=100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 01 Apr 2021 21:17:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 01 Apr 2021 21:17:44 GMT

GET
H2 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210331/r20110914/client/ Frame 649B 25 KB
10 KB 34ms
21ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210331/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f08484455172d31ef5c551a8228f73cd46f334707d09677aa3e53d73483a8c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 20:00:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4607
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10479
x-xss-protection: 0
server: cafe
etag: 5380568613746674957
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Apr 2021 20:00:57 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 918C 3 KB
674 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=1814734761&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864019&bpp=23&bdt=784&idt=90&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=8548972172354&frm=20&pv=2&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=258&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=eWC1nnWFcr&p=https%3A//paypalfee.marketing00.com&dtd=109

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 01 Apr 2021 19:28:11 GMT
server: ESF
date: Thu, 01 Apr 2021 21:17:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 01 Apr 2021 21:17:44 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210331/r20110914/client/ Frame 918C 1 KB
990 B 21ms
20ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210331/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=1814734761&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864019&bpp=23&bdt=784&idt=90&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=8548972172354&frm=20&pv=2&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=258&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=eWC1nnWFcr&p=https%3A//paypalfee.marketing00.com&dtd=109

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:05:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 732
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Apr 2021 21:05:32 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210331/r20110914/ Frame 918C 17 KB
7 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210331/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=1814734761&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864019&bpp=23&bdt=784&idt=90&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=8548972172354&frm=20&pv=2&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=258&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=eWC1nnWFcr&p=https%3A//paypalfee.marketing00.com&dtd=109

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4e10c54a966ed5abeeac2aca4cfa968f317497770f59ec94af6d712db96e7d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:15:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 127
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7115
x-xss-protection: 0
server: cafe
etag: 8094203328658613728
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Apr 2021 21:15:37 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210331/r20110914/client/ Frame 918C 2 KB
1 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210331/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=1814734761&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864019&bpp=23&bdt=784&idt=90&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=8548972172354&frm=20&pv=2&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=258&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=eWC1nnWFcr&p=https%3A//paypalfee.marketing00.com&dtd=109

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:16:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 63
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Apr 2021 21:16:41 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 918C 118 KB
36 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=1814734761&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864019&bpp=23&bdt=784&idt=90&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=8548972172354&frm=20&pv=2&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=258&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=eWC1nnWFcr&p=https%3A//paypalfee.marketing00.com&dtd=109

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8727cf8bd32a94a8d93d7c75469184dada14c6cadf02178c17db5ee06f832b0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1617218245166195"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36656
x-xss-protection: 0
expires: Thu, 01 Apr 2021 21:17:44 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210331/r20110914/client/ Frame 918C 13 KB
6 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210331/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=1814734761&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864019&bpp=23&bdt=784&idt=90&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=8548972172354&frm=20&pv=2&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=258&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=eWC1nnWFcr&p=https%3A//paypalfee.marketing00.com&dtd=109

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9581d69ef8a7435f061d76045cc929310f436366f9ced3b9b9811ca6ed26feb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5599
x-xss-protection: 0
server: cafe
etag: 2241650964481140939
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Apr 2021 21:17:09 GMT

GET
H2 200 0d74ed574692e0488c8a49b73918ea59.js Show response
www.gstatic.com/mysidia/ Frame 918C 25 KB
10 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/0d74ed574692e0488c8a49b73918ea59.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=1814734761&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864019&bpp=23&bdt=784&idt=90&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=8548972172354&frm=20&pv=2&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=258&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=eWC1nnWFcr&p=https%3A//paypalfee.marketing00.com&dtd=109

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11909c0ebcd1e1258ecf3c2ef83688b057b08e5d92a9c715f4fe44c13f20f7b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 07:08:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 25 Mar 2021 05:14:52 GMT
server: sffe
age: 50984
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10398
x-xss-protection: 0
expires: Wed, 30 Jun 2021 07:08:00 GMT

