de.login-vp.com Open in urlscan Pro
139.177.207.225 Public Scan

URL:
http://de.login-vp.com/cnb-bank
Submission: On May 18 via manual (May 18th 2021, 10:13:20 pm UTC) from US

Summary HTTP 89 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 30 IPs in 6 countries across 25 domains to perform 89 HTTP transactions. The main IP is 139.177.207.225, located in Atlanta, United States and belongs to LINODE-AP Linode, LLC, US. The main domain is de.login-vp.com.

This is the only time de.login-vp.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	139.177.207.225 139.177.207.225	63949 (LINODE-AP...) (LINODE-AP Linode)
1	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
15	2606:4700:303... 2606:4700:3033::6815:2561	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f04... 2a03:2880:f045:10:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
1	45.79.27.228 45.79.27.228	63949 (LINODE-AP...) (LINODE-AP Linode)
1	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1	2600:1901:0:7... 2600:1901:0:76b9::	15169 (GOOGLE) (GOOGLE)
13	2606:4700:20:... 2606:4700:20::681a:ad1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:8c6e:cf2c:8d6:9fb5	16509 (AMAZON-02) (AMAZON-02)
2 2	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
5	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
2 2	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8101:ac20:41f1:bf24:9b3	16509 (AMAZON-02) (AMAZON-02)
1 1	217.182.200.19 217.182.200.19	16276 (OVH) (OVH)
2	2606:4700:303... 2606:4700:3032::6815:57ae	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.111.239.217 104.111.239.217	16625 (AKAMAI-AS) (AKAMAI-AS)
3	46.236.13.147 46.236.13.147	24931 (DEDIPOWER) (DEDIPOWER)
2	143.204.98.5 143.204.98.5	16509 (AMAZON-02) (AMAZON-02)
1	81.29.72.47 81.29.72.47	24931 (DEDIPOWER) (DEDIPOWER)
2	54.72.18.9 54.72.18.9	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:808::2013	15169 (GOOGLE) (GOOGLE)
89	30

1 139.177.207.225 (Atlanta, United States)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li2289-225.members.linode.com

de.login-vp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2606:4700:3033::6815:2561 (United States)

ASN13335 (CLOUDFLARENET, US)

login-vp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f045:10:face:b00c:0:3 (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.79.27.228 (Richardson, United States)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1126-228.members.linode.com

portal-db.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:76b9:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

prod-rtb.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2606:4700:20::681a:ad1 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.253.211 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.78 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8101:ac20:41f1:bf24:9b3 (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.182.200.19 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: gcm5.host.hit.gemius.pl

googlecm.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3032::6815:57ae (United States)

ASN13335 (CLOUDFLARENET, US)

static-de.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.239.217 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 46.236.13.147 (United Kingdom)

ASN24931 (DEDIPOWER, GB)
PTR: 46-236-13-147.servers.dedipower.net

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.98.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-5.fra50.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
analytics-wg.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 81.29.72.47 (Croydon, United Kingdom)

ASN24931 (DEDIPOWER, GB)
PTR: 81-29-72-47.servers.dedipower.net

diapi.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.72.18.9 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-18-9.eu-west-1.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

w-it.m-t.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	login-vp.com de.login-vp.com login-vp.com	513 KB
14	doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	15 KB
13	ad4m.at ad4m.at as.ad4m.at assets.ad4m.at	383 KB
10	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	164 KB
4	webgains.io analytics.webgains.io api.webgains.io analytics-wg.webgains.io	105 KB
4	webgains.com track.webgains.com diapi.webgains.com	98 KB
4	gstatic.com fonts.gstatic.com	73 KB
3	ad4mat.net prod-rtb.ad4mat.net static-de.ad4mat.net ad4mat.net	5 KB
2	m-t.io w-it.m-t.io	280 B
2	awin1.com www.awin1.com	1 KB
2	pubmatic.com 2 redirects image6.pubmatic.com	1 KB
2	openx.net 2 redirects rtb.openx.net	761 B
2	googletagservices.com www.googletagservices.com	63 KB
2	google.com adservice.google.com	675 B
2	google.de adservice.google.de	921 B
2	facebook.net connect.facebook.net	65 KB
2	googleapis.com fonts.googleapis.com	2 KB
1	gemius.pl 1 redirects googlecm.hit.gemius.pl	336 B
1	innovid.com ag.innovid.com	296 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	456 B
1	quantserve.com cms.quantserve.com	463 B
1	googleadservices.com partner.googleadservices.com	640 B
1	portal-db.live portal-db.live	758 B
1	google-analytics.com www.google-analytics.com	71 B
1	googletagmanager.com www.googletagmanager.com	45 KB
89	25

	Domain	Requested by
15	login-vp.com	de.login-vp.com login-vp.com
9	googleads.g.doubleclick.net	pagead2.googlesyndication.com de.login-vp.com
6	assets.ad4m.at	as.ad4m.at
6	pagead2.googlesyndication.com	de.login-vp.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
5	cm.g.doubleclick.net	googleads.g.doubleclick.net
5	ad4m.at	googleads.g.doubleclick.net ad4m.at
4	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
4	fonts.gstatic.com	fonts.googleapis.com
3	track.webgains.com	as.ad4m.at analytics.webgains.io
2	w-it.m-t.io	analytics-wg.webgains.io
2	api.webgains.io	analytics.webgains.io
2	www.awin1.com	as.ad4m.at
2	as.ad4m.at	ad4m.at as.ad4m.at
2	image6.pubmatic.com	2 redirects
2	rtb.openx.net	2 redirects
2	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	connect.facebook.net	de.login-vp.com connect.facebook.net
2	fonts.googleapis.com	de.login-vp.com
1	analytics-wg.webgains.io	analytics.webgains.io
1	diapi.webgains.com	track.webgains.com
1	analytics.webgains.io	track.webgains.com
1	ad4mat.net	ad4m.at
1	static-de.ad4mat.net	ad4m.at
1	googlecm.hit.gemius.pl	1 redirects
1	ag.innovid.com	googleads.g.doubleclick.net
1	pixel.rubiconproject.com	1 redirects
1	cms.quantserve.com	googleads.g.doubleclick.net
1	prod-rtb.ad4mat.net	de.login-vp.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	portal-db.live	login-vp.com
1	www.google-analytics.com	www.googletagmanager.com
1	www.googletagmanager.com	de.login-vp.com
1	de.login-vp.com
89	35

This site contains links to these domains. Also see Links.

