passback.free.fr Open in urlscan Pro
212.27.48.10 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://passback.free.fr/pub/pp_120x600.html
Submission Tags: falconsandbox
Submission: On April 07 via api (April 7th 2022, 12:37:03 pm UTC) from US — Scanned from FR

Summary HTTP 44 Redirects Behaviour Indicators

Summary

This website contacted 17 IPs in 5 countries across 9 domains to perform 44 HTTP transactions. The main IP is 212.27.48.10, located in Bois-Colombes, France and belongs to PROXAD, FR. The main domain is passback.free.fr. The Cisco Umbrella rank of the primary domain is 621747.

This is the only time passback.free.fr was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	212.27.48.10 212.27.48.10	12322 (PROXAD) (PROXAD)
2	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
3	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1 2	54.75.85.105 54.75.85.105	16509 (AMAZON-02) (AMAZON-02)
3 4	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
3 5	184.87.213.8 184.87.213.8	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	37.252.172.37 37.252.172.37	29990 (ASN-APPNEX) (ASN-APPNEX)
3	2600:9000:206... 2600:9000:206e:c400:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
7	104.244.36.20 104.244.36.20	7415 (ADSAFE-1) (ADSAFE-1)
44	17

1 212.27.48.10 (Bois-Colombes, France)

ASN12322 (PROXAD, FR)
PTR: www.free.fr

passback.free.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.75.85.105 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-75-85-105.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.98 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 184.87.213.8 (Milan, Italy) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-87-213-8.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.172.37 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:206e:c400:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.244.36.20 (United States)

ASN7415 (ADSAFE-1, US)
PTR: nyidt.adsafeprotected.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	googlesyndication.com 48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 98 tpc.googlesyndication.com — Cisco Umbrella Rank: 128	87 KB
12	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 780 static.adsafeprotected.com — Cisco Umbrella Rank: 565 dt.adsafeprotected.com — Cisco Umbrella Rank: 517	119 KB
9	doubleclick.net 3 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 193 googleads.g.doubleclick.net — Cisco Umbrella Rank: 40 cm.g.doubleclick.net — Cisco Umbrella Rank: 211	149 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 575	4 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 248	3 KB
3	google.com adservice.google.com — Cisco Umbrella Rank: 77 www.google.com — Cisco Umbrella Rank: 4	2 KB
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 176	64 KB
1	google.fr adservice.google.fr — Cisco Umbrella Rank: 26349	792 B
1	free.fr passback.free.fr — Cisco Umbrella Rank: 621747	1 KB
44	9

	Domain	Requested by
8	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com www.googletagservices.com
7	dt.adsafeprotected.com	48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com
7	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com googleads.g.doubleclick.net
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
3	static.adsafeprotected.com	48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net
2	fw.adsafeprotected.com	1 redirects 48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com
2	googleads.g.doubleclick.net	48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com passback.free.fr
2	www.google.com	tpc.googlesyndication.com 48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com
2	48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	www.googletagservices.com	passback.free.fr 48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.fr	securepubads.g.doubleclick.net
1	passback.free.fr
44	16

This site contains no links.

Subject Issuer	Validity	Valid
*.g.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google.fr GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2021-08-11` - `2022-09-09`	a year	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
*.adsafeprotected.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-26` - `2022-06-17`	a year	crt.sh

This page contains 8 frames:

Primary Page: http://passback.free.fr/pub/pp_120x600.html
Frame ID: 83063042C7C874B5FBB73E4D0FD7CFF0
Requests: 10 HTTP requests in this frame

Frame: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: E5813F5FB88BB2A2BDED3BD8BE101C8D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: C89C6791C722B0206AF1DF6E04B6BA33
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 5A264B173075B68D1D63D0B4228AD3CD
Requests: 2 HTTP requests in this frame

Frame: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 242EA7938F80577BBF45846511743AC2
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJqxswEQvLK3ARjPo_jGATAB&v=APEucNU9_-hP79x3_lzylANv-A5TFvpn-YC7YH-KYXUVaofUKbgtg3rYu_5qRfKuN52iDk1UgI6mj29ooI3axcnZUbMOPNX4t5yW9m2LtIGtuMycFt3g32j2ZL1VwWY5amROVF6l9ZY7R7C9avWmE2ZF37udfegvEadLEYZN7gT_gEJdzSExPA9eniruWGN94fLwkSVFg-H541rufbEgdXGOH6jS3R3k_w
Frame ID: 89E5E7AABD1BB23EF31349C3FC05FAD8
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: AFF54C719AA81989E572E7A6DC34B3B4
Requests: 3 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: 3FFD35AEC119F606568FFEA32C7079DC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Page Statistics

44
Requests

86 %
HTTPS

56 %
IPv6

9
Domains

16
Subdomains

17
IPs

5
Countries

425 kB
Transfer

1152 kB
Size

9
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 23

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG56GVrB7fZFrQnkbya78yY&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG56GVrB7fZFrQnkbya78yY&google_cver=1&C=1

Request Chain 24

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yk7a60L1knjHgXKyXscnYgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDF2USK3OQ_NqfQUXPrVaXc&google_cver=1

Request Chain 25

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEEUpEdJ7GWb60m4vLTiwEk0&google_cver=1

Request Chain 26

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzcxNjQ0NzQ5MjUzNTQ3NjM1NA%3D%3D