GET
H3-Q050 200 adview
googleads.g.doubleclick.net/pagead/ Frame 918C 0
0 42ms
42ms Fetch
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cz_HGeDhmYPfhCqWMlQfx346oAZzDv7Rgjtia-Y0Jv-EeEAEgjKfpcmCViriCyAegAbSM5aMDyAEJqQKhGGPTeMCzPqgDAcgDywSqBMcBT9Di787Ee0fVr3YllH-c_0mvZkvpqZmULbH3IBoTSBFNjR3nc6vK_KJ9tWwI3x5auOPYo6XUNpCJ45lhcoF9QxbcGeMTLf4i-jXWX_Fc-LL_bgarX4VQUp80e5Yo5nXFipqxnICVhhXPeolqvhbsF3RWMQvjFFrgnavecVCrCi43xc2C76lYAx4vMMVjVgEVmeJ0RgJxpUV4xziQpvZGpj3i8edlBKbD_m6zN1eKvPvRsa_YjHqQzkRl_rW1zRYmQ--u8uB4k8AEoLOVwY8CkgUECAQYAZIFBAgFGASgBi6AB7TzmlyoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQutgV0ggJCIDhgBAQARgfgAoByAsB2BMMiBQC0BUBgBcBshcaChgIABIUcHViLTUwNDIzMDQzMDY4MDYyNDQ&sigh=gU7uVq2dliI&template_id=5000&tpd=AGWhJmuXQVgUmY0UgtHjzkpXKNLvXInXXIFAkT63UhTo9jOKSQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=1814734761&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864019&bpp=23&bdt=784&idt=90&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=8548972172354&frm=20&pv=2&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=258&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=eWC1nnWFcr&p=https%3A//paypalfee.marketing00.com&dtd=109

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=1814734761&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864019&bpp=23&bdt=784&idt=90&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=8548972172354&frm=20&pv=2&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=258&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=eWC1nnWFcr&p=https%3A//paypalfee.marketing00.com&dtd=109
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 01 Apr 2021 21:17:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 01 Apr 2021 21:17:44 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/16886287575187127107/ Frame 918C 19 KB
20 KB 37ms
20ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16886287575187127107/downsize_200k_v1?w=600&h=314

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=1814734761&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864019&bpp=23&bdt=784&idt=90&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=8548972172354&frm=20&pv=2&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=258&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=eWC1nnWFcr&p=https%3A//paypalfee.marketing00.com&dtd=109

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8de975cc5ae16774406b7810e410c364263edfad66f0b156b9cef036c436d189

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 10:04:20 GMT
x-content-type-options: nosniff
age: 126804
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19764
x-xss-protection: 0
last-modified: Mon, 24 Sep 2018 10:44:30 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Mar 2022 10:04:20 GMT

GET
DATA 200
OK truncated
/ Frame 918C 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-Q050 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3CCF 143 B
220 B 6ms
6ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=1357065426&adf=1839787983&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864046&bpp=1&bdt=812&idt=97&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1170x280%2C1170x280&correlator=8548972172354&frm=20&pv=1&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=1349&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=cvWnlwF4YG&p=https%3A//paypalfee.marketing00.com&dtd=100
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmqmTAF2XN0WYdgRzn2kRXoN9ISAkT2Ncbp1DgMRc5VBG5gdPptwTN3roWjN2A
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=1357065426&adf=1839787983&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864046&bpp=1&bdt=812&idt=97&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1170x280%2C1170x280&correlator=8548972172354&frm=20&pv=1&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=1349&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=cvWnlwF4YG&p=https%3A//paypalfee.marketing00.com&dtd=100

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 01 Apr 2021 20:41:26 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2178
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 918C 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ddc1dde47f6e6477c522b7659ca4c8d0ae5287d2d717c0f3e3ddcd7804a7776b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 649B 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f7dd2aeff60ef14efd7bc0985de2524f2e5cc30334b34cd04c18b54edbb400a3

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 918C 21 KB
21 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 01:58:20 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:21 GMT
server: sffe
age: 69564
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21716
x-xss-protection: 0
expires: Fri, 01 Apr 2022 01:58:20 GMT

GET
H2 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 918C 21 KB
21 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 21:42:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 84921
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Thu, 31 Mar 2022 21:42:23 GMT

GET
H3-Q050 200 71hr94SUjmI4WsmVKl_xSF-LeUxrKTKLcbZwOLomvE8.js Show response
pagead2.googlesyndication.com/bg/ Frame 203E 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/71hr94SUjmI4WsmVKl_xSF-LeUxrKTKLcbZwOLomvE8.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=1814734761&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864019&bpp=23&bdt=784&idt=90&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=8548972172354&frm=20&pv=2&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=258&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=eWC1nnWFcr&p=https%3A//paypalfee.marketing00.com&dtd=109

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef586bf784948e62385ac9952a5ff1485f8b794c6b29328b71b67038ba26bc4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 09:59:54 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 24 Mar 2021 17:18:00 GMT
server: sffe
age: 40670
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5693
x-xss-protection: 0
expires: Fri, 01 Apr 2022 09:59:54 GMT