Domain
login-vp.com
www.cnbbank.bank
www.cnb.bank
www.cnb.com
www.cnbank.com
www.cnbil.com
www.cnbtn.com
www.cnbbanking.com
www.bankatcnb.bank
conwaynationalbank.com
www.yourcnb.com
www.cnbbank.com
in.login-vp.com
tr.login-vp.com

Subject Issuer	Validity	Valid
*.google-analytics.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-04-13` - `2022-04-12`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-04-06` - `2021-07-03`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.ad4mat.net AlphaSSL CA - SHA256 - G2	`2019-08-06` - `2021-09-08`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.innovid.com RapidSSL RSA CA 2018	`2020-02-07` - `2022-04-07`	2 years	crt.sh
www.awin1.com DigiCert Secure Site ECC CA-1	`2020-04-21` - `2021-07-21`	a year	crt.sh
*.webgains.com Sectigo RSA Domain Validation Secure Server CA	`2019-05-20` - `2021-06-08`	2 years	crt.sh
*.webgains.io Amazon	`2021-03-12` - `2022-04-10`	a year	crt.sh
w-it.m-t.io GTS CA 1D4	`2021-04-09` - `2021-07-09`	3 months	crt.sh

This page contains 16 frames:

Primary Page: http://de.login-vp.com/cnb-bank
Frame ID: C2C2188438ACC9CD03CFB9D6A6898807
Requests: 50 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210511/r20190131/zrt_lookup.html
Frame ID: 97F661F1F947EDA7CAE79649947DB2B6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6983341711079297&output=html&adk=1812271804&adf=3025194257&lmt=1621375981&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fde.login-vp.com%2Fcnb-bank&ea=0&flash=0&pra=5&wgl=1&dt=1621375980991&bpp=4&bdt=201&idt=138&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5704546592542&frm=20&pv=2&ga_vid=1921100555.1621375981&ga_sid=1621375981&ga_hid=1612083254&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060711&oid=3&pvsid=277186302794104&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=1&uci=a!1&fsb=1&dtd=170
Frame ID: FBDAABAB199AF6FA56B4AD760DC66317
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6983341711079297&output=html&h=280&adk=3419599464&adf=2629982902&pi=t.aa~a.1411169061~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1621375981&rafmt=1&to=qs&pwprc=5000380890&psa=0&format=350x280&url=http%3A%2F%2Fde.login-vp.com%2Fcnb-bank&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1621375981485&bpp=3&bdt=695&idt=-M&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5704546592542&frm=20&pv=1&ga_vid=1921100555.1621375981&ga_sid=1621375981&ga_hid=1612083254&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=1802&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060711&oid=3&pvsid=277186302794104&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=vskn9OsfHL&p=http%3A//de.login-vp.com&dtd=31
Frame ID: 5229F704BF3AA7390DEF131F74505F4D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6983341711079297&output=html&h=280&adk=1414751727&adf=3346987187&pi=t.aa~a.3790863795~rp.3&w=350&fwrn=4&fwrnh=100&lmt=1621375981&rafmt=1&to=qs&pwprc=5000380890&psa=0&format=350x280&url=http%3A%2F%2Fde.login-vp.com%2Fcnb-bank&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1621375981485&bpp=1&bdt=695&idt=-M&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280&nras=3&correlator=5704546592542&frm=20&pv=1&ga_vid=1921100555.1621375981&ga_sid=1621375981&ga_hid=1612083254&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=3120&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060711&oid=3&pvsid=277186302794104&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=j4FhoGLzc3&p=http%3A//de.login-vp.com&dtd=39
Frame ID: DE09059572FCAD1B72DABFBD33B36BC3
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6983341711079297&output=html&h=176&adk=3812117829&adf=852203437&pi=t.aa~a.3879402452~rp.4&w=730&lmt=1621375981&nsk=87bac126&rafmt=11&pwprc=5000380890&psa=0&ad_type=text_image&format=730x176&url=http%3A%2F%2Fde.login-vp.com%2Fcnb-bank&flash=0&pra=3&wgl=1&fa=26&dt=1621375981485&bpp=2&bdt=695&idt=-M&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280%2C350x280&nras=4&correlator=5704546592542&frm=20&pv=1&ga_vid=1921100555.1621375981&ga_sid=1621375981&ga_hid=1612083254&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=1300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060711&oid=3&pvsid=277186302794104&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=ggqcL8fibn&p=http%3A//de.login-vp.com&dtd=46
Frame ID: E23489AF626A8C9503ED7E00F331E18B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6983341711079297&output=html&h=172&adk=1170218857&adf=1553515836&pi=t.aa~a.3879374461~rp.4&w=730&lmt=1621375981&nsk=b7291182&rafmt=11&pwprc=5000380890&psa=0&ad_type=text_image&format=730x172&url=http%3A%2F%2Fde.login-vp.com%2Fcnb-bank&flash=0&pra=3&wgl=1&fa=26&dt=1621375981485&bpp=1&bdt=696&idt=-M&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280%2C350x280%2C730x176&nras=5&correlator=5704546592542&frm=20&pv=1&ga_vid=1921100555.1621375981&ga_sid=1621375981&ga_hid=1612083254&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=1820&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060711&oid=3&pvsid=277186302794104&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=SfGjG9WVxZ&p=http%3A//de.login-vp.com&dtd=50
Frame ID: C57AAE5ED6F9C13E0B84C75CE65823E9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6983341711079297&output=html&h=172&adk=1170218857&adf=3385562910&pi=t.aa~a.3879400511~rp.4&w=730&lmt=1621375981&nsk=5d9b1eda&rafmt=11&pwprc=5000380890&psa=0&ad_type=text_image&format=730x172&url=http%3A%2F%2Fde.login-vp.com%2Fcnb-bank&flash=0&pra=3&wgl=1&fa=26&dt=1621375981485&bpp=1&bdt=696&idt=-M&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280%2C350x280%2C730x176%2C730x172&nras=6&correlator=5704546592542&frm=20&pv=1&ga_vid=1921100555.1621375981&ga_sid=1621375981&ga_hid=1612083254&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=2596&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060711&oid=3&pvsid=277186302794104&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=8Ly9YsFypB&p=http%3A//de.login-vp.com&dtd=56
Frame ID: A5E19EBE93EFBDEAF40F1CF29BDB4EF4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6983341711079297&output=html&h=172&adk=1170218857&adf=4175359473&pi=t.aa~a.3879378061~rp.4&w=730&lmt=1621375981&nsk=c43f890c&rafmt=11&pwprc=5000380890&psa=0&ad_type=text_image&format=730x172&url=http%3A%2F%2Fde.login-vp.com%2Fcnb-bank&flash=0&pra=3&wgl=1&fa=26&dt=1621375981485&bpp=1&bdt=696&idt=1&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280%2C350x280%2C730x176%2C730x172%2C730x172&nras=7&correlator=5704546592542&frm=20&pv=1&ga_vid=1921100555.1621375981&ga_sid=1621375981&ga_hid=1612083254&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=3447&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060711&oid=3&pvsid=277186302794104&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=a3DbXKRzuT&p=http%3A//de.login-vp.com&dtd=61
Frame ID: B1A4B41141C04F066079CADB1BB625C2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CA70c7TukYNr_IN_L7_UPg9y90AuQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTY5ODMzNDE3MTEwNzkyOTegAcKu6N0DyAEJqQImGHnx7YG0PqgDAaoE1wFP0NW4vdK28YAhbNTMZy3ePRRTH7RLOSTBMGZwpGLRe-KlEIUcIfLbv98MxEAVoNMG-xmHP2G7WLA_FX1dKQ7zLSMdz6shqhfh1f2H9KHsRSvSKDvYgg5PfyAriiithgLvgkh3EfAlGcoY0KMTgeu9ffg82rGaYy6Dpv6UnbtTmuXUYZkEAWQB1nlaLh7uNqS7ZDBkMyREOH6mQ4Y0-tEWtWP20eUkfxtb6Trs-hA6S1-TubbzIIV54xD6M6I_7nSWZq6qB2rykMbMGcmmhGR7ZQj1b4sJi4AG7cGWv9bnq5_EAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BvYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxgKFhIUcHViLTY5ODMzNDE3MTEwNzkyOTc&sigh=3cKiZ_xCKAU
Frame ID: 52843BA5D0D00A94B86211A6073F44F2
Requests: 6 HTTP requests in this frame