Request Chain 29

https://fw.adsafeprotected.com/rfw/bgd/1002325/61875503/xbbe/creative/adj?p=APEucNWu6gqoOQbuSKO0WdcOsu3Idv1ojiixFJ-EzFn4Zxq11nKsXZM&d=CnkAoCZ_4IV7W-WfHlJ9M6SlRVGQWKjoB-p5S0gQpAa3rVoaq_bNn9gd7da5ro9IFLD6V8rAZU5xLuUq7eKggU_wZTikm8u30_4nfsi3aVBjNARDh11K8_25ivIrsARCAz3qa7m8MCkYWnSC5KMTPnmRWRnII4nCDeE-EukRAKAmf-DB3aZW_OoxGXLerI4OK8LBzNDAl8epfUFUXHMKjm6QaakgBbIWl4T9IO4sKjVAgBNE5oYXet0xwQht60m3DQb_1lDgxj9sLm8mKTAunF1WCTDLOzF76E25T1RsdHccW9X-u8STdqq8vBgjue7jiJdvbfIrhM_WrZ3Sq4N6mulAbUbjcTIBR49C_e3u2Sm-LNR08w6te0mOj_RW4zJ5gl5aER1DlKSX2ypQOL9dFeCHy4eUH4MUDUvkWhzkL2otHm24_HU3z8qE4RUNl11jA1P2OlYP4IMYPbZlbWb5mpfVMvm-_gp6WJtmS9mCKDr30BkbBJD2WNrG_D5LJlFHts2OCzdM9vy-xNNFXLKuSVmWNzhQkODJMrJ97vNPgoYoubpdZIZn9nOPsCcV6ojvuVM65MaNVxdlPY0UvfDoPLe4SRs0lphKAt3IHepwFojmxM0dcbrjhFuD4dH4XUID5U4TFbMvxKsp1tYvNFH9NMiBDQnUSlfqhlj2YGj6_saiOygHtUM-lcfo0Svaa-WelXVt0gowZBNKmQ4vAPNCcoU3XeAoD8WX3Yt7H6zNhdQzfGcH83RlABTmETGZN4CkQYKW2O3H1F-9Fq8ISuJaxkrBweK9Wb0ZZFOnwg7ZKB4pg5pvBlqlB2NK-ebBwQIfjFj2Gk2a7yttXnWXCqI381zaNXICKvepdkwmdlzi3yoQkZEpRMruI118x4g71RgPBLKX5A6NV9eLGM4MDZaC_aubcfKjQt1-iYH8xoiJ_MtG2lD0YsMIXe46ZMwqmFpX7W1rM49SL0Ad0CE1CuE0Hpfo4VtwyDg6Wb8coocK5jFRgsQ8U2hm-gzLK17C27NaEL730JhrmDg5vwhv2XMGgvQHHBYlZuuu9NQbzCpdunXsCOkIaQEPZavEdHkHBWNNauoQRxl_c5XRYNwFbsT06XMEAbEUMWSwCQWZqIKAB5wKWNqAa-X2Zy9-KNL6eCmfe9z1mla6Xb8TEwEbBi8gM-BA3Knj5NTuLv8f2l6QD-9P8zyKd9KyWsXq-w3orqeo4GzLsxX_lMhHpDsd8GHbPv5vpBNf_arowuoCIYMxDAtsW0WBoxBujdg8_YqmYBd1OnPRZOO4a2KfkYpYeSlEoD6Gzlu7UUo_7iB5fM18BfM_mLDNQPX89PMeW4htssBIiHsC7aZirk-Pya77SwnV3tHq9QWaVokNLnEfKkjBWUyRF0ujWfMuDWE3SCJFiYr02igvXy7XELfDjnw4cOkxrQTHwHq1PCQOTvc-cS4_8t7YakzmkPFkgQRZN_DOu7CVbOLlc2qFN6tPYwWdlcbg3M9qSaE25WB-3TPHDotK8jUdltYkJat1md5m4XRmnT7_PTTX0BOgJGA368vGwb0-O_dGuVS_raVe9vc-8v7fpDDEcUaEVbylZPMyi7tl55i7tLs-JVLDfhHacinodr3OLkOfGrIut6U1qTgUiqiQnGYqXCULiVagbwU1FiLAhhepZ0gJypULInmHG37x7EFY7J6Q_tgdQDgfDHDofobb4YzjrS5-H4axLgAVL8ciVUWiS35qo_eVeleX370pNW1jaF6S_HGNpbBi4CMHyO47bCpW4gFN3o8cjX75mJwgGh3gIhyJY0U4LXe9z9-iC4rdHvtFuOh9jhHamN6mlV50o8RJqd93Eg7tCWUA9uPWyUqn8kMfr9pHmcK8IE4VGx5EyJpTRmhInqLY6cDL8IIuAAwmDGzKUAo3OLaQ5qQP3kwOyb2GEs7WjVAsRQYYGsef-ohfhFqKFkIm7NtbrNLpHkW4rb3po7vMMjuz6GQ3X3WV1cO3ugZ3lBg7RIaVNnkVSsdqnhDBj6g2b7JyarPAPa-tjE8yyB7aYIdQNEUzeLiv3bshQT18VI6ALAAJngw0TdoWhcSRAtIM9pLWv9TtB07PRNvhbnIlD7suMwnBtmtYtCrASRlHXZhlp42R4-ZJCpmGLC1utlEdahdSgZvE9WIbKogDfqYjyFxusj2u49YSsDuL9qB4CLXqUXlKt22LxwCHQwFPQDGD9u2lk-VOXtwhSBBZJq1dbYGRNQ5Pplb_vrebqG6YALMY2yDGGlBEzQniAK8DY7G_w7KPBKL0m1uTUurQj9X3n5PhkdcydjMwmYgSnB2JZzlJtNjjzsGVdzaTUCGP1X2b3wBQbvimHbBVejRFPrriUxhw-n7nE11CkufvXSEqRf-tBdhC-lwGH-_f1FV0ue0AEr-oRvb4Ddc20c7KEhNTgkkbp-n-pBPQVZH6h1xVtwWDkAdrn_SnIGUFAZtJARBl_OH1I5FFaj0J_HMKfrfHl1dFrBSj325QscETxaqon8yODKdomDWbA4JjaS4WwncwZNA0fnr7YYIvqr05SJQjTJT7lSWQopmfs-Uzj7eqWc3LGlZ6peRd2fntHvkLdWXOnIFFMgoIbxowYkENfbY7vr2SwzHRQnkMogDsYdCrAMLTdnWwq22tpl98TjYaseKtXTOzqjXEDO7ktQRbnlB_-2p5HNTfqOktK79Wqo3iaTlStat5SxYDcSjPLnT-IquLu26KEoFctYZkkaILy-wyuL955wvWgktRaXuHU5KLRoX6gaXH_XWVPdz0KsW54HgdIR1-5_Ayz7CetqKguvDOCKMc4NyyeIrBYv3A2dZJNqeRzGoadx41VnD5oLRd3cnRl-KZy2ybiIaTahzjM73NHPYZorkr1FCoJv3ZQEi5zdBLWVR17Rlz1u1pDaGs7yYw7xM8NCWbHOXzmxMeBJU4nr4f85rOhB99ogVp-Yp7Q0hkIjh7mSUBFNb3fTGSd41I74clCgrpAa-lCWxRESa_mdLHHOrOhQoKOMN0jt6Z77dhi9_3McBVB9rWj_j95xdZ80jHi3dFoFGPWIgyKhwwt5IrfaUX1TOlCsKUiY8Og--JpiM01BnaHmfsYH1bRb3lTK6NcC_I9J-W_LC6sb0H6wsRHtHdIZqTJO6rgJDxtKtrrIHyzb8QS1O7H2bdedys6yCx4tWb2ghMzCVcwvtcUXDMKj6JLjwbmRs9hWOKchoyCAQSLgCNIrLM5atHN6-onfPYf_VfjbzNt1gxRxoKPt3s1yV7Ax29lwGJFoxcG7wQ1NZgAQ&ias_dspID=3&ias_campId=1006201864&ias_pubId=&ias_chanId=1&ias_placementId=16725270697&bidurl=http://passback.free.fr/pub/pp_120x600.html&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hPcGEUGwBpWAAFGaJQMIid&adsafe_url=http%3A%2F%2Fpassback.free.fr%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:102f839b-a737-bf28-6925-01c84f6bb122,c:96p1YP,sl:outOfView,em:true,fr:false,thd:1,mn:app19ie,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.120.600,am:i,cc:NaN.NaN.120.600,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,scm:cfrma1,nbld:0,mtim:3,fm:t2k1EKH+11%7C12%7C13*.1002325-61875503%7C131%7C132,idMap:13*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:16,oid:6adb6218-b66f-11ec-9809-021257f6d443,v:19.8.299,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/passback_120x600.js

44 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request pp_120x600.html Show response
passback.free.fr/pub/ 3 KB
1 KB 56ms
18ms Document
text/html 212.27.48.10
PROXAD

General

Check archive.org

Show headers Download Go to

Full URL: http://passback.free.fr/pub/pp_120x600.html
Protocol: HTTP/1.1
Server: 212.27.48.10 Bois-Colombes, France, ASN12322 (PROXAD, FR),
Reverse DNS: www.free.fr
Software: nginx/1.14.2 /
Resource Hash: e9edf15f42b6de85435769aa7410dc4ad6efffbcb67db5016d0c475862f16fcd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Thu, 07 Apr 2022 12:36:58 GMT
ETag: W/"59de3177-ce8"
Last-Modified: Wed, 11 Oct 2017 14:57:59 GMT
Server: nginx/1.14.2
Transfer-Encoding: chunked

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 82 KB
28 KB 98ms
35ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: passback.free.fr
URL: http://passback.free.fr/pub/pp_120x600.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc3e615bfbb52cad341441bb9ae43a4e13f877e1ed03c0ef2f78074a8b009054

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://passback.free.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 12:36:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28281
x-xss-protection: 0
server: sffe
etag: "1180 / 703 of 1000 / last-modified: 1649329592"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 07 Apr 2022 12:36:58 GMT

GET
H2 200 pubads_impl_2022033101.js Show response
securepubads.g.doubleclick.net/gpt/ 366 KB
125 KB 89ms
25ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

a58d46d853c21c8e11eb057aba26dbeeb32041b51a61d4e2c3adc86c09c08704

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://passback.free.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 10:15:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127477
x-xss-protection: 0
last-modified: Thu, 31 Mar 2022 08:37:09 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 07 Apr 2023 10:15:50 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 539 B
839 B 97ms
34ms XHR
application/json 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=passback.free.fr

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

80d28912b688ae2797c445314b5fbd47b402fa6e4e019a3fab5d4ddf12899a49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://passback.free.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 07 Apr 2022 12:36:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 203
x-xss-protection: 0
expires: Thu, 07 Apr 2022 12:36:58 GMT

GET
H2 200 integrator.js Show response
adservice.google.fr/adsid/ 107 B
792 B 92ms
34ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.fr/adsid/integrator.js?domain=passback.free.fr

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://passback.free.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 07 Apr 2022 12:36:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 92ms
35ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=passback.free.fr

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://passback.free.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 07 Apr 2022 12:36:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 24 KB
11 KB 453ms
452ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1865775049084097&correlator=2337002580909307&eid=31065714%2C31066947&output=ldjh&gdfp_req=1&vrg=2022033101&ptt=17&impl=fifs&iu_parts=22336046%2C03_lowcost_pagesperso_web%2Crg_sky&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=120x600&ifi=1&adks=837864984&sfv=1-0-38&ecs=20220407&fsapi=false&prev_scp=pos%3Ddroite-sky%26ad_group%3Dad_opt&eri=1&cust_params=env%3Dprod&sc=0&cookie_enabled=1&abxe=1&dt=1649335018529&lmt=1507733879&dlt=1649335018184&idt=323&biw=1600&bih=1200&adxs=740&adys=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&bc=23&url=http%3A%2F%2Fpassback.free.fr%2Fpub%2Fpp_120x600.html&frm=20&vis=1&scr_x=0&scr_y=0&psz=1600x1200&msz=1600x0&fws=0&ohw=0&ga_vid=520869911.1649335019&ga_sid=1649335019&ga_hid=431013659&ga_fc=false&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