GET
H3-Q050

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3CCF
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
110 B

41ms
39ms

Document
text/html

2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnzpE9TVtnA0A-UqKGu_IMKQMz77gEHWyTeH5aQa2ypyd2UUsCQivLH_1hymFg; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 01 Apr 2021 21:17:44 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Thu, 01-Apr-2021 22:17:44 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 01 Apr 2021 21:17:44 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 01 Apr 2021 21:17:44 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 71hr94SUjmI4WsmVKl_xSF-LeUxrKTKLcbZwOLomvE8.js Show response
pagead2.googlesyndication.com/bg/ Frame 140D 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/71hr94SUjmI4WsmVKl_xSF-LeUxrKTKLcbZwOLomvE8.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef586bf784948e62385ac9952a5ff1485f8b794c6b29328b71b67038ba26bc4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 09:59:54 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 24 Mar 2021 17:18:00 GMT
server: sffe
age: 40670
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5693
x-xss-protection: 0
expires: Fri, 01 Apr 2022 09:59:54 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 8FC3 3 KB
1016 B 41ms
28ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=3753841676&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864042&bpp=4&bdt=808&idt=95&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1170x280&correlator=8548972172354&frm=20&pv=1&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=789&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=NYd2OOBSsH&p=https%3A//paypalfee.marketing00.com&dtd=98

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 01 Apr 2021 19:26:05 GMT
server: ESF
date: Thu, 01 Apr 2021 21:17:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 01 Apr 2021 21:17:44 GMT

GET
H3-Q050 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210331/r20110914/client/ Frame 8FC3 1 KB
980 B 8ms
7ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210331/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=3753841676&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864042&bpp=4&bdt=808&idt=95&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1170x280&correlator=8548972172354&frm=20&pv=1&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=789&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=NYd2OOBSsH&p=https%3A//paypalfee.marketing00.com&dtd=98

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:05:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 732
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Apr 2021 21:05:32 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210331/r20110914/ Frame 8FC3 17 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210331/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=3753841676&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864042&bpp=4&bdt=808&idt=95&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1170x280&correlator=8548972172354&frm=20&pv=1&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=789&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=NYd2OOBSsH&p=https%3A//paypalfee.marketing00.com&dtd=98

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4e10c54a966ed5abeeac2aca4cfa968f317497770f59ec94af6d712db96e7d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:15:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 127
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7115
x-xss-protection: 0
server: cafe
etag: 8094203328658613728
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Apr 2021 21:15:37 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210331/r20110914/client/ Frame 8FC3 2 KB
1 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210331/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=3753841676&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864042&bpp=4&bdt=808&idt=95&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1170x280&correlator=8548972172354&frm=20&pv=1&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=789&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=NYd2OOBSsH&p=https%3A//paypalfee.marketing00.com&dtd=98

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:16:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 63
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Apr 2021 21:16:41 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8FC3 118 KB
36 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=3753841676&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864042&bpp=4&bdt=808&idt=95&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1170x280&correlator=8548972172354&frm=20&pv=1&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=789&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=NYd2OOBSsH&p=https%3A//paypalfee.marketing00.com&dtd=98

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8727cf8bd32a94a8d93d7c75469184dada14c6cadf02178c17db5ee06f832b0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1617218245166195"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36656
x-xss-protection: 0
expires: Thu, 01 Apr 2021 21:17:44 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210331/r20110914/client/ Frame 8FC3 13 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210331/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=3753841676&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864042&bpp=4&bdt=808&idt=95&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1170x280&correlator=8548972172354&frm=20&pv=1&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=789&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=NYd2OOBSsH&p=https%3A//paypalfee.marketing00.com&dtd=98

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9581d69ef8a7435f061d76045cc929310f436366f9ced3b9b9811ca6ed26feb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5599
x-xss-protection: 0
server: cafe
etag: 2241650964481140939
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Apr 2021 21:17:09 GMT

GET
H3-Q050 200 0d74ed574692e0488c8a49b73918ea59.js Show response
www.gstatic.com/mysidia/ Frame 8FC3 25 KB
11 KB 35ms
20ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/0d74ed574692e0488c8a49b73918ea59.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=3753841676&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864042&bpp=4&bdt=808&idt=95&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1170x280&correlator=8548972172354&frm=20&pv=1&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=789&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=NYd2OOBSsH&p=https%3A//paypalfee.marketing00.com&dtd=98