Frame: https://ad4m.at/ad/dr?ed=1k19chy52nwdn0qvjyzwj0pxrkbzxjvekmfxdjxardxwrq8mk6q97qkc8rbwh56svbvzdn1qj8654em57pb143cpdbp0taj8bpnhwrgcrgahngacdxh1rh5zk6q1j0qqx1bpxm1yjx31528x54kff9wkjyf5ybz4frkkc3nx61qjfvwmbyy4crpk48674rdnq8pbcc9wgwch2wf8487vq810zvegdmw36grw0frwnvnnmm3ne29nvzcv2xt63cvjp1g383975694b8qk0xpdrbknb049hg5y6vpep468969mgkkrzf4sjfce4xetdrkz4n3x0gvvarpr2apk57k15pn3r9he9qenbarsk9xmp2j1zaqz4z2k7pyrt5pha&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCyjQX7TukYNr_IN_L7_UPg9y90AuQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTY5ODMzNDE3MTEwNzkyOTegAcKu6N0DyAEJqQImGHnx7YG0PqgDAaoE2gFP0NW4vdK28YAhbNTMZy3ePRRTH7RLOSTBMGZwpGLRe-KlEIUcIfLbv98MxEAVoNMG-xmHP2G7WLA_FX1dKQ7zLSMdz6shqhfh1f2H9KHsRSvSKDvYgg5PfyAriiithgLvgkh3EfAlGcoY0KMTgeu9ffg82rGaYy6Dpv6UnbtTmuXUYZkEAWQB1nlaLh7uNqS7ZDBkMyREOH6mQ4Y0-tEWtWP20eUkfxtb6Trs-hA6S1-TubbzIIV54xD6M6I_7nSWZq6qByjwnVQbzE7mTOMz89K8_Xkwn-Ag4oAG7cGWv9bnq5_EAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BvYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1B6tN6rzPTCXGcVNBMS560DiUdVQ%26client%3Dca-pub-6983341711079297%26adurl%3D
Frame ID: A2EB9645AEFBD87434E5E23F4BEFBAD0
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: A9BF7881580FBEBC8913391901C0B915
Requests: 9 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 69A94A91E8C4B216A6D1793B48A63AF6
Requests: 1 HTTP requests in this frame

Frame: https://ad4mat.net/frame.html
Frame ID: 7855D340BE1DCAE14072D888A70BA75C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 95E9896545F26CBD40407D88263ADA48
Requests: 2 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=6b90aefaf9ad061e0023d7e84b575dd3%2F16921679771943276568&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21erq1ze01e4rqd8yhj9aj7e385jmxtfw71ts8b115t0evegsgc3zmtqb29jd97ee5h484z4krx8bbz7vhd6taq0msm38mxtj20bxs6pgr18e2s6jz9mgsr87jrqdm66x2c8b4t5en4n338j75r67z8dtx7bnjmsh9ppeagsswnk2az405z1qv0wn9p9bbhe47nznas23s7yhczm89gsbdfz4re9ayc4pzb1h1an9bn0whvvb5vfsgw5d7czc%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCyjQX7TukYNr_IN_L7_UPg9y90AuQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTY5ODMzNDE3MTEwNzkyOTegAcKu6N0DyAEJqQImGHnx7YG0PqgDAaoE2gFP0NW4vdK28YAhbNTMZy3ePRRTH7RLOSTBMGZwpGLRe-KlEIUcIfLbv98MxEAVoNMG-xmHP2G7WLA_FX1dKQ7zLSMdz6shqhfh1f2H9KHsRSvSKDvYgg5PfyAriiithgLvgkh3EfAlGcoY0KMTgeu9ffg82rGaYy6Dpv6UnbtTmuXUYZkEAWQB1nlaLh7uNqS7ZDBkMyREOH6mQ4Y0-tEWtWP20eUkfxtb6Trs-hA6S1-TubbzIIV54xD6M6I_7nSWZq6qByjwnVQbzE7mTOMz89K8_Xkwn-Ag4oAG7cGWv9bnq5_EAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BvYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1B6tN6rzPTCXGcVNBMS560DiUdVQ%2526client%253Dca-pub-6983341711079297%2526adurl%253D&y=0&z=0
Frame ID: 27F6175A64818634CD1C7D9ED36C1272
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Raphael (JavaScript Graphics) Expand

Overall confidence: 100%
Detected patterns

script /raphael(?:-([\d.]+))?(?:\.min)?\.js/i

Ubuntu (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Ubuntu/i

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

89
Requests

97 %
HTTPS

61 %
IPv6

25
Domains

35
Subdomains

30
IPs

6
Countries

1537 kB
Transfer

3063 kB
Size

4
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://login-vp.com/
Title:

Search URL Search Domain Scan URL

URL: https://login-vp.com/contact-us
Title: Contact-Us

Search URL Search Domain Scan URL

URL: https://login-vp.com/about-us
Title: About

Search URL Search Domain Scan URL

URL: https://login-vp.com/disclaimer
Title: Disclaimer

Search URL Search Domain Scan URL

URL: https://login-vp.com/privacy-policy
Title: Privacy-Policy

Search URL Search Domain Scan URL

URL: https://www.cnbbank.bank/
Title:

Search URL Search Domain Scan URL

URL: https://www.cnbbank.bank/customer-service/online-services/
Title:

Search URL Search Domain Scan URL

URL: https://www.cnb.bank/
Title:

Search URL Search Domain Scan URL

URL: https://www.cnb.com/content/cnbcom/en/personal/online-services/online-banking.html
Title:

Search URL Search Domain Scan URL

URL: https://www.cnb.com/
Title:

Search URL Search Domain Scan URL

URL: https://www.cnbank.com/
Title:

Search URL Search Domain Scan URL

URL: https://www.cnbil.com/
Title:

Search URL Search Domain Scan URL

URL: https://www.cnbtn.com/
Title:

Search URL Search Domain Scan URL

URL: https://www.cnbbanking.com/
Title:

Search URL Search Domain Scan URL

URL: https://www.bankatcnb.bank/
Title:

Search URL Search Domain Scan URL

URL: http://conwaynationalbank.com/internet_banking_pb.cfm
Title:

Search URL Search Domain Scan URL

URL: https://www.yourcnb.com/log-in-enroll/log-in/
Title:

Search URL Search Domain Scan URL

URL: https://www.cnbbank.com/banking-online-banking.htm
Title:

Search URL Search Domain Scan URL

URL: https://in.login-vp.com/tatacliq-seller-sign-up
Title: 448 tatacliq seller sign up