9e8eb05788a3a9aa95c93d0a88eaf93f4b6384ba2e3c0f4c65b611e87f87fc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://passback.free.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 12:36:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10288
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://passback.free.fr
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E581 6 KB
4 KB 137ms
32ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://passback.free.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 07 Apr 2022 12:36:58 GMT
expires: Fri, 07 Apr 2023 12:36:58 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 98ms
39ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022033101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0f16274f6dd394134301f1800ae0c383de76e1f98a98962d97f5bad09e4ce0ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://passback.free.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 07 Apr 2022 12:36:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10567
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 109ms
43ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://passback.free.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 12:36:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 07 Apr 2022 12:36:58 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame C89C 13 KB
5 KB 59ms
25ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://passback.free.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
age: 761
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 07 Apr 2022 12:24:17 GMT
expires: Fri, 07 Apr 2023 12:24:17 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5A26 783 B
1 KB 96ms
35ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

de192866b962f6ef9012aadd2e5085b8a198f8f19e7e0a568816363e3e451051

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-0RQXL5lbjKDFe8YjPYP74Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://passback.free.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 515
content-security-policy: script-src 'report-sample' 'nonce-0RQXL5lbjKDFe8YjPYP74Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 07 Apr 2022 12:36:58 GMT
expires: Thu, 07 Apr 2022 12:36:58 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 UUQTj9cPGsMVMqvEOxLdokHV79mACYo3jc0rpEwmHZs.js Show response
pagead2.googlesyndication.com/bg/ Frame C89C 35 KB
13 KB 58ms
25ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/UUQTj9cPGsMVMqvEOxLdokHV79mACYo3jc0rpEwmHZs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5144138fd70f1ac31532abc43b12dda241d5efd980098a378dcd2ba44c261d9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 06:39:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21438
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13701
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 12:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 07 Apr 2023 06:39:41 GMT

GET
H3 200 container.html Show response
48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 242E 6 KB
3 KB 59ms
26ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022033101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://passback.free.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 07 Apr 2022 12:36:58 GMT
expires: Fri, 07 Apr 2023 12:36:58 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5A26 0
0 74ms
73ms Image
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022033101&jk=1865775049084097&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 89E5 624 B
975 B 93ms
35ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJqxswEQvLK3ARjPo_jGATAB&v=APEucNU9_-hP79x3_lzylANv-A5TFvpn-YC7YH-KYXUVaofUKbgtg3rYu_5qRfKuN52iDk1UgI6mj29ooI3axcnZUbMOPNX4t5yW9m2LtIGtuMycFt3g32j2ZL1VwWY5amROVF6l9ZY7R7C9avWmE2ZF37udfegvEadLEYZN7gT_gEJdzSExPA9eniruWGN94fLwkSVFg-H541rufbEgdXGOH6jS3R3k_w

Requested by

Host: 48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com
URL: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 07 Apr 2022 12:36:59 GMT
expires: Thu, 07 Apr 2022 12:36:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 242E 14 KB
11 KB 149ms
92ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AjRMDV5rsQuohQm60zVTwkrNzDnhMRJhm80BwxiQ70ooB844Ex04v7r3cEJ1XGFLfF8gUFnePbtG-UdOq6IDfa_uO2EfaIV4fF_2KypkHKK5_Dq_RXQEJ5TqOUfITEKAN9kDk3eiAVxlJzLEIuyRpLycKCZw&dbm_d=AKAmf-AGmJwrAw8BdEum1E9vx2E5f7K6bHxWDH1AkBsb9KhVwkMJc2ipVfIi99f_fwXAknFI5UjLz8dkB75W5mcOcpyOhboyK6mrr_avaLL-idxawUXG3oSgovfqu94X1OqRYxEs0Vwjs9955koxFIblYteVfnIj4z8KhD0JuK4JEw3YsUYc_B0iE7Urkoc3yis9EIskrx5uijQhJpEQi_jsFKR_lUWpDBMcux_C_4GHi9-pUyPNSPFSi0npFFIS2vKHz5_x5F2cGy9LcP6hNmPRP56rzxI-nVVr9kUQs9JaRlee5lEXADd2HKdfK-tmhf6NF4T_8jeZGzbQCrPrkkyulEJK1PUVLCawx6QV2jrD-gag9JqZ7fp9DkQFpuYFcMV_D4IGh1zpGNdrrH5gCm9Dcs3B1n9E7r8quB46fIfNTDUaS-eNSgoCbtbZBwqWgNPOhULGkQ08KB9fDIXsG1NKNvXaYe_5ETOzkBaEakLFxEKsEh0kdhHb8jGTkskNiSzP4lI1S_YIhckcnE3wMY3c2bOYy5YCnCwDLWU8Ne7-aszNBgZ2PaoRmKzIxskT5T2V0m2LS_WhVDSuDvTUOtWMPPzbYgiX0XvNdZGaz4ndC8Z0SnozPREs__KbQ2v_F6a_-KBFpJlI7eBNAZpi4Z5hbNldTt00stmybvnS7OfSQOxbPUlr7mE46r145lXx31MQxF-S8kR6fJHTsl0wHRUGFbdmxEjAe33lebbF6sYCrfsSplj97Ddo5bq9g_URsW6Yj8_YeCurg6jPN0CjRDkK82wATRwAKKku2Z0OncilztBhHMGu7hz9ryPcgYYqwQewd9WbZeLw3w-83CxE9a9bQ419L8oz9opBy0t5xZFGIK_QZOVLl3V30eljwl69TkZ5F8O8LC0MBcJqS9kCV9chZer8lrrKdhVSqiJQ3W2By2tHNbTTNKYrVncU_u80oRPC4CgoEHi4RF8EvMT4zTNde7_cu-JtLgmdUf7UFxLWSajpDJtP5GeO0sNHFl3Qc2SrFzkH7jDVuve_SSJ1n1Rx2qaA_g5UQLpDGhs0XfvwdLQ6Mgyu6O8RBK_OiXwp08KkzsXldHYV-l8NN7x7NtA_QYVL5OM6NKW77S3l1ducMrAp1tpcicG4sRntAUAgQLyG6yAhn3w3FCW7QKGDVDaTj1SMdO8Paf1GfxLIMQuiNlf3bxu5w6MNFSYV2jNKkWuZS87RUxajVP85aY8Zxv_tETkAjpdafN3CoOuhL6SdcEykBPzKMSN1T5R4ei8lLrj-5_S-SZr3cgdSscMeZbLLFCODcnoUpLDtYKo4bG0_lbjAGkY3lv0XDjUYgA68H96H-EySDfKcqo86J3wyG8tQF5WhcX-g-eMvn2HmAvnIDBMQAhUVveMwpL5nxJWjwBNempc0Kh-t-TzC-OkX7W7aEIq2aEA4KqC2WJowljvEVUk-DrXlV7oCCRIaAx7VXwXjLweVibhBvnNSLs4RVs7_cAoq8bhGnQzsriTcD6GMRCRDx3GpMKzrwp85adrV5CRFlWehp_Qsuafo71u-d2BKU6grPnO2A_X2SvNnx43Xc3EdGt8ciuZpAoL9ann6vsUv3LoC6Pcc_zhKMMYl8h8D8l9c1ilwThg-ceQIyMNOTfUYI_k0aoiJSFW3U5wkOvow2r9WZ4r_gcCOuC0oLeJG9cGEIi5rNPrOAOYY2e9cMqzXVaYdnxvA1bTgYMNTuOuTTA_CLOfb31srO1SFKCIAM7L7jAwPb_tigaLRENZ6DamQO7bjF7A2m4XaJVtzGJtru6v-zFwYhcYgWI-uhri3opArBaBISatfgpfZ35qA611GR5MekabkwhY3e_ISN-i1y4iwbDpyNVmQRTyN1CSlDigKEBBpA_Ckq_UjYKGQaX-Uo9fzwItQLVqrIn2Ye472a_dc3JgbAbIklupTHIJg-orNzhslN908aOl-zrx_5kLvTtASN1qSJ6ZLW8x-JyujNkwBMcRLBn6HMBatuDECi5CuYwpcFtLdXQgc92pMeMf87IR8pzoKx_8BQPBAyc0eVwMTFF7FZRX3r-RMKFpTvNtXC3vZJ4K5sGXfc4tMXHnLPu4nbWAUwyJlH44_cwYtJCjgs_rZFCsCVevKGV2DlDuz54hsL1Y25WHYfeNSB_7GtdjXx8A7IwiKrD_Jk4XJ3xuxR1oVmZwFN2xinBQB1Bs8Nc_xgIAbtfSwMLMpM65Ecp_pPvbIQ-Oec_6shHtArnxu2Rl6FnRIERw0vmzdY0Us_Xwu9li2jJcxq_-jSRLWxIzaQy9T344iTmQ3es1Li2wnkbJtpXuPiU-ske8HZ2mtQsbsF-TM0xYhwQdTHmLgzQBH_IeP4WW3wiQDXbFIJxZZPBDoa7bC8ArWZSxYqI5gwgV_ZPmukkqQji6O-etJNmCWBtptN_sz557kWBGLlzn15i3DNGEETe-d36g0SuXpoULacGgI1mhoOqV2dsk0OcVJmCADzbFl2uIWrQfngp8zrU9jU6C7OisTfpnnrTrBarXeeh7NoVCLpLox9qECwt5uBXSh7ev71l0ptiIcWsS1XG7PSgrOgKkNlpB362BLGUFfZeyJmeH5Wxwn74mLeOJS23hlXVt7rS4I8fTig_O3ObqI&cid=CAQSLgCNIrLM5atHN6-onfPYf_VfjbzNt1gxRxoKPt3s1yV7Ax29lwGJFoxcG7wQ1NY&rfl=1%2Chttp%253A%252F%252Fpassback.free.fr%252F%240