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11909c0ebcd1e1258ecf3c2ef83688b057b08e5d92a9c715f4fe44c13f20f7b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 07:08:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 25 Mar 2021 05:14:52 GMT
server: sffe
age: 50984
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10398
x-xss-protection: 0
expires: Wed, 30 Jun 2021 07:08:00 GMT

GET
H3-Q050 200 adview
googleads.g.doubleclick.net/pagead/ Frame 8FC3 0
0 42ms
42ms Fetch
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C7x9oeDhmYLjJCvej7_UP_pmpyAnXwdzXYYfH6Z2-C8WwvbeYDhABIIyn6XJglYq4gsgHoAHhx8DuA8gBCakCoRhj03jAsz6oAwHIA8sEqgTEAU_Qb1g9ozguHmSQobV6FMLxt5pIzGLZpo5vzyX5yu_G-tDpqfZI9Kyldv_WYC5uvvxL_tNrxc1tTrz5KPynXMquLy39lUSgKYXABnwXhA6AnqMFrOnCyBmPweaoCxtKBYP7bORy4GnR1IqBEfxLigBs3vAzX1APwpsXJNtHgjS-jb-ljWHR8YMt0U3xsGaxrTDocOCpM31ZjdBBP6e5QUMEPpSzeRSqw0drYbR2ZHPW568CjGSqtPSN6gTJP-YEqlR7cOXABKng0YneAZIFBAgEGAGSBQQIBRgEoAYugAeHuL8RqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEKeaGtIICQiA4YAQEAEYH4AKAcgLAdgTDIgUAbIXGgoYCAASFHB1Yi01MDQyMzA0MzA2ODA2MjQ0&sigh=_BjfxhgwjnU&template_id=5000&tpd=AGWhJmu5pYN2Q7Pw9gJJ8f5P9AohI3eUyUroVnpGjYub3ca4uQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=3753841676&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864042&bpp=4&bdt=808&idt=95&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1170x280&correlator=8548972172354&frm=20&pv=1&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=789&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=NYd2OOBSsH&p=https%3A//paypalfee.marketing00.com&dtd=98

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=3753841676&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864042&bpp=4&bdt=808&idt=95&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1170x280&correlator=8548972172354&frm=20&pv=1&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=789&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=NYd2OOBSsH&p=https%3A//paypalfee.marketing00.com&dtd=98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 01 Apr 2021 21:17:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/9286423330930335781/ Frame 8FC3 33 KB
34 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9286423330930335781/downsize_200k_v1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=3753841676&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864042&bpp=4&bdt=808&idt=95&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1170x280&correlator=8548972172354&frm=20&pv=1&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=789&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=NYd2OOBSsH&p=https%3A//paypalfee.marketing00.com&dtd=98

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2eeb54586731bca4e887955fb9cd845dac117f1b592f74a5c0637e626044599b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 27 Mar 2021 04:32:38 GMT
x-content-type-options: nosniff
age: 492306
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34218
x-xss-protection: 0
last-modified: Wed, 15 Aug 2018 13:09:28 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 27 Mar 2022 04:32:38 GMT

GET
DATA 200
OK truncated
/ Frame 8FC3 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 8FC3 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 35a7a837f342126df26eb8ac28686e9d63a999e345ab6ea4e91cb172fb117e4c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 8FC3 21 KB
21 KB 35ms
21ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 01:58:20 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:21 GMT
server: sffe
age: 69564
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21716
x-xss-protection: 0
expires: Fri, 01 Apr 2022 01:58:20 GMT

GET
H3-Q050 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 8FC3 21 KB
21 KB 34ms
21ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 31 Mar 2021 21:42:23 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 84921
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Thu, 31 Mar 2022 21:42:23 GMT

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 45ms
32ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210329&st=env

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

514c27e55fd76e1b8f5e6f0e9cd574938acfcd325da05a3e4542f77a62078eb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 01 Apr 2021 21:17:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6528
x-xss-protection: 0