Search URL Search Domain Scan URL

URL: https://tr.login-vp.com/yandex-mail-sign-up
Title: 381 yandex mail sign up

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 62

https://rtb.openx.net/sync/dds?google_gid=CAESEKP7tFglo4W0oetmHSJPmY8&google_cver=1&google_push=AQvitULhF5EbS45PkGZScRYMSXEXX1cI6dFV6SO9ouGb2jTwhbeFlsiuMn7Gbp3cvZv_eFO8Pjz7SS1Fg9IIpxGHsXSf7-DJLWpD HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEKP7tFglo4W0oetmHSJPmY8&google_cver=1&google_push=AQvitULhF5EbS45PkGZScRYMSXEXX1cI6dFV6SO9ouGb2jTwhbeFlsiuMn7Gbp3cvZv_eFO8Pjz7SS1Fg9IIpxGHsXSf7-DJLWpD&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULhF5EbS45PkGZScRYMSXEXX1cI6dFV6SO9ouGb2jTwhbeFlsiuMn7Gbp3cvZv_eFO8Pjz7SS1Fg9IIpxGHsXSf7-DJLWpD&google_hm=snrcVOt7yY8LNVDSrFyb9g==

Request Chain 63

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEGX1LXAvHZp6zRDofMnDml0&google_cver=1&google_push=AQvitUJEJ1xG0KtY3NyQdlBzHUmTG8L0WKX7vU5RKXu7s3-gN4gF_Fmu5dqoUVRgx1k8gLuWLHc4IG6FXEtvXAW9HID58PkkgAt1 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEGX1LXAvHZp6zRDofMnDml0&google_cver=1&google_push=AQvitUJEJ1xG0KtY3NyQdlBzHUmTG8L0WKX7vU5RKXu7s3-gN4gF_Fmu5dqoUVRgx1k8gLuWLHc4IG6FXEtvXAW9HID58PkkgAt1&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=wshKkfIzSXm9BKYqeO0vPw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJEJ1xG0KtY3NyQdlBzHUmTG8L0WKX7vU5RKXu7s3-gN4gF_Fmu5dqoUVRgx1k8gLuWLHc4IG6FXEtvXAW9HID58PkkgAt1

Request Chain 64

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKO5oRgOdWeoAyAYWVJLSzw&google_cver=1&google_push=AQvitUKI0AHWNsmAk265QN-adWcIOFAUV4z5hxFT-oqPO-uO2OmBq12kAtyqI6stsWeVGB4oU4IWr58rJ3zDjK-bldLlN_7YX9o HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VTEVBSTMtUy1KUjVL&google_push=AQvitUKI0AHWNsmAk265QN-adWcIOFAUV4z5hxFT-oqPO-uO2OmBq12kAtyqI6stsWeVGB4oU4IWr58rJ3zDjK-bldLlN_7YX9o

Request Chain 65

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_cver=1&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhqf7h-jKUK8CO7OuRXXpFuvssbjuozjHPl52uh6EFAaZBUTdzAI_urug6sIIWDWAc HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhqf7h-jKUK8CO7OuRXXpFuvssbjuozjHPl52uh6EFAaZBUTdzAI_urug6sIIWDWAc&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhqf7h-jKUK8CO7OuRXXpFuvssbjuozjHPl52uh6EFAaZBUTdzAI_urug6sIIWDWAc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhqf7h-jKUK8CO7OuRXXpFuvssbjuozjHPl52uh6EFAaZBUTdzAI_urug6sIIWDWAc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhqf7h-jKUK8CO7OuRXXpFuvssbjuozjHPl52uh6EFAaZBUTdzAI_urug6sIIWDWAc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhqf7h-jKUK8CO7OuRXXpFuvssbjuozjHPl52uh6EFAaZBUTdzAI_urug6sIIWDWAc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhqf7h-jKUK8CO7OuRXXpFuvssbjuozjHPl52uh6EFAaZBUTdzAI_urug6sIIWDWAc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhqf7h-jKUK8CO7OuRXXpFuvssbjuozjHPl52uh6EFAaZBUTdzAI_urug6sIIWDWAc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhqf7h-jKUK8CO7OuRXXpFuvssbjuozjHPl52uh6EFAaZBUTdzAI_urug6sIIWDWAc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhqf7h-jKUK8CO7OuRXXpFuvssbjuozjHPl52uh6EFAaZBUTdzAI_urug6sIIWDWAc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhqf7h-jKUK8CO7OuRXXpFuvssbjuozjHPl52uh6EFAaZBUTdzAI_urug6sIIWDWAc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhqf7h-jKUK8CO7OuRXXpFuvssbjuozjHPl52uh6EFAaZBUTdzAI_urug6sIIWDWAc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhqf7h-jKUK8CO7OuRXXpFuvssbjuozjHPl52uh6EFAaZBUTdzAI_urug6sIIWDWAc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhqf7h-jKUK8CO7OuRXXpFuvssbjuozjHPl52uh6EFAaZBUTdzAI_urug6sIIWDWAc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhqf7h-jKUK8CO7OuRXXpFuvssbjuozjHPl52uh6EFAaZBUTdzAI_urug6sIIWDWAc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhqf7h-jKUK8CO7OuRXXpFuvssbjuozjHPl52uh6EFAaZBUTdzAI_urug6sIIWDWAc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhqf7h-jKUK8CO7OuRXXpFuvssbjuozjHPl52uh6EFAaZBUTdzAI_urug6sIIWDWAc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhqf7h-jKUK8CO7OuRXXpFuvssbjuozjHPl52uh6EFAaZBUTdzAI_urug6sIIWDWAc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhqf7h-jKUK8CO7OuRXXpFuvssbjuozjHPl52uh6EFAaZBUTdzAI_urug6sIIWDWAc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhqf7h-jKUK8CO7OuRXXpFuvssbjuozjHPl52uh6EFAaZBUTdzAI_urug6sIIWDWAc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhqf7h-jKUK8CO7OuRXXpFuvssbjuozjHPl52uh6EFAaZBUTdzAI_urug6sIIWDWAc

Request Chain 67

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEMwhy86blDewJ0ReAGIt3j0&google_cver=1&google_push=AQvitULppso3iwinKGEV2coF1EjvqqcJe7F_nWbM9ATZiePiNtb1BoqzCAYBoxTrl5PushWkBnJijMp2S-6gVZeL5XXYQ4qVrJ18tQ HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitULppso3iwinKGEV2coF1EjvqqcJe7F_nWbM9ATZiePiNtb1BoqzCAYBoxTrl5PushWkBnJijMp2S-6gVZeL5XXYQ4qVrJ18tQ&google_hm=

89 HTTP transactions
13 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request cnb-bank Show response
de.login-vp.com/ 411 KB
261 KB 690ms
649ms Document
text/html 139.177.207.225
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: http://de.login-vp.com/cnb-bank
Protocol: HTTP/1.1
Server: 139.177.207.225 Atlanta, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: li2289-225.members.linode.com
Software: Apache/2.4.7 (Ubuntu) / PHP/5.5.9-1ubuntu4.29
Resource Hash: 7fab3f3b6c74294d7a1775b2076bfe090ae5fc7b0f3165a6f73017f3d7c0e5f1