Requested by

Host: passback.free.fr
URL: http://passback.free.fr/pub/pp_120x600.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

45861cbf34fbda63ddac6037afb8bf844bbfcc4d3d3fc7a2a337c41a22089498

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Apr 2022 12:36:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10525
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 242E 42 B
63 B 58ms
57ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DE82pZ0sjdk7saIpTHRy1xlXMBJAiuCIV-v3eU3GqOmFuXbXqKfCZ_TMOB7zFrXML9XpePN10AZMgR3deRknjUYrSM5DKur7p7-xhCUKFbl1tY8uU

Requested by

Host: 48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com
URL: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Apr 2022 12:36:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adj Show response
fw.adsafeprotected.com/rjss/bgd/1002325/61875503/xbbe/creative/ Frame 242E 238 KB
80 KB 149ms
60ms Script
application/javascript 54.75.85.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/bgd/1002325/61875503/xbbe/creative/adj?p=APEucNWu6gqoOQbuSKO0WdcOsu3Idv1ojiixFJ-EzFn4Zxq11nKsXZM&d=CnkAoCZ_4IV7W-WfHlJ9M6SlRVGQWKjoB-p5S0gQpAa3rVoaq_bNn9gd7da5ro9IFLD6V8rAZU5xLuUq7eKggU_wZTikm8u30_4nfsi3aVBjNARDh11K8_25ivIrsARCAz3qa7m8MCkYWnSC5KMTPnmRWRnII4nCDeE-EukRAKAmf-DB3aZW_OoxGXLerI4OK8LBzNDAl8epfUFUXHMKjm6QaakgBbIWl4T9IO4sKjVAgBNE5oYXet0xwQht60m3DQb_1lDgxj9sLm8mKTAunF1WCTDLOzF76E25T1RsdHccW9X-u8STdqq8vBgjue7jiJdvbfIrhM_WrZ3Sq4N6mulAbUbjcTIBR49C_e3u2Sm-LNR08w6te0mOj_RW4zJ5gl5aER1DlKSX2ypQOL9dFeCHy4eUH4MUDUvkWhzkL2otHm24_HU3z8qE4RUNl11jA1P2OlYP4IMYPbZlbWb5mpfVMvm-_gp6WJtmS9mCKDr30BkbBJD2WNrG_D5LJlFHts2OCzdM9vy-xNNFXLKuSVmWNzhQkODJMrJ97vNPgoYoubpdZIZn9nOPsCcV6ojvuVM65MaNVxdlPY0UvfDoPLe4SRs0lphKAt3IHepwFojmxM0dcbrjhFuD4dH4XUID5U4TFbMvxKsp1tYvNFH9NMiBDQnUSlfqhlj2YGj6_saiOygHtUM-lcfo0Svaa-WelXVt0gowZBNKmQ4vAPNCcoU3XeAoD8WX3Yt7H6zNhdQzfGcH83RlABTmETGZN4CkQYKW2O3H1F-9Fq8ISuJaxkrBweK9Wb0ZZFOnwg7ZKB4pg5pvBlqlB2NK-ebBwQIfjFj2Gk2a7yttXnWXCqI381zaNXICKvepdkwmdlzi3yoQkZEpRMruI118x4g71RgPBLKX5A6NV9eLGM4MDZaC_aubcfKjQt1-iYH8xoiJ_MtG2lD0YsMIXe46ZMwqmFpX7W1rM49SL0Ad0CE1CuE0Hpfo4VtwyDg6Wb8coocK5jFRgsQ8U2hm-gzLK17C27NaEL730JhrmDg5vwhv2XMGgvQHHBYlZuuu9NQbzCpdunXsCOkIaQEPZavEdHkHBWNNauoQRxl_c5XRYNwFbsT06XMEAbEUMWSwCQWZqIKAB5wKWNqAa-X2Zy9-KNL6eCmfe9z1mla6Xb8TEwEbBi8gM-BA3Knj5NTuLv8f2l6QD-9P8zyKd9KyWsXq-w3orqeo4GzLsxX_lMhHpDsd8GHbPv5vpBNf_arowuoCIYMxDAtsW0WBoxBujdg8_YqmYBd1OnPRZOO4a2KfkYpYeSlEoD6Gzlu7UUo_7iB5fM18BfM_mLDNQPX89PMeW4htssBIiHsC7aZirk-Pya77SwnV3tHq9QWaVokNLnEfKkjBWUyRF0ujWfMuDWE3SCJFiYr02igvXy7XELfDjnw4cOkxrQTHwHq1PCQOTvc-cS4_8t7YakzmkPFkgQRZN_DOu7CVbOLlc2qFN6tPYwWdlcbg3M9qSaE25WB-3TPHDotK8jUdltYkJat1md5m4XRmnT7_PTTX0BOgJGA368vGwb0-O_dGuVS_raVe9vc-8v7fpDDEcUaEVbylZPMyi7tl55i7tLs-JVLDfhHacinodr3OLkOfGrIut6U1qTgUiqiQnGYqXCULiVagbwU1FiLAhhepZ0gJypULInmHG37x7EFY7J6Q_tgdQDgfDHDofobb4YzjrS5-H4axLgAVL8ciVUWiS35qo_eVeleX370pNW1jaF6S_HGNpbBi4CMHyO47bCpW4gFN3o8cjX75mJwgGh3gIhyJY0U4LXe9z9-iC4rdHvtFuOh9jhHamN6mlV50o8RJqd93Eg7tCWUA9uPWyUqn8kMfr9pHmcK8IE4VGx5EyJpTRmhInqLY6cDL8IIuAAwmDGzKUAo3OLaQ5qQP3kwOyb2GEs7WjVAsRQYYGsef-ohfhFqKFkIm7NtbrNLpHkW4rb3po7vMMjuz6GQ3X3WV1cO3ugZ3lBg7RIaVNnkVSsdqnhDBj6g2b7JyarPAPa-tjE8yyB7aYIdQNEUzeLiv3bshQT18VI6ALAAJngw0TdoWhcSRAtIM9pLWv9TtB07PRNvhbnIlD7suMwnBtmtYtCrASRlHXZhlp42R4-ZJCpmGLC1utlEdahdSgZvE9WIbKogDfqYjyFxusj2u49YSsDuL9qB4CLXqUXlKt22LxwCHQwFPQDGD9u2lk-VOXtwhSBBZJq1dbYGRNQ5Pplb_vrebqG6YALMY2yDGGlBEzQniAK8DY7G_w7KPBKL0m1uTUurQj9X3n5PhkdcydjMwmYgSnB2JZzlJtNjjzsGVdzaTUCGP1X2b3wBQbvimHbBVejRFPrriUxhw-n7nE11CkufvXSEqRf-tBdhC-lwGH-_f1FV0ue0AEr-oRvb4Ddc20c7KEhNTgkkbp-n-pBPQVZH6h1xVtwWDkAdrn_SnIGUFAZtJARBl_OH1I5FFaj0J_HMKfrfHl1dFrBSj325QscETxaqon8yODKdomDWbA4JjaS4WwncwZNA0fnr7YYIvqr05SJQjTJT7lSWQopmfs-Uzj7eqWc3LGlZ6peRd2fntHvkLdWXOnIFFMgoIbxowYkENfbY7vr2SwzHRQnkMogDsYdCrAMLTdnWwq22tpl98TjYaseKtXTOzqjXEDO7ktQRbnlB_-2p5HNTfqOktK79Wqo3iaTlStat5SxYDcSjPLnT-IquLu26KEoFctYZkkaILy-wyuL955wvWgktRaXuHU5KLRoX6gaXH_XWVPdz0KsW54HgdIR1-5_Ayz7CetqKguvDOCKMc4NyyeIrBYv3A2dZJNqeRzGoadx41VnD5oLRd3cnRl-KZy2ybiIaTahzjM73NHPYZorkr1FCoJv3ZQEi5zdBLWVR17Rlz1u1pDaGs7yYw7xM8NCWbHOXzmxMeBJU4nr4f85rOhB99ogVp-Yp7Q0hkIjh7mSUBFNb3fTGSd41I74clCgrpAa-lCWxRESa_mdLHHOrOhQoKOMN0jt6Z77dhi9_3McBVB9rWj_j95xdZ80jHi3dFoFGPWIgyKhwwt5IrfaUX1TOlCsKUiY8Og--JpiM01BnaHmfsYH1bRb3lTK6NcC_I9J-W_LC6sb0H6wsRHtHdIZqTJO6rgJDxtKtrrIHyzb8QS1O7H2bdedys6yCx4tWb2ghMzCVcwvtcUXDMKj6JLjwbmRs9hWOKchoyCAQSLgCNIrLM5atHN6-onfPYf_VfjbzNt1gxRxoKPt3s1yV7Ax29lwGJFoxcG7wQ1NZgAQ&ias_dspID=3&ias_campId=1006201864&ias_pubId=&ias_chanId=1&ias_placementId=16725270697&bidurl=http://passback.free.fr/pub/pp_120x600.html&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hPcGEUGwBpWAAFGaJQMIid
Requested by: Host: 48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com
URL: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.75.85.105 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-85-105.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a111f843172c9bdb125518a40ad90af6ff986b32975acb4cf08e26d51642b3c6