GET
H3-Q050 200 71hr94SUjmI4WsmVKl_xSF-LeUxrKTKLcbZwOLomvE8.js Show response
pagead2.googlesyndication.com/bg/ Frame 1D4B 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/71hr94SUjmI4WsmVKl_xSF-LeUxrKTKLcbZwOLomvE8.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5042304306806244&output=html&h=280&slotname=8649243458&adk=2939942798&adf=3753841676&pi=t.ma~as.8649243458&w=1170&fwrn=4&fwrnh=100&lmt=1617296961&rafmt=1&psa=0&format=1170x280&url=https%3A%2F%2Fpaypalfee.marketing00.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617311864042&bpp=4&bdt=808&idt=95&shv=r20210329&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1170x280&correlator=8548972172354&frm=20&pv=1&ga_vid=1903232114.1617311863&ga_sid=1617311864&ga_hid=1085424970&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=215&ady=789&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44740079%2C44739387&oid=3&pvsid=386830586200878&rx=0&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=NYd2OOBSsH&p=https%3A//paypalfee.marketing00.com&dtd=98

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef586bf784948e62385ac9952a5ff1485f8b794c6b29328b71b67038ba26bc4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 09:59:54 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 24 Mar 2021 17:18:00 GMT
server: sffe
age: 40670
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5693
x-xss-protection: 0
expires: Fri, 01 Apr 2022 09:59:54 GMT

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 21:17:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Thu, 01 Apr 2021 21:17:45 GMT

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame C392 12 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://paypalfee.marketing00.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://paypalfee.marketing00.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Thu, 01 Apr 2021 19:31:34 GMT
expires: Fri, 01 Apr 2022 19:31:34 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 6371
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 71hr94SUjmI4WsmVKl_xSF-LeUxrKTKLcbZwOLomvE8.js Show response
pagead2.googlesyndication.com/bg/ Frame C392 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/71hr94SUjmI4WsmVKl_xSF-LeUxrKTKLcbZwOLomvE8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef586bf784948e62385ac9952a5ff1485f8b794c6b29328b71b67038ba26bc4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Apr 2021 09:59:54 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 24 Mar 2021 17:18:00 GMT
server: sffe
age: 40671
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5693
x-xss-protection: 0
expires: Fri, 01 Apr 2022 09:59:54 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
46 B 41ms
41ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210329&jk=386830586200878&bg=!dXaldjLNAAY56aLOOek7ACkAdvg8Wvwc1DYybaksDvDfGIy5-1CNerhwmy4b9ZC-4MwxtTQd-z1oPgIAAABYUgAAAAloAQcKAPdtGTmjsmPZOUqVh4rtrCRQKzOJLd5fndWcW0uoEzzLZLG_yPeW-Nr-zJIdcvWRwiDdOogduvm4xidrzIuClkyyU66jf_Dh7WiK9Nwh_sL7QlTnGt5ghoUpAzUuCwFcLcwy6C6jhbL-E7fzhVuyZcUlt75PsANdVVOFnnvdJu8Xc3OJxcmBV6LPKPV17T39YpzcbOuNz8QeUw5dGGsq1dFl0TVc4qswMeLuU17v0L_F4E6LYCJ6C-XhzUi300m_MyIa3LlRkRNobHcSnsytG5fQzRY7afjVHebTx1VZw7lqJ-tlerWVlO_nQkJXipxVOTKySlQPRj_kmQHkFjN0zeXMNLbCigwVfW5zNje7eT9Vc6ChJYOu66UQ8pi20S8f8dGeSaBmTtwV6NxZwYVCz4FV_HOSMheJSzaMFDSdwJ7KjttV6ohQbxm_s7ufSF_zSxKlI4UyQq09mDuxSwJXCtL5C3QgBcSnC6RZmwsQmUU5HGyHeJsq3_z6Nss8vZb6CCn8FlrviBmDxclV0SsoHNtg2D6ob0ldPNvTAGTiIMDrOyit8NfFIxXRSY51Hf1ol366Hp5HGLKivkYOaBfid6xdZBeqHWOfq2Wj2xLMEQn2qMBVB7jMCWEJBA9arOHsQW2mK4oburvzbsodAFEdirUWIXwg61UjJkyezBvaZ9zjeGHSES0TXNZLTs5JLJLWfq0L2LQVCnuiNMJXnoM-_lS2ptTAMndHgz1zbWri_zTKsnQcofs4gT6YDEueRpxPQzmq3DVQ8LvnFemjEWMmauLBeLzBZvu5fQLU8AKEJORopypucDhYuhs9HgL1CLk7BsmJ_5ntZJWkMZNnj2-SXypgrS8BQsW8jAhpzzj9N7S9hhT1uql5WrTK1QLhvbd7PYHd0kejov5-Jbhp6xZ0anl7lQtW-nN5Uin22MXg9BsHGqb7jsndPB8ZeKxIQRknfdR94X5gPiIYqvGw8oDWfw