Request headers

Host: de.login-vp.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 22:12:59 GMT
Server: Apache/2.4.7 (Ubuntu)
Vary: Host,Accept-Encoding
X-Powered-By: PHP/5.5.9-1ubuntu4.29
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Keep-Alive: timeout=5, max=500
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 118 KB
45 KB 24ms
21ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-LFL5HW1V30

Requested by

Host: de.login-vp.com
URL: http://de.login-vp.com/cnb-bank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a32103059d288257e1cfc589470a0ce5c146f2cb2530e2bef92fca723c4234ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:00 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46457
x-xss-protection: 0
expires: Tue, 18 May 2021 22:13:00 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 141 KB
49 KB 43ms
21ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: de.login-vp.com
URL: http://de.login-vp.com/cnb-bank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51347e5b4036f4ff0a92ba97e5daef833e73439c5a3ff34e530179da33082cc0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49781
x-xss-protection: 0
server: cafe
etag: 6222799596991222010
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 18 May 2021 22:13:00 GMT

GET
H2 200 css
fonts.googleapis.com/ 16 KB
823 B 16ms
14ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Muli:200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i&display=swap

Requested by

Host: de.login-vp.com
URL: http://de.login-vp.com/cnb-bank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4373a7c880f00a8373da62d923fdb65d84317ae8755e8a66b48e098b29adf53f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 18 May 2021 22:02:59 GMT
server: ESF
date: Tue, 18 May 2021 22:13:00 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 18 May 2021 22:13:00 GMT

GET
H2 200 css
fonts.googleapis.com/ 25 KB
1 KB 25ms
23ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&display=swap

Requested by

Host: de.login-vp.com
URL: http://de.login-vp.com/cnb-bank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a837f051ac8249ce2e1c0215298ef878bc3b3017bc2b8e5bdea1cd88e8e1e54c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 18 May 2021 21:18:20 GMT
server: ESF
date: Tue, 18 May 2021 22:13:00 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 18 May 2021 22:13:00 GMT

GET
H2 200 bootstrap.min.css
login-vp.com/css/ 152 KB
20 KB 55ms
21ms Stylesheet
text/css 2606:4700:3033::6815:2561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://login-vp.com/css/bootstrap.min.css
Requested by: Host: de.login-vp.com
URL: http://de.login-vp.com/cnb-bank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:2561 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:00 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3084
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a23232d1c0000145a74994000000001
last-modified: Fri, 20 Mar 2020 06:40:06 GMT
server: cloudflare
etag: W/"2606e-5a1438e5af3f3-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=OLmXb%2BTGSJl2gZwvKU2AFqIM3gwDy6vexd8YtUYvcMvI1scJ10UGv7%2FMKddjYA8yMMVzHI6aDv55piddgHbukzqHFvn38eH4t8ao1qSlycibNi%2FfiRkNPjA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 65186e282a59145a-FRA

GET
H2 200 style.css
login-vp.com/css/ 20 KB
4 KB 50ms
16ms Stylesheet
text/css 2606:4700:3033::6815:2561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://login-vp.com/css/style.css?v=1.81
Requested by: Host: de.login-vp.com
URL: http://de.login-vp.com/cnb-bank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:2561 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: da793eada5850ecee8fc84ef5fc79b9d5bf9f74504c0e74cdbda602aff8baf40

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:00 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3084
cf-polished: status=cannot_optimize
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a23232d1b0000145a94b69000000001
last-modified: Tue, 13 Oct 2020 08:12:10 GMT
server: cloudflare
etag: W/"4f90-5b188f8bb6137-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Tua9%2FxcfmpAhuaCsYj3QLecHY%2ByMw7QGjL%2BEXW0ufRd5z4%2B48Tvk8EP2U6%2F2P%2BUBCCEQmezp8%2FhwQqfNZVideccVNO4EUb5QkaJbZX41ueQnPyx6kvpd8zM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 65186e282a5c145a-FRA
cf-bgj: minify

GET
H2 200 font-awesome.min.css
login-vp.com/css/ 30 KB
7 KB 48ms
14ms Stylesheet
text/css 2606:4700:3033::6815:2561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://login-vp.com/css/font-awesome.min.css
Requested by: Host: de.login-vp.com
URL: http://de.login-vp.com/cnb-bank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:2561 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:00 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3084
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a23232d1b0000145aad34d000000001
last-modified: Fri, 20 Mar 2020 06:40:06 GMT
server: cloudflare
etag: W/"7918-5a1438e5b9033-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9UsLGBwoKyZWId%2Bc0P4qAivmfalMOPP%2BVBZz65H7jLPFQ1Ly4115T%2BIhAJc2VmAMPQp591tLQGewyt2assO%2BFgSdRkP%2By3T3XRU5TYd6hLehCnJmM5AzHJQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 65186e282a5d145a-FRA

GET
H2 200 sdk.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 12ms
12ms Script
application/x-javascript 2a03:2880:f045:10:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js

Requested by

Host: de.login-vp.com
URL: http://de.login-vp.com/cnb-bank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a771db742c2a7688324e3750fbb0a1c5cb07034dd2cd5a4e48bd9593988119be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: DnQerEH5zZjlUFLCPO0x5w==
cross-origin-resource-policy: cross-origin
expires: Tue, 18 May 2021 22:13:22 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1779
x-fb-rlafr: 0
x-fb-debug: TKAcf8O7YDf2Op1Chnd/PRDsw4zLXhmDwsbRSwBwkcI5n1ZEBCFwiHvE1qVQa/1RdenL6MIZp9pGnPZ8MCpIKQ==
x-fb-trip-id: 1709462857
x-fb-content-md5: 812ffb84a093a33360795e9dab74ec7a
date: Tue, 18 May 2021 22:13:00 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "771730ecd793133c53586d02f9e28231"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 raphael.min.js Show response
login-vp.com/js/ 91 KB
30 KB 55ms
21ms Script
application/javascript 2606:4700:3033::6815:2561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://login-vp.com/js/raphael.min.js
Requested by: Host: de.login-vp.com
URL: http://de.login-vp.com/cnb-bank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:2561 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c643e72fa16a0a9bce413c5047cf216fda281eeb4a47ac538807620c5a964439

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:00 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3084
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a23232d1b0000145aa88c8000000001
last-modified: Fri, 20 Mar 2020 12:29:00 GMT
server: cloudflare
etag: W/"16a5c-5a1486e20121d-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9tE5CIc2wswmryHpUombxNVwnWNabti%2BlH4TxmHd%2FFObFbLlPcTCoLFxvsK6NU0mXVdUwOhBXsdSMY%2FnKq2wCZkyjOjjzo2NX%2BsxSliF5zVvoK1m03UCjPc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 65186e282a5f145a-FRA

GET
H2 200 justgage.js Show response
login-vp.com/js/ 24 KB
5 KB 50ms
16ms Script
application/javascript 2606:4700:3033::6815:2561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://login-vp.com/js/justgage.js
Requested by: Host: de.login-vp.com
URL: http://de.login-vp.com/cnb-bank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:2561 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: af718a9183e0dec5fec9c68726f4bb03eb19d332ed9140aef29aafd328222023