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Apr 2022 12:36:59 GMT
content-encoding: gzip
x-server-name: app19.ie.303net.net
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220405/r20110914/client/ Frame 242E 3 KB
1 KB 26ms
24ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220405/r20110914/client/window_focus_fy2019.js

Requested by

Host: 48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com
URL: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 12:36:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Apr 2022 12:36:22 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220405/r20110914/client/ Frame 242E 15 KB
6 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220405/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com
URL: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 12:35:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6409
x-xss-protection: 0
server: cafe
etag: 15284592792851369840
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Apr 2022 12:35:47 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 242E 0
0 67ms
33ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT8qbZxCmslOh2V3RPZF1s54tS1FFfC_g1JYWUhIZZlqHQQFk9i81suZpgt2Cr6mAHTQTyJ
Requested by: Host: 48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com
URL: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 242E 119 KB
36 KB 70ms
37ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com
URL: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

214a4e6d1b76b8f804bf74ddd53aba8493b4d61e9609d75d8923a34ed97b80e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 12:36:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36932
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649247338736001"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 07 Apr 2022 12:36:59 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame C89C 0
9 B 25ms
24ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?m7Bmag
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 12:36:59 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 89E5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG56GVrB7fZFrQnkbya78yY&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG56GVrB7fZFrQnkbya78yY&google_cver=1&C=1

43 B
1014 B

49ms
49ms

Image
image/gif

184.87.213.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG56GVrB7fZFrQnkbya78yY&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJqxswEQvLK3ARjPo_jGATAB&v=APEucNU9_-hP79x3_lzylANv-A5TFvpn-YC7YH-KYXUVaofUKbgtg3rYu_5qRfKuN52iDk1UgI6mj29ooI3axcnZUbMOPNX4t5yW9m2LtIGtuMycFt3g32j2ZL1VwWY5amROVF6l9ZY7R7C9avWmE2ZF37udfegvEadLEYZN7gT_gEJdzSExPA9eniruWGN94fLwkSVFg-H541rufbEgdXGOH6jS3R3k_w
Protocol: HTTP/1.1
Server: 184.87.213.8 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-87-213-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Apr 2022 12:36:59 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 07 Apr 2022 12:36:59 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 07 Apr 2022 12:36:59 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG56GVrB7fZFrQnkbya78yY&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Thu, 07 Apr 2022 12:36:59 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 89E5
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yk7a60L1knjHgXKyXscnYgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDF2USK3OQ_NqfQUXPrVaXc&google_cver=1

43 B
894 B

50ms
47ms

Image
image/gif

184.87.213.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDF2USK3OQ_NqfQUXPrVaXc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJqxswEQvLK3ARjPo_jGATAB&v=APEucNU9_-hP79x3_lzylANv-A5TFvpn-YC7YH-KYXUVaofUKbgtg3rYu_5qRfKuN52iDk1UgI6mj29ooI3axcnZUbMOPNX4t5yW9m2LtIGtuMycFt3g32j2ZL1VwWY5amROVF6l9ZY7R7C9avWmE2ZF37udfegvEadLEYZN7gT_gEJdzSExPA9eniruWGN94fLwkSVFg-H541rufbEgdXGOH6jS3R3k_w
Protocol: HTTP/1.1
Server: 184.87.213.8 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-87-213-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Apr 2022 12:36:59 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 07 Apr 2022 12:36:59 GMT

Redirect headers

pragma: no-cache
date: Thu, 07 Apr 2022 12:36:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDF2USK3OQ_NqfQUXPrVaXc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 89E5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEEUpEdJ7GWb60m4vLTiwEk0&google_cver=1

43 B
1016 B

66ms
23ms

Image
image/gif

37.252.172.37
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEEUpEdJ7GWb60m4vLTiwEk0&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJqxswEQvLK3ARjPo_jGATAB&v=APEucNU9_-hP79x3_lzylANv-A5TFvpn-YC7YH-KYXUVaofUKbgtg3rYu_5qRfKuN52iDk1UgI6mj29ooI3axcnZUbMOPNX4t5yW9m2LtIGtuMycFt3g32j2ZL1VwWY5amROVF6l9ZY7R7C9avWmE2ZF37udfegvEadLEYZN7gT_gEJdzSExPA9eniruWGN94fLwkSVFg-H541rufbEgdXGOH6jS3R3k_w

Protocol

HTTP/1.1

Server

37.252.172.37 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Apr 2022 12:36:59 GMT
X-Proxy-Origin: 37.59.164.105; 37.59.164.105; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: fa7998cf-14ca-406a-91c0-b25c49033f89
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 07 Apr 2022 12:36:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEEUpEdJ7GWb60m4vLTiwEk0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 89E5
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzcxNjQ0NzQ5MjUzNTQ3NjM1NA%3D%3D

170 B
188 B

35ms
35ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzcxNjQ0NzQ5MjUzNTQ3NjM1NA%3D%3D