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paypalfee.marketing00.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Apr 2021 21:17:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 index.html Show response
ws.sharethis.com/secure/ Frame 8746 7 KB
2 KB 10ms
10ms Document
text/html 2600:9000:2127:3e00:3:c04e:c780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.sharethis.com/secure/index.html
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/async-buttons.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:3e00:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 3917548928197150addc288f30af88f2ab034ab333aea4b5d99ae97465563720

Request headers

:method: GET
:authority: ws.sharethis.com
:scheme: https
:path: /secure/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://paypalfee.marketing00.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://paypalfee.marketing00.com/

Response headers

content-type: text/html
content-length: 2089
content-encoding: gzip
last-modified: Thu, 11 Feb 2021 17:57:38 GMT
server: nginx/1.16.1
x-robots-tag: noindex, nofollow
date: Thu, 01 Apr 2021 03:21:21 GMT
etag: W/"60257012-1ade"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 7bb80b5d9f75710222feac15033d6af0.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
x-amz-cf-id: -4j7Rc69FOGut4Ph8PvfdBzdVxGK49DuBx-Dev6pb1rK-3FW1_5zqA==
age: 64606

GET
H2 200 st.a9c2f47cfbd1f141fb724cef861110d7.js Show response
ws.sharethis.com/secure/js/ Frame 8746 88 KB
23 KB 10ms
10ms Script
application/javascript 2600:9000:2127:3e00:3:c04e:c780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.sharethis.com/secure/js/st.a9c2f47cfbd1f141fb724cef861110d7.js
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/secure/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:3e00:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 85a0afc2f45cecec31d8ccd1498cd8bfe428b3d79018efb1bf4da2cb3050b847

Request headers

Referer: https://ws.sharethis.com/secure/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 19:07:06 GMT
content-encoding: gzip
server: nginx/1.16.1
age: 4241439
etag: W/"60257012-15e0f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 7bb80b5d9f75710222feac15033d6af0.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: PRG50-C1
x-robots-tag: noindex, nofollow
content-length: 23428
x-amz-cf-id: aKar3qw_gMnHnmYQeNpindlah6Ai2tPimVp_pGH1iEvU-PcL3ZQDUw==
expires: Fri, 11 Feb 2022 19:07:06 GMT

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 918C 42 B
155 B 40ms
39ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvw1GwZI6lYk-g-T04jVpaB1zb1qqfttrNNg_4MdXHp6niNAkCN5wjVmwHFsfD7EOHTqhJ26XuukH01sqL9n4ReXDApcO0tYYxE2XEbkqWNfoW7jzcYroJHN64ceQ&sai=AMfl-YT9ez5QrpdFIYvBExURkqF28AV3xpF_ZPeE5yjaYTFRiEb51u3MYTn4vswRG8kqum1Qu7B2mxK1990N&sig=Cg0ArKJSzCRXkrhCGQtUEAE&id=osdim&mcvt=1001&p=258,215,538,1385&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20210331&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=2939942798&rs=2&met=mue&la=1&cr=0&osd=1&vs=4&rst=1617311864133&dlt=368&rpt=68&isd=0&msd=5&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Apr 2021 21:17:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8FC3 42 B
66 B 40ms
39ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuT8sCBw5ah-pU-rweO9elbgA9amRZoCiJoWCdlvkOISLq3pQTnWNAuTq-c-vcDlRPSWyNpj-7a1WVRA-TNNJXvW7pNEdZcA5rQnrB1X2hHC07_BejaIkFvOD6WRg&sai=AMfl-YQckwHtie7hcc1V7_0wQ8TKZV68gxqKoIMfiAcpu7G2q8nk2uoFcEqEd90inRJejkpZ08LpcGgR18-O&sig=Cg0ArKJSzBN94DFDnliqEAE&id=osdim&mcvt=1000&p=789,215,1069,1385&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210331&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=2939942798&rs=2&met=mue&la=1&cr=0&osd=1&vs=4&rst=1617311864142&dlt=0&rpt=51&isd=0&msd=5&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Apr 2021 21:17:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