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:00 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3084
cf-polished: origSize=38111
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a23232d1b0000145aa0142000000001
last-modified: Fri, 20 Mar 2020 12:28:53 GMT
server: cloudflare
etag: W/"94df-5a1486db4b322-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Tkjo4vn%2BK6NjYkkif2LsyFMJfxWCRUUQvtUJpiFF1IN0BfvegdQplfLLbttPrBs9oYGe6fTNw8QrhPh5ep6wnp4Hfj9h0vXvmFrGCpNF5hDHz6ho%2Ba6Xn%2BQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 65186e282a60145a-FRA
cf-bgj: minify

GET
H3-29 200 login-vp.png
login-vp.com/ 7 KB
8 KB 35ms
19ms Image
image/png 2606:4700:3033::6815:2561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://login-vp.com/login-vp.png
Requested by: Host: de.login-vp.com
URL: http://de.login-vp.com/cnb-bank
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2561 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 35d0dd68824ade6374d7fa5e1eac626f0392d4eeb2007b283f9d092695edeecb

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:00 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3084
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7236
cf-request-id: 0a23232d630000c2fea3101000000001
last-modified: Tue, 13 Apr 2021 19:29:30 GMT
server: cloudflare
etag: "1c44-5bfdfa62d44a2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ixPJdoMrW68yz4hg9iWo57grOqBvo84VHxHRbfWHFzmjfkcw2bTAk0JAfJV7FNlO9oMUVSrf1vND%2BNZuKua%2FB9KhHar7ZCccbOPTgvE3QQdGVGVXez8hnb4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 65186e289ee5c2fe-FRA

GET
H3-29 200 default.jpg
login-vp.com/img/ 29 KB
30 KB 28ms
13ms Image
image/jpeg 2606:4700:3033::6815:2561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://login-vp.com/img/default.jpg
Requested by: Host: de.login-vp.com
URL: http://de.login-vp.com/cnb-bank
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2561 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9eab240aa1579cd829366df5b73a9376ad0d3b7279ce6fb69315caa0222e6078

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:00 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3084
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 29890
cf-request-id: 0a23232d5f0000c2fe2120e000000001
last-modified: Fri, 20 Mar 2020 06:40:06 GMT
server: cloudflare
etag: "74c2-5a1438e50388d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=vY8pH%2F5HdBMHn5tOeXeHGR4w%2F1XIHMuFrK2GiSZScN0H0O5KyvZqv4xfv4kLmnPCOT2lu3gDv0FV4YQQSmsjhtzcQffVcXD7sAF0ms0QXsX6dryzbXVem2w%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 65186e289ee3c2fe-FRA

POST
H2 204 collect
www.google-analytics.com/g/ 0
71 B 13ms
13ms Ping
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-LFL5HW1V30&gtm=2oe5c1&_p=1612083254&sr=1600x1200&ul=en-us&cid=1921100555.1621375981&_s=1&dl=http%3A%2F%2Fde.login-vp.com%2Fcnb-bank&dt=Cnb%20Bank%20Login&sid=1621375980&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-LFL5HW1V30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 18 May 2021 22:13:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://de.login-vp.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK date.png
portal-db.live/ 474 B
758 B 356ms
318ms Image
image/png 45.79.27.228
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://portal-db.live/date.png
Requested by: Host: login-vp.com
URL: https://login-vp.com/css/style.css?v=1.81
Protocol: HTTP/1.1
Server: 45.79.27.228 Richardson, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: li1126-228.members.linode.com
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 39319b0d60b3aacabf57aba9c00f65cb01c3d1dd36aeffb41bbe6e9de01fa9df

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 22:13:01 GMT
Last-Modified: Wed, 04 Mar 2020 08:13:06 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "1da-5a002fd78ac22"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 474

GET
H2 200 7Auwp_0qiz-afTLGLQ.woff2
fonts.gstatic.com/s/muli/v22/ 30 KB
30 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/muli/v22/7Auwp_0qiz-afTLGLQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Muli:200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f5315ed9f5e070e85a60e405d9aac92286319c20c2fcb39cc2d6c01090c652d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://de.login-vp.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 07:06:02 GMT
x-content-type-options: nosniff
last-modified: Wed, 15 Jul 2020 20:50:02 GMT
server: sffe
age: 486418
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31120
x-xss-protection: 0
expires: Fri, 13 May 2022 07:06:02 GMT

GET
H3-29 200 fontawesome-webfont.woff2
login-vp.com/fonts/ 63 KB
64 KB 643ms
633ms Font
application/octet-stream 2606:4700:3033::6815:2561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://login-vp.com/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: login-vp.com
URL: https://login-vp.com/css/font-awesome.min.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2561 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019

Request headers

Origin: http://de.login-vp.com
Referer: https://login-vp.com/css/font-awesome.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:01 GMT
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 64464
cf-request-id: 0a23232d6600004e5686a0e000000001
last-modified: Fri, 20 Mar 2020 06:40:08 GMT
server: cloudflare
etag: "fbd0-5a1438e7580d3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=N%2B2zDLxusgNCHck2%2Bi9E%2FspBIeAQ%2FR6T3%2BnwF%2Bo7B6Y4fRu%2BN%2FcTzq%2B2zrZUoJxu%2BaNGHd%2FJZdleNLYwEOqEl1iMjOlDCggKCm2UpyiZJKGJRy3prNkabgc%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 65186e28acea4e56-FRA

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
15 KB 18ms
14ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://de.login-vp.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 21:15:20 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
age: 89860
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
expires: Tue, 17 May 2022 21:15:20 GMT

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210511/r20190131/ 223 KB
82 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210511/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-6983341711079297&plah=de.login-vp.com&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66f661926ae6c1e13c6b2169733476eb03b9be46e333e5f81eab69a5b0d27ace

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84097
x-xss-protection: 0
server: cafe
etag: 12558658968377452156
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 18 May 2021 22:13:01 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210511/r20190131/ Frame 97F6 10 KB
5 KB 6ms
5ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210511/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210511/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://de.login-vp.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://de.login-vp.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 18 May 2021 20:24:49 GMT
expires: Tue, 01 Jun 2021 20:24:49 GMT
content-type: text/html; charset=UTF-8
etag: 10446291943670460780
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4644
x-xss-protection: 0
age: 6492
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 us.png
login-vp.com/flag/ 609 B
1 KB 16ms
15ms Image
image/png 2606:4700:3033::6815:2561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://login-vp.com/flag/us.png
Requested by: Host: de.login-vp.com
URL: http://de.login-vp.com/cnb-bank
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2561 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36cce5cae3d2e0045b2b2b6cbffdad7a0aba3e99919cc219bbf0578efdc45585

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:01 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3085
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 609
cf-request-id: 0a23232dd20000c2fe300cf000000001
last-modified: Fri, 20 Mar 2020 06:39:39 GMT
server: cloudflare
etag: "261-5a1438cb46fe3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Kqw0NXwm4qpwv9xFSDEuYvZAaH85plwOw8EjGzJ40DfzHMMenpoH9tzTpZi4S%2BxoBy8IaAEBu0kKa83OpMDyTeeleJ4OcqFVLX5tb7D6Z42Kvid83XBproc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 65186e295fb6c2fe-FRA