Requested by

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Apr 2022 12:36:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 07 Apr 2022 12:36:59 GMT
X-Proxy-Origin: 37.59.164.105; 37.59.164.105; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 059dc84c-d591-4ae9-9ff9-e4c07ed2c1e6
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzcxNjQ0NzQ5MjUzNTQ3NjM1NA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 242E 41 KB
15 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AjRMDV5rsQuohQm60zVTwkrNzDnhMRJhm80BwxiQ70ooB844Ex04v7r3cEJ1XGFLfF8gUFnePbtG-UdOq6IDfa_uO2EfaIV4fF_2KypkHKK5_Dq_RXQEJ5TqOUfITEKAN9kDk3eiAVxlJzLEIuyRpLycKCZw&dbm_d=AKAmf-AGmJwrAw8BdEum1E9vx2E5f7K6bHxWDH1AkBsb9KhVwkMJc2ipVfIi99f_fwXAknFI5UjLz8dkB75W5mcOcpyOhboyK6mrr_avaLL-idxawUXG3oSgovfqu94X1OqRYxEs0Vwjs9955koxFIblYteVfnIj4z8KhD0JuK4JEw3YsUYc_B0iE7Urkoc3yis9EIskrx5uijQhJpEQi_jsFKR_lUWpDBMcux_C_4GHi9-pUyPNSPFSi0npFFIS2vKHz5_x5F2cGy9LcP6hNmPRP56rzxI-nVVr9kUQs9JaRlee5lEXADd2HKdfK-tmhf6NF4T_8jeZGzbQCrPrkkyulEJK1PUVLCawx6QV2jrD-gag9JqZ7fp9DkQFpuYFcMV_D4IGh1zpGNdrrH5gCm9Dcs3B1n9E7r8quB46fIfNTDUaS-eNSgoCbtbZBwqWgNPOhULGkQ08KB9fDIXsG1NKNvXaYe_5ETOzkBaEakLFxEKsEh0kdhHb8jGTkskNiSzP4lI1S_YIhckcnE3wMY3c2bOYy5YCnCwDLWU8Ne7-aszNBgZ2PaoRmKzIxskT5T2V0m2LS_WhVDSuDvTUOtWMPPzbYgiX0XvNdZGaz4ndC8Z0SnozPREs__KbQ2v_F6a_-KBFpJlI7eBNAZpi4Z5hbNldTt00stmybvnS7OfSQOxbPUlr7mE46r145lXx31MQxF-S8kR6fJHTsl0wHRUGFbdmxEjAe33lebbF6sYCrfsSplj97Ddo5bq9g_URsW6Yj8_YeCurg6jPN0CjRDkK82wATRwAKKku2Z0OncilztBhHMGu7hz9ryPcgYYqwQewd9WbZeLw3w-83CxE9a9bQ419L8oz9opBy0t5xZFGIK_QZOVLl3V30eljwl69TkZ5F8O8LC0MBcJqS9kCV9chZer8lrrKdhVSqiJQ3W2By2tHNbTTNKYrVncU_u80oRPC4CgoEHi4RF8EvMT4zTNde7_cu-JtLgmdUf7UFxLWSajpDJtP5GeO0sNHFl3Qc2SrFzkH7jDVuve_SSJ1n1Rx2qaA_g5UQLpDGhs0XfvwdLQ6Mgyu6O8RBK_OiXwp08KkzsXldHYV-l8NN7x7NtA_QYVL5OM6NKW77S3l1ducMrAp1tpcicG4sRntAUAgQLyG6yAhn3w3FCW7QKGDVDaTj1SMdO8Paf1GfxLIMQuiNlf3bxu5w6MNFSYV2jNKkWuZS87RUxajVP85aY8Zxv_tETkAjpdafN3CoOuhL6SdcEykBPzKMSN1T5R4ei8lLrj-5_S-SZr3cgdSscMeZbLLFCODcnoUpLDtYKo4bG0_lbjAGkY3lv0XDjUYgA68H96H-EySDfKcqo86J3wyG8tQF5WhcX-g-eMvn2HmAvnIDBMQAhUVveMwpL5nxJWjwBNempc0Kh-t-TzC-OkX7W7aEIq2aEA4KqC2WJowljvEVUk-DrXlV7oCCRIaAx7VXwXjLweVibhBvnNSLs4RVs7_cAoq8bhGnQzsriTcD6GMRCRDx3GpMKzrwp85adrV5CRFlWehp_Qsuafo71u-d2BKU6grPnO2A_X2SvNnx43Xc3EdGt8ciuZpAoL9ann6vsUv3LoC6Pcc_zhKMMYl8h8D8l9c1ilwThg-ceQIyMNOTfUYI_k0aoiJSFW3U5wkOvow2r9WZ4r_gcCOuC0oLeJG9cGEIi5rNPrOAOYY2e9cMqzXVaYdnxvA1bTgYMNTuOuTTA_CLOfb31srO1SFKCIAM7L7jAwPb_tigaLRENZ6DamQO7bjF7A2m4XaJVtzGJtru6v-zFwYhcYgWI-uhri3opArBaBISatfgpfZ35qA611GR5MekabkwhY3e_ISN-i1y4iwbDpyNVmQRTyN1CSlDigKEBBpA_Ckq_UjYKGQaX-Uo9fzwItQLVqrIn2Ye472a_dc3JgbAbIklupTHIJg-orNzhslN908aOl-zrx_5kLvTtASN1qSJ6ZLW8x-JyujNkwBMcRLBn6HMBatuDECi5CuYwpcFtLdXQgc92pMeMf87IR8pzoKx_8BQPBAyc0eVwMTFF7FZRX3r-RMKFpTvNtXC3vZJ4K5sGXfc4tMXHnLPu4nbWAUwyJlH44_cwYtJCjgs_rZFCsCVevKGV2DlDuz54hsL1Y25WHYfeNSB_7GtdjXx8A7IwiKrD_Jk4XJ3xuxR1oVmZwFN2xinBQB1Bs8Nc_xgIAbtfSwMLMpM65Ecp_pPvbIQ-Oec_6shHtArnxu2Rl6FnRIERw0vmzdY0Us_Xwu9li2jJcxq_-jSRLWxIzaQy9T344iTmQ3es1Li2wnkbJtpXuPiU-ske8HZ2mtQsbsF-TM0xYhwQdTHmLgzQBH_IeP4WW3wiQDXbFIJxZZPBDoa7bC8ArWZSxYqI5gwgV_ZPmukkqQji6O-etJNmCWBtptN_sz557kWBGLlzn15i3DNGEETe-d36g0SuXpoULacGgI1mhoOqV2dsk0OcVJmCADzbFl2uIWrQfngp8zrU9jU6C7OisTfpnnrTrBarXeeh7NoVCLpLox9qECwt5uBXSh7ev71l0ptiIcWsS1XG7PSgrOgKkNlpB362BLGUFfZeyJmeH5Wxwn74mLeOJS23hlXVt7rS4I8fTig_O3ObqI&cid=CAQSLgCNIrLM5atHN6-onfPYf_VfjbzNt1gxRxoKPt3s1yV7Ax29lwGJFoxcG7wQ1NY&rfl=1%2Chttp%253A%252F%252Fpassback.free.fr%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 20:04:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 59578
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 06 Apr 2023 20:04:01 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame AFF5 22 KB
8 KB 24ms
24ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
age: 59578
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 06 Apr 2022 20:04:01 GMT
expires: Thu, 06 Apr 2023 20:04:01 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

passback_120x600.js Show response
static.adsafeprotected.com/ Frame 242E
Redirect Chain

https://fw.adsafeprotected.com/rfw/bgd/1002325/61875503/xbbe/creative/adj?p=APEucNWu6gqoOQbuSKO0WdcOsu3Idv1ojiixFJ-EzFn4Zxq11nKsXZM&d=CnkAoCZ_4IV7W-WfHlJ9M6SlRVGQWKjoB-p5S0gQpAa3rVoaq_bNn9gd7da5ro9...
https://static.adsafeprotected.com/passback_120x600.js

3 KB
2 KB

46ms
41ms

Script
application/javascript

2600:9000:206e:c400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/passback_120x600.js
Requested by: Host: 48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com
URL: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 2600:9000:206e:c400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: da30366791051f2044397e89db5d092dee6bd7abc32b3f699bf022aaab40363b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 13:03:41 GMT
content-encoding: gzip
age: 516799
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 18 Feb 2022 23:29:35 GMT
server: AmazonS3
etag: W/"ad2c9e736be971a92acdd8b769451ac2"
vary: Accept-Encoding
x-amz-version-id: WQYm5trNHOW6bmos.qWLcfAVs2AOTD.W
via: 1.1 d13056936a303c282faeee607951588a.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: VIE50-C1
content-type: application/javascript
x-amz-cf-id: e64EG7oyEfiPHWVLmpT42wSJI8A1ycIx7UHN6IdsgU3zA5yoZ3YH0g==

Redirect headers

pragma: no-cache
date: Thu, 07 Apr 2022 12:36:59 GMT
x-server-name: app23.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/passback_120x600.js
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 3FFD 80 KB
21 KB 125ms
38ms Script
application/javascript 2600:9000:206e:c400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: 48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com
URL: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:c400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 06:20:23 GMT
content-encoding: gzip
age: 713797
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 d13056936a303c282faeee607951588a.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: VIE50-C1
content-type: application/javascript
x-amz-cf-id: 95NmhxK5p05l9YWROnaoSzAVhkQdXSPAFhaYekc-9sXS9W8vE-LlQg==

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 242E 43 B
301 B 295ms
89ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1002325&asId=102f839b-a737-bf28-6925-01c84f6bb122&tv=%7Bc:96p1Zd,pingTime:-3,time:40,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:120,h:600,t:16%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:40,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:15,wc:0.0.1600.1200,ac:NaN.NaN.120.600,am:i,cc:NaN.NaN.120.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B34~0%5D,as:%5B34~120.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t2k1EKH+11%7C12%7C13*.1002325-61875503%7C131%7C132,idMap:13*,rmeas:1,rend:0,renddet:IMG.us%7D&br=c
Requested by: Host: 48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com
URL: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Apr 2022 12:36:59 GMT
X-Server-Name: dt53.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 242E 43 B
301 B 296ms
91ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1002325&asId=102f839b-a737-bf28-6925-01c84f6bb122&tv=%7Bc:96p1Ze,pingTime:-6,time:41,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:41,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:15,wc:0.0.1600.1200,ac:NaN.NaN.120.600,am:i,cc:NaN.NaN.120.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B35~0%5D,as:%5B35~120.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t2k1EKH+11%7C12%7C13*.1002325-61875503%7C131%7C132,idMap:13*,rmeas:1,rend:0,renddet:IMG.us%7D&tpiLookup=ao:passback.free.fr&br=c
Requested by: Host: 48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com
URL: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Apr 2022 12:36:59 GMT
X-Server-Name: dt43.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 242E 43 B
301 B 296ms
91ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1002325&asId=102f839b-a737-bf28-6925-01c84f6bb122&tv=%7Bc:96p1Zk,pingTime:-2,time:47,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:300,beZ:301,mfA:303,cmA:305,inA:305,inZ:308,prA:308,prZ:312,si:316,poA:318,poZ:333,cmZ:333,mfZ:333,loA:341,loZ:343,ltA:347,ltZ:347%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:120,h:600,t:16%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:47,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:15,wc:0.0.1600.1200,ac:NaN.NaN.120.600,am:i,cc:NaN.NaN.120.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B41~0%5D,as:%5B41~120.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t2k1EKH+11%7C12%7C13*.1002325-61875503%7C131%7C132,idMap:13*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:IMG.us,sinceFw:30,readyFired:false%7D&br=c
Requested by: Host: 48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com
URL: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Apr 2022 12:36:59 GMT
X-Server-Name: dt52.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H3 200 UUQTj9cPGsMVMqvEOxLdokHV79mACYo3jc0rpEwmHZs.js Show response
pagead2.googlesyndication.com/bg/ Frame AFF5 35 KB
13 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/UUQTj9cPGsMVMqvEOxLdokHV79mACYo3jc0rpEwmHZs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5144138fd70f1ac31532abc43b12dda241d5efd980098a378dcd2ba44c261d9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 06:39:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21438
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13701
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 12:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 07 Apr 2023 06:39:41 GMT