115 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 17:15:12	Name: test_cookie Value: CheckForPermission
.doubleclick.net/	1970-01-19 17:15:15	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 02:36:47	Name: IDE Value: AHWqTUnzpE9TVtnA0A-UqKGu_IMKQMz77gEHWyTeH5aQa2ypyd2UUsCQivLH_1hymFg
.paypalfee.marketing00.com/	1970-01-19 21:37:59	Name: __utmz Value: 138094257.1617311864.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.marketing00.com/	1970-01-20 10:46:23	Name: _ga Value: GA1.1.1903232114.1617311863
.marketing00.com/	1970-01-19 17:58:23	Name: __cfduid Value: d1fa9afffe9f07fe95f1d236c79ef2bce1617311862
.paypalfee.marketing00.com/	1969-12-31 23:59:59	Name: __utmc Value: 138094257
.paypalfee.marketing00.com/	1970-01-19 17:15:13	Name: __utmb Value: 138094257.1.10.1617311864
.paypalfee.marketing00.com/	1970-01-19 17:15:12	Name: __utmt Value: 1
.paypalfee.marketing00.com/	1970-01-20 10:46:23	Name: __utma Value: 138094257.1903232114.1617311863.1617311864.1617311864.1
.marketing00.com/	1970-01-20 02:36:47	Name: __gads Value: ID=9b4d384699ca3e1e-2254420dedba00c9:T=1617311864:RT=1617311864:S=ALNI_MY6vYiEuiekktim2hBOmxYJvzCg5g
.marketing00.com/	1970-01-20 10:46:23	Name: _ga_XT16K0J2CN Value: GS1.1.1617311863.1.0.1617311863.0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
c.sharethis.mgr.consensu.org
count-server.sharethis.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
l.sharethis.com
pagead2.googlesyndication.com
partner.googleadservices.com
paypalfee.marketing00.com
ssl.google-analytics.com
tpc.googlesyndication.com
ws.sharethis.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
142.250.186.98
2600:9000:2127:3e00:3:c04e:c780:93a1
2600:9000:2127:e00:c:a9b7:ddc0:93a1
2606:4700:3035::ac43:9317
2a00:1450:4001:800::2002
2a00:1450:4001:801::2002
2a00:1450:4001:809::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:810::2008
2a00:1450:4001:811::2002
2a00:1450:4001:811::2004
2a00:1450:4001:813::2008
2a00:1450:4001:828::2001
2a00:1450:4001:828::200a
2a00:1450:4001:82b::200e
3.122.26.231
3.213.224.136
073dfe2608b9fd35339826a4282f33e70b06d420a6b5d2d36fa00dbde476bea7
0e819a05c11de8156efd880b0c9c3e1d2d905cc9add30b42948365b6a63ce102
101952754cb8c2ae6e1b8b8cba16dc2a9b47e6e808bd563a8b87d0561daf7d85
11909c0ebcd1e1258ecf3c2ef83688b057b08e5d92a9c715f4fe44c13f20f7b4
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
16a8755db87a5d15fddb7c8270d41c3e880c257cbd7df6fa1b1fd328b9e68222
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
19b65f020303c310df947f1d58ba0e929bc864afaa3ef771442deedebf7e6c62
1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27
211e2c3229fae2c5dd99220690985832243c51ff8076ee149be448e7fb37515f
234e58e81d77759daf07d771662c4e4b7711301f3a867a8bbf78651dfc13c2f6
2489cc7309575fc6c5a247f0ea5af2f4758e0ab37bb01914ae5f4934beefed8b
266a70ac742929bf46550f5b610cb3315ae037c5f8dc207b37624b636738bcbc
2eeb54586731bca4e887955fb9cd845dac117f1b592f74a5c0637e626044599b
303e8b2c06f07ee6bd4058e41424739f74fcbc5c7e8989085acf5c394d2e79d3
311e18f635513141cf583a4fa0ac2828f450c8197eb57853475194676faaebe2
3488c49147b809d1e457c14a37bf3a79b0455fd159c121325e8f737eea45eb75
35a7a837f342126df26eb8ac28686e9d63a999e345ab6ea4e91cb172fb117e4c
3917548928197150addc288f30af88f2ab034ab333aea4b5d99ae97465563720
49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381
4d0a4ae8e65531cca528fee30ce95a7b57d6fff7f51da7c793fde7a7eef727af
4e12379ade64a4083dcc185893648da9ff6d6eea3dd7e320b70c724c8a4df2ac
514c27e55fd76e1b8f5e6f0e9cd574938acfcd325da05a3e4542f77a62078eb1