GET
H3-29 200 sdk.js Show response
connect.facebook.net/en_GB/ 213 KB
63 KB 14ms
13ms Script
application/x-javascript 2a03:2880:f045:10:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js?hash=e4270ef05b9949a3e18449a7ebad37bd&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/sdk.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ab62007cefe281885ed8e628a4cbc3852e2f2f1c25e98e12561a6d81167c747d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: http://de.login-vp.com
Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: ZoNZXVpkbSXw5Z486RukYA==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 64597
x-fb-rlafr: 0
x-fb-debug: KOWiBKVUz5d8Ac6adt/KbGKohClFw2sNqEf0UXu+hhtbbSicYeAlL67th2CVy5vA20j1pOx3OvDf8HdeOmV+ng==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: b9889c31e40053fbfd739c53318f6864
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 18 May 2021 22:13:01 GMT
vary: Accept-Encoding
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "e489a1575744e99182e87c950109c78a"
timing-allow-origin: *
priority: u=3,i
expires: Wed, 18 May 2022 18:59:36 GMT

GET
DATA 200
OK truncated
/ 31 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8cfa13213e0e044b46b217595186161312bc1a90d34e637fb9361a82341a26d6

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H3-29 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
15 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://de.login-vp.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 14 May 2021 10:13:28 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
age: 388773
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
expires: Sat, 14 May 2022 10:13:28 GMT

GET
DATA 200
OK truncated
/ 16 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e22927b700cf19b85c8eba2eab2c5b66b195e02eed0bccef14963d7609ee2d1

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 12 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89193e20761849411588763243bbdad79d084aac4651c2917c9edfc9a46ec908

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 202 B
640 B 235ms
94ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=de.login-vp.com&callback=_gfp_s_&client=ca-pub-6983341711079297

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210511/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-6983341711079297&plah=de.login-vp.com&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

979945cfae928c5ad7fdf1256c32a2b6e12a7c86f6774a7cd41d8aa542720e64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 192
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
799 B 36ms
15ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=de.login-vp.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 18 May 2021 22:13:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 35ms
14ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=de.login-vp.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 18 May 2021 22:13:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FBDA 13 KB
1 KB 115ms
113ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6983341711079297&output=html&adk=1812271804&adf=3025194257&lmt=1621375981&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fde.login-vp.com%2Fcnb-bank&ea=0&flash=0&pra=5&wgl=1&dt=1621375980991&bpp=4&bdt=201&idt=138&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5704546592542&frm=20&pv=2&ga_vid=1921100555.1621375981&ga_sid=1621375981&ga_hid=1612083254&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060711&oid=3&pvsid=277186302794104&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=1&uci=a!1&fsb=1&dtd=170

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

96f7e71f0d3a77aba48e72cdf117ae6bf70b3b143463ee88629985c249c97d0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-6983341711079297&output=html&adk=1812271804&adf=3025194257&lmt=1621375981&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fde.login-vp.com%2Fcnb-bank&ea=0&flash=0&pra=5&wgl=1&dt=1621375980991&bpp=4&bdt=201&idt=138&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5704546592542&frm=20&pv=2&ga_vid=1921100555.1621375981&ga_sid=1621375981&ga_hid=1612083254&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060711&oid=3&pvsid=277186302794104&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=1&uci=a!1&fsb=1&dtd=170
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://de.login-vp.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://de.login-vp.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 18 May 2021 22:13:01 GMT
server: cafe
content-length: 1018
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 18-May-2021 22:28:01 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 18 May 2021 22:13:01 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
27 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a138f5a790f47f9c8e1b3b6c88ea4fecb1abd1b1011a7d842b721d2fa943ed3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251140663589"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27994
x-xss-protection: 0
expires: Tue, 18 May 2021 22:13:01 GMT

GET
DATA 200
OK truncated
/ 30 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f35d7fdc8e1577d304b580887ba55ded5946566031d89a8b139c09b820963df5

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 11 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 885f49feb8e498aa65425db9775be10ed3f99632f29734472fd4036079bc7c75

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 31 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 927ed0086a3612da7a5a8da3cd723ad45a84ade4161f885f6c6a4c5c9ec38ebc

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 14 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4cee2ec512f868c345f558cc81ef3e9e22c076c4888c72cc8b1d1b289842478f

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 19 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0c4dbe4fcd9aa17731dbe27f053b03e60f11dd9561fcbf1faafe86f7c4b86173

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 29 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aeec355c5253b6331b21fe54fef82488f857b9cb2c0f50069ed86d5f7e37612b

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 18 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a8a63d4068def45025d00d6942b874e65109f9721784c3840a34f245b222a5b8

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H3-29 200 KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2
fonts.gstatic.com/s/roboto/v27/ 12 KB
12 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

336bb30461d407ee72236de87aca4fe68d611e1bee0030326778c858a4685b1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://de.login-vp.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 14 May 2021 10:13:27 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:52 GMT
server: sffe
age: 388774
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11836
x-xss-protection: 0
expires: Sat, 14 May 2022 10:13:27 GMT

GET
DATA 200
OK truncated
/ 33 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 36c106ca46ee3c0976d1b67a09aab1853a32c48e05dad7a46b58940aa1a1b57d

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H3-29 200 nopreview.jpg
login-vp.com/ 6 KB
6 KB 21ms
15ms Image
image/jpeg 2606:4700:3033::6815:2561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://login-vp.com/nopreview.jpg
Requested by: Host: de.login-vp.com
URL: http://de.login-vp.com/cnb-bank
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2561 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 76cce5465f6ef2aecd7bfa79d77aa732945d8ec2bc93c16db70bead01634d6a1

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:01 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2885
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5798
cf-request-id: 0a23232ee70000c2fe32812000000001
last-modified: Mon, 23 Mar 2020 17:16:29 GMT
server: cloudflare
etag: "16a6-5a188cbbded62"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=EPE3TYmfBaRMcJHHuZYyJwpsAqBdTnvYMTj4eEYhRWBpokmAmofbrGwYY%2B5l1wxgypheTvozU67HgVye1XdXtZ0EtlAS7wxG7jslIC83FocCqJc8xU8c9bU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 65186e2b09b2c2fe-FRA

GET
H3-29 200 bookmark.png
login-vp.com/ 1 KB
2 KB 19ms
14ms Image
image/png 2606:4700:3033::6815:2561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://login-vp.com/bookmark.png
Requested by: Host: de.login-vp.com
URL: http://de.login-vp.com/cnb-bank
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2561 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0893856b554c60f747201fd6efbfa01d29ed4c7f1ae0422e534050eba48b194

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:01 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3085
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1212
cf-request-id: 0a23232ee70000c2fe52061000000001
last-modified: Sat, 21 Mar 2020 07:23:58 GMT
server: cloudflare
etag: "4bc-5a158490e2bbb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=kCuIuzGgvmJ%2B5VaPg%2FFh7R%2BFvpL2Afs%2FOtSSs8FHMzs48JWs9Kr1rwMktRe916pcadNKDOE3TuxX5%2BtP2cT784g%2BsDU62HSlgOnujGbFo5SQHDwigNFe0ZQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 65186e2b09b4c2fe-FRA