GET
H2 200 IAS_PassbackAds_120x600.png
static.adsafeprotected.com/ Frame 242E 13 KB
14 KB 34ms
33ms Image
image/png 2600:9000:206e:c400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/IAS_PassbackAds_120x600.png
Requested by: Host: 48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com
URL: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:c400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 72a3239022583381135c2172628ae70954826dadfc7be0d43f0b9525612d1503

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 02 Apr 2022 23:59:03 GMT
via: 1.1 d13056936a303c282faeee607951588a.cloudfront.net (CloudFront)
age: 391077
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 13668
last-modified: Fri, 18 Feb 2022 23:28:46 GMT
server: AmazonS3
etag: "9bf1d4bce8252a86382de8787914453e"
x-amz-version-id: 21QGXUbma5U2VgKhrjZKRG8q7YdzBZG4
cache-control: max-age=604800
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
content-type: image/png
x-amz-cf-id: 0NYx0kTHqd4Vuxx-Za5s1fWIN7JtJnt91vMQWKYEEl_uwG_EVyQwvQ==

GET
DATA 200
OK truncated
/ Frame 242E 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a35b3f42eee69c4bfce734e99abe81ab69b88f8789538b53cbf0eaffd5c30675

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AFF5 0
20 B 61ms
61ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BpQuj69pOYtyxDMSPjuwPsKaX6AEAAAAAOAHgBAI&bg=!mpmlmd3NAAZAkm7qYJI7ACkAdvg8Wrge7fdLguWM7uaj2rt4D_h0DXzdWZjtekckFeArGeieREMWzAIAAABHUgAAAAJoAQcKAAMuOYKZAu0MCSan2qlXaTjzGkKpzcf2FW293GoTEr5KZVkh2RazP2qg9iGVBgF1a9uc_V8LwNlDkerId4amQ0XqwPc_kFVamJ0vJAl0Tz0qVvJgYUY8RoyAFLPyumEgCxham5V4WnBtRkcW1FoB-RJAUKVyrnD1lfiR6wXoRR3OPI1VSAc9FuEZiTgZ8m9Y8YrnHdC7jM5E3f5ckt8qK-ET1gV-3r2RY38M8nOMFiilhbYXAm-U6RnWZuoh8GsZ2eEIkxogMXNnwwF7uYRl9rop0vg1mw7N4IqFipYYcNRRzwH_RGIXnezQ2PYITqr8tDsK1av32WEDpM55rD65T3aPqafMKABEDr2nB45ysKDz_3j8_N481HHVKVFrMtVXoM9wh-yyDRVFiOMVaIoX3-O2rVKrFXFrv1uN4x-zC9KiEqH_ukd87OcZRYbTkFl3HUUBGGlzbJKciOZcbTcYUiIZmkHUCFkK7PdaBDkbxomNrVAu37MbSWVptRfc2Hb9LkE0PkCZKP3Equ-H2sHKOkul3bmmIm5zs_WyW7WHp8Qo7GkOveg8iuAhQvuChfsUddK4hekUJYIajSynIW0LPIoh2vEw2Xv11J6-hHrtzZD1m4ga0rFeKOmD2TaZJfebZOUapFODze--aPC5amynp-JrWSSR5VWChRPgZpuHuBiVS5R3cxAFkhBMvVuC2ehNBDnnB3pcBnpbgzDHIEZxNsM27RExxZd-uhUbiZ4SwJsaPIfY5fjucFNGvmLjhsXn8Dx7_NqlwvwjU4kGAUtswt9b3kLDroeyfxhrES4em2kIMs2ZmX9xd_AQPBpzQQsjfcG2dMh3iKMMN9qKG7nM7VhJ1E7514Z2FP80gOMRBg6E3-GB4j_DIDv2G-lyGyryWvC6-o78pK4kZUjdvgmJVVaRRpf5PrPjmz49KJwhHj78-D_x7jXAmsrP8mrqleXQEtI_Bpfw7n0bEWmvI220wc63tfsPQZ1_xRSN0ATo9DHbEjZlGA