516630dc137782b6ea784ed6891b487b8a2fff9be9ed921977008453039cc1fe
578ae20de50703973c94c06a961407dc279c01a9ed26487ce3c833003af19ce3
592a848da6f427ea5d9169179bd309484f531d3c23c5aaf858afa22fc28d40c8
599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a
5e106fb45608552504afe498dd8aa78fdb0a7aa670333d6536935e4d755879ad
647d5c4d8f56c80b293be43484165e24d282f1107eb5b86153fafd0006248094
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
6a0df493831cf966e314dc378d6c75c6466408f532888aba6e629b86c950ad03
6d19e9869c67840bd1ff3c4e8cb3148cdf8e422d69e4f7c9844f5611bafa0087
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
7600f69930a0136d01e0834a208b51ece9f4ea6f6cd4e571630e67ac043175e6
7ee8a97200cf0e24af175070d017d0bdabe6c619ede7bf7c5585e90de0f39798
831217af2ead632b1820052f596cfd4e01d4a0609d1119a0788a6e6fad0b25dc
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85a0afc2f45cecec31d8ccd1498cd8bfe428b3d79018efb1bf4da2cb3050b847
8727cf8bd32a94a8d93d7c75469184dada14c6cadf02178c17db5ee06f832b0f
87f8949474cd91befeb181b57d5a23ed43de14241d24de3f671b36eedb7c4d32
8de975cc5ae16774406b7810e410c364263edfad66f0b156b9cef036c436d189
8fa871558ae92fb5f123fd4e700653029756806403abeb67139b1393b74f7643
9019cfb4c5d92481da965bb1a7e024e654c819f815826e5de994caebe2e0a8a3
95dc1b83a7c030dd13ab3e29df921f10e04208b28734f172ea232854264c3b05
a2fe12c41d069c9e7e05d1177d7e82c2761d29d0f48836b599795762715c9009
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
ac84513c4c5ea7e4458e91c46e33ba71b56e19fabf93cc079ffcb01a975c2e3d
ae3406469c4433cc4b51f0faa3441d12ba96eb38d61dcb668131c3f33dae9da6
aeae37bae2130513ef8b5ea4fde8fd776b32ff8969b848b59399a63d9455e29a
b4e10c54a966ed5abeeac2aca4cfa968f317497770f59ec94af6d712db96e7d8
bdc406f34dcc42df6b9b3f36359d0f4c6fed20a31e2583b3da22fb36af5205ce
bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c6b7fea7462c7a260f2c3bb3a0e7939d1f218e3029100c98489911801f4fe000
c9581d69ef8a7435f061d76045cc929310f436366f9ced3b9b9811ca6ed26feb
cb281b0e1f408f4ffd6a57ce673b411be53b0093943fccdad6c7a7284320aebf
cfcca01915ce5b1a6974a09ae4003930198ef2de8a7ede967620b0a6ccafca09
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
ddc1dde47f6e6477c522b7659ca4c8d0ae5287d2d717c0f3e3ddcd7804a7776b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee78e49f2b8e2ea508e214441566c33ba6e5f97c93bd44a404a681b1346f7c05
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef586bf784948e62385ac9952a5ff1485f8b794c6b29328b71b67038ba26bc4f
f08484455172d31ef5c551a8228f73cd46f334707d09677aa3e53d73483a8c9c
f11e015f8f05a2c3027128f99a02a6b1fe38dad2c6da1166d25d29f1ab0041fc
f2a5ba2771970cc06f91162851cd9ddb891f9e63652d8355e9d60c07b128a409
f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7
f3bc548fe0ec38e954e193e2048fcd89948a61e9b321e69476b807cfb530215b
f5d6bdecf5054cbf28f1453c28de0a19896d6971f50993f84f8e54ed015acc99
f7dd2aeff60ef14efd7bc0985de2524f2e5cc30334b34cd04c18b54edbb400a3

paypalfee.marketing00.com Open in urlscan Pro 2606:4700:3035::ac43:9317 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

95 Requests

100 %HTTPS

83 %IPv6

13 Domains

19 Subdomains

18 IPs

2 Countries

892 kBTransfer

2146 kBSize

12 Cookies

1 Outgoing links

Redirected requests

95 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

paypalfee.marketing00.com Open in urlscan Pro
2606:4700:3035::ac43:9317 Public Scan

Screenshot
Live screenshot

Full Image

95
Requests

100 %
HTTPS

83 %
IPv6

13
Domains

19
Subdomains

18
IPs

2
Countries

892 kB
Transfer

2146 kB
Size

12
Cookies

95 HTTP transactions
5 data transactions