Requested by

Host: 48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com
URL: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Apr 2022 12:36:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 61ms
60ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022033101&jk=1865775049084097&bg=!0NOl05fNAAZAkm7qYJI7ACkAdvg8Wi6p2D6zKsF2zmCWgQ3RGRZ-IL4NoaRo0jMellGYj5k4uF2CrwIAAABNUgAAAAJoAQcKANikjwoWmvpljm7SC6hiha_UFBKQxPcWgCDON21w1Tt8bWndlEoVtgYQ5P38IkoZXxryWnWVHk3cb75Q199WxDspdQ6a9VypUkZNndVauk7Uxt3wgSq8x5J4zDA9B8yjZWZxVV-Cd-XkSkCSETkvxq4_7AKon2L2ei_YvkAvnMu8qdUTL-mNn4_OxW4QsvCtTE4nFvlT3qJzmDd1AzayOkz4gZO745HX6iqSwY2FDZPsGJjUjbyeZu5Lb1uN_GZrxpof9lT0FBuRNK9d_pJhSwMrMwJtmxD6IEGZAqiVMaaooAHMaQnjaxhXMGXJXZMBq6uK5rllogjJ5zjbhcnW941uGNYXxG117q0NExvlK9hLMSLwjyaZkbiy6NVdMxzbz3J_8P9z6LN3GFMnqoY-_uwKW54oBPS5cIyrkz2_PcqIPVpE5bNmsLyDa8VReR_hDxfwmfT1KJ7dVFLL-WpE-RJup4tH1_sr6x4oXd2Rzv-aJbzCtVS1ImRpQbdX5Jj3RvI8ZIyA3Aurz3Ds7x4Z3tGWVF36lluGLZaDx1GHfJl2YKPf4mTVsj0WWj0_gmicg4UknAaDPn6c5rD5FM9AairwzHsmOygivpm2IGGL35YK8qs_WeELG6mYOCqJhosN7wShw2NxDBLsyypTB5SExImRSkYbtLQF2oafFHpIEqZpsoF_OFRR2uNhaQRc_PCj97nViGS9uKY1O4wRSXStbkf4u4eteK_F2MfmlD9GJ85LEdlaP_2d2RKQ5rX-OWt0DaU5yurB44ZIqmaGbhykJPj3iwkkRGSB_ZSjZ-6jG_99kPR5Cr6gsDt4xEe7xsRCbtHhBww4b1ejP_iM6YN4qcKrR0fQa3KTHhULJIxhnI4B1H7YDoK2Ua6hHAV98xmQLjf86xgskXnyIGucWtRwycjt19divip1V28yQ0UfVRlG1LqiBgYyMQgTuUb0VAy4MQunUvnJCTa9RlS_jgk2VyfKe5_rUh_XnoEuBSyTQ_MfnUFEPGrwWKYKjY_oUHOr2fWQ1n1JQhY-pRyoiDM39nKbdmCdEOAwN6h8mlpRHVWpx2pvBA252-jbe04q1l9qICIzKwA68Pi12d5hegfdapvL7Qzbg_F-UuhR5ZWmZefPQ56KQ9JAFiERZPXkPdHCeDSCDGg2wmQmwuU74W8TljsiQYEOnAKSmwwOYf4FDyIRpFNGjw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://passback.free.fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Apr 2022 12:36:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 242E 43 B
301 B 93ms
92ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1002325&asId=102f839b-a737-bf28-6925-01c84f6bb122&tv=%7Bc:96p264,pingTime:-10,time:465,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDAuMC40ODk2Ljc1IFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.5.12v220002022000220000002002220000022220200000222200022020002022022022222202002220222022222022222000000200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022020000000020000000000000000000020220202220000022200202202220022000200222022200200022202220020222202000220000222202222202222000002002002222222202220022202200022002220202202,asp:1649335019768%7C%7C47d7b99e76c655f17b01cfc498d87b97%7C%7Ceb4f03ab9dc867f6a5bdb2294b85db99%7C%7C77a7d43e3f8180ec0da98f14116c2fa6%7C%7C6c58456dbde10da84f252dd631c5a98f%7C%7C2354a60000856e53449cfe21d1bc4ebc%7C%7C20a4d2e5173823c5d0611927903e0dcd%7C%7C99b1872dfb0d5ef25d09edfe47296f7a%7C%7C1629390669%7D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Apr 2022 12:36:59 GMT
X-Server-Name: dt52.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 242E 43 B
301 B 90ms
90ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1002325&asId=102f839b-a737-bf28-6925-01c84f6bb122&tv=%7Bc:96p27p,time:548,type:e,im:%7Bpci:%7Btdr:505%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:548,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:15,wc:0.0.1600.1200,ac:NaN.NaN.120.600,am:i,cc:NaN.NaN.120.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B542~0%5D,as:%5B542~120.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:297,fm:t2k1EKH+11%7C12%7C13*.1002325-61875503%7C131%7C132,idMap:13*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Apr 2022 12:36:59 GMT
X-Server-Name: dt43.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 242E 42 B
64 B 92ms
59ms Fetch
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstDjL8UlB8YNbf3uwT3V_tLT6SrVcBR-Veta0bGlMYrYW4GtHO2BkgMcLQmCrcJWLipHJxz3jmaZizK6kxkGWKooCzrl5GEkkyBJKdgEzm3uFcTOc1dSA&sai=AMfl-YRqhr42PEeftxZ2mYic8tbobP8mVHCDFG87adu92gxzsZGD8ufjR6WqeisKbqEj1PDIL46WQCn2RjrESxI2uICbWeqvhPJebSwGXXEU1w&sig=Cg0ArKJSzKO4LUCXrGD-EAE&cid=CAQSLgCNIrLM5atHN6-onfPYf_VfjbzNt1gxRxoKPt3s1yV7Ax29lwGJFoxcG7wQ1NY&id=lidar2&mcvt=1000&p=0,740,604,860&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20220406&bin=7&avms=nio&bs=0,0&mc=0.99&if=1&app=0&itpl=20&adk=837864984&rs=4&la=0&cr=0&vs=4&r=v&rst=1649335019003&rpt=499&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Apr 2022 12:37:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 242E 43 B
301 B 90ms
89ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1002325&asId=102f839b-a737-bf28-6925-01c84f6bb122&tv=%7Bc:96p2zo,pingTime:1,time:2283,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:120,h:600,t:16%7D,%7Bpiv:100,vs:i,r:,t:1282%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1001,o:1282,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:15,wc:0.0.1600.1200,ac:NaN.NaN.120.600,am:i,cc:NaN.NaN.120.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1276~0,0~100%5D,as:%5B1276~120.600%5D%7D%7D,%7Bsl:i,t:1282,wc:0.0.1600.1200,ac:NaN.NaN.120.600,am:i,cc:NaN.NaN.120.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~120.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:92,fm:t2k1EKH+11%7C12%7C13*.1002325-61875503%7C131%7C132,idMap:13*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Apr 2022 12:37:01 GMT
X-Server-Name: dt43.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 242E 43 B
301 B 101ms
101ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1002325&asId=102f839b-a737-bf28-6925-01c84f6bb122&tv=%7Bc:96p2zo,pingTime:1,time:2283,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:120,h:600,t:16%7D,%7Bpiv:100,vs:i,r:,t:1282%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1002,o:1282,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:15,wc:0.0.1600.1200,ac:NaN.NaN.120.600,am:i,cc:NaN.NaN.120.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1276~0,0~100%5D,as:%5B1276~120.600%5D%7D%7D,%7Bsl:i,t:1282,wc:0.0.1600.1200,ac:NaN.NaN.120.600,am:i,cc:NaN.NaN.120.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1002~100%5D,as:%5B1002~120.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:92,fm:t2k1EKH+11%7C12%7C13*.1002325-61875503%7C131%7C132,idMap:13*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 07 Apr 2022 12:37:01 GMT
X-Server-Name: dt52.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

Verdicts & Comments Add Verdict or Comment

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.free.fr/	1970-01-20 11:30:31	Name: __gads Value: ID=b7c4e210f7fe3451:T=1649335018:S=ALNI_Ma8KY6qZYAbXCqo0ngm8nCOhyfKvg
.doubleclick.net/	1970-01-20 11:30:31	Name: IDE Value: AHWqTUkPb2P4hY_ghDGZGPmzLX7amLqrSUk1uDUdJGsvpMIyHgWfCsaIFGQCCYGbNb8
.adnxs.com/	1970-01-20 04:18:31	Name: uuid2 Value: 7716447492535476354
.adnxs.com/	1970-01-20 04:18:31	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?jtx_83!]tbPl1M>e)ZlrFUfJ+tGXxoXFVxwZUfvLkT-sZA<][DJF#?bhNacXVb0ooX3If)y3KL9D3I?+j$Wyml
.casalemedia.com/	1970-01-20 04:18:31	Name: CMPS Value: 1216
.casalemedia.com/	1970-01-20 02:10:21	Name: CMST Value: Yk7a62JO2usA
.casalemedia.com/	1970-01-20 10:54:31	Name: CMID Value: Yk7a60L1knjHgXKyXscnZQAA
.casalemedia.com/	1970-01-20 04:18:31	Name: CMPRO Value: 1142
.casalemedia.com/	1970-01-20 10:54:31	Name: CMRUM3 Value: 2d624edaeb2760CAESEDF2USK3OQ_NqfQUXPrVaXc

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

48dcbbdf85e8a7edf4548167a0dfe8cf.safeframe.googlesyndication.com
adservice.google.com
adservice.google.fr
cm.g.doubleclick.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
ib.adnxs.com
pagead2.googlesyndication.com
passback.free.fr
securepubads.g.doubleclick.net
static.adsafeprotected.com
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
104.244.36.20
142.250.185.66
142.250.185.98
184.87.213.8
212.27.48.10
2600:9000:206e:c400:8:48e:53c0:93a1
2a00:1450:4001:801::2002
2a00:1450:4001:802::2002
2a00:1450:4001:80f::2004
2a00:1450:4001:810::2002
2a00:1450:4001:811::2002
2a00:1450:4001:827::2001
2a00:1450:4001:82b::2001
2a00:1450:4001:82f::2002
37.252.172.37
54.75.85.105
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0f16274f6dd394134301f1800ae0c383de76e1f98a98962d97f5bad09e4ce0ed
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
214a4e6d1b76b8f804bf74ddd53aba8493b4d61e9609d75d8923a34ed97b80e5
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
45861cbf34fbda63ddac6037afb8bf844bbfcc4d3d3fc7a2a337c41a22089498
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5144138fd70f1ac31532abc43b12dda241d5efd980098a378dcd2ba44c261d9b
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
72a3239022583381135c2172628ae70954826dadfc7be0d43f0b9525612d1503
80d28912b688ae2797c445314b5fbd47b402fa6e4e019a3fab5d4ddf12899a49
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
9e8eb05788a3a9aa95c93d0a88eaf93f4b6384ba2e3c0f4c65b611e87f87fc38
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a111f843172c9bdb125518a40ad90af6ff986b32975acb4cf08e26d51642b3c6
a35b3f42eee69c4bfce734e99abe81ab69b88f8789538b53cbf0eaffd5c30675
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a58d46d853c21c8e11eb057aba26dbeeb32041b51a61d4e2c3adc86c09c08704
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
da30366791051f2044397e89db5d092dee6bd7abc32b3f699bf022aaab40363b
de192866b962f6ef9012aadd2e5085b8a198f8f19e7e0a568816363e3e451051
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9edf15f42b6de85435769aa7410dc4ad6efffbcb67db5016d0c475862f16fcd
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fc3e615bfbb52cad341441bb9ae43a4e13f877e1ed03c0ef2f78074a8b009054

passback.free.fr Open in urlscan Pro 212.27.48.10 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

44 Requests

86 %HTTPS

56 %IPv6

9 Domains

16 Subdomains

17 IPs

5 Countries

425 kBTransfer

1152 kBSize

9 Cookies

0 Outgoing links

Redirected requests

44 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

passback.free.fr Open in urlscan Pro
212.27.48.10 Public Scan

Screenshot
Live screenshot

Full Image

44
Requests

86 %
HTTPS

56 %
IPv6

9
Domains

16
Subdomains

17
IPs

5
Countries

425 kB
Transfer

1152 kB
Size

9
Cookies

44 HTTP transactions
1 data transactions