GET
H3-29 200 attention.gif
login-vp.com/ 9 KB
10 KB 21ms
16ms Image
image/gif 2606:4700:3033::6815:2561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://login-vp.com/attention.gif
Requested by: Host: de.login-vp.com
URL: http://de.login-vp.com/cnb-bank
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2561 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2227bcfe6825425df00844a0251571f00cbd4341842c23812962abfc5eaa0819

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:01 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3085
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9271
cf-request-id: 0a23232ee70000c2fe300dc000000001
last-modified: Sat, 21 Mar 2020 07:24:07 GMT
server: cloudflare
etag: "2437-5a158499f482b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2F%2FzxLshiKoEtNp1LF9ZB2D2TC%2Fxf2Mpbm6PNQJ0Ct4KlMRnMQDeUG3ngKLCP8fPAntYZn%2FUmEl0QfSedXpeo4BKC9jVGFsd24yhMH6E4ognSTD571k5YRRs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 65186e2b09b6c2fe-FRA

GET
H3-29 200 elogin-db-stamp.png
login-vp.com/ 14 KB
14 KB 20ms
16ms Image
image/png 2606:4700:3033::6815:2561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://login-vp.com/elogin-db-stamp.png
Requested by: Host: de.login-vp.com
URL: http://de.login-vp.com/cnb-bank
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2561 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d86e98e5c29e7a6cda4fe7a8b623dd49ba415cc072066f09de985adbc322d25b

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:01 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3085
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13969
cf-request-id: 0a23232ee70000c2fe2daad000000001
last-modified: Mon, 23 Mar 2020 08:48:46 GMT
server: cloudflare
etag: "3691-5a181b403ac8d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=uF1rpsl3wMMEv809hSc9mUwfIx2dewGGry8R8x3AHQfdbf7ahORtc0JE80RQl6vUMwi1TAuhdf5tAve2wM7xNIWpmerjJwIpVRKqmhdsAyiP8LFbiE3hbgk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 65186e2b09b8c2fe-FRA

GET
H3-29 200 jquery.min.js Show response
login-vp.com/js/ 86 KB
30 KB 27ms
23ms Script
application/javascript 2606:4700:3033::6815:2561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://login-vp.com/js/jquery.min.js
Requested by: Host: de.login-vp.com
URL: http://de.login-vp.com/cnb-bank
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2561 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3084
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a23232ee80000c2fe97203000000001
last-modified: Fri, 20 Mar 2020 06:40:05 GMT
server: cloudflare
etag: W/"15851-5a1438e49b5e3-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=bym15j%2FK2dUL7%2FVu8EGDWIz377%2FDMAhDlZPZDIGuRnHnFXtzrCTxoq36CjV6qJVWiydsLxnQ66N889Prv388P%2FtjyD7VJdrWqvYhTqTo7zzR%2B7f1%2FoMSz%2Fk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 65186e2b09aec2fe-FRA

GET
H3-29 200 bootstrap.bundle.min.js Show response
login-vp.com/js/ 77 KB
21 KB 25ms
21ms Script
application/javascript 2606:4700:3033::6815:2561
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://login-vp.com/js/bootstrap.bundle.min.js
Requested by: Host: de.login-vp.com
URL: http://de.login-vp.com/cnb-bank
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2561 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f3145c87d3570154f633975e8a4f8d30aa38603edaba145501e9c90ddbe186c

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3085
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a23232ee70000c2fe6bb9f000000001
last-modified: Fri, 20 Mar 2020 06:40:05 GMT
server: cloudflare
etag: W/"1332b-5a1438e4a451d-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=69sbyjzbwBCvKLJTGqlVXzzeiCks9xdyC7Kl%2B9IqSaPgoj%2Bm4du7MIIBFDWakF%2BSodcqdz137pEwSkTDT38auA9fVR9uuMLR%2FZsrUHRd5MRg5FlwI8EJQzU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 65186e2b09b0c2fe-FRA

GET
DATA 200
OK truncated
/ 20 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0c889baa24e49e0b4574ae6d7d034c14df70d13ff229b4de038fa22f211b6d08

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 24ms
23ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=de.login-vp.com

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 18 May 2021 22:13:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 27ms
25ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=de.login-vp.com

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 18 May 2021 22:13:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5229 399 B
225 B 148ms
147ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6983341711079297&output=html&h=280&adk=3419599464&adf=2629982902&pi=t.aa~a.1411169061~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1621375981&rafmt=1&to=qs&pwprc=5000380890&psa=0&format=350x280&url=http%3A%2F%2Fde.login-vp.com%2Fcnb-bank&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1621375981485&bpp=3&bdt=695&idt=-M&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5704546592542&frm=20&pv=1&ga_vid=1921100555.1621375981&ga_sid=1621375981&ga_hid=1612083254&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=1802&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060711&oid=3&pvsid=277186302794104&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=vskn9OsfHL&p=http%3A//de.login-vp.com&dtd=31

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7e1cd4509233853425cafd689119c000565c4cb44f451ec1c248e5c4e91f0b33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-6983341711079297&output=html&h=280&adk=3419599464&adf=2629982902&pi=t.aa~a.1411169061~rp.4&w=350&fwrn=4&fwrnh=100&lmt=1621375981&rafmt=1&to=qs&pwprc=5000380890&psa=0&format=350x280&url=http%3A%2F%2Fde.login-vp.com%2Fcnb-bank&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1621375981485&bpp=3&bdt=695&idt=-M&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=5704546592542&frm=20&pv=1&ga_vid=1921100555.1621375981&ga_sid=1621375981&ga_hid=1612083254&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=1802&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060711&oid=3&pvsid=277186302794104&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=vskn9OsfHL&p=http%3A//de.login-vp.com&dtd=31
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://de.login-vp.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://de.login-vp.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 18 May 2021 22:13:01 GMT
server: cafe
content-length: 201
x-xss-protection: 0
set-cookie: IDE=AHWqTUnAtcvV95WZudWmuK55xqujso_5yhVB1MX_o6j3cQOzGfzeGjzHma5d-D2QhWA; expires=Sun, 12-Jun-2022 22:13:01 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 18 May 2021 22:13:01 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DE09 15 KB
7 KB 229ms
229ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6983341711079297&output=html&h=280&adk=1414751727&adf=3346987187&pi=t.aa~a.3790863795~rp.3&w=350&fwrn=4&fwrnh=100&lmt=1621375981&rafmt=1&to=qs&pwprc=5000380890&psa=0&format=350x280&url=http%3A%2F%2Fde.login-vp.com%2Fcnb-bank&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1621375981485&bpp=1&bdt=695&idt=-M&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280&nras=3&correlator=5704546592542&frm=20&pv=1&ga_vid=1921100555.1621375981&ga_sid=1621375981&ga_hid=1612083254&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=3120&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060711&oid=3&pvsid=277186302794104&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=j4FhoGLzc3&p=http%3A//de.login-vp.com&dtd=39

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb1249871aedd4a8aca8bacf8dc546638362ebf4aa3d8c92a253ba89f41fe437

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-6983341711079297&output=html&h=280&adk=1414751727&adf=3346987187&pi=t.aa~a.3790863795~rp.3&w=350&fwrn=4&fwrnh=100&lmt=1621375981&rafmt=1&to=qs&pwprc=5000380890&psa=0&format=350x280&url=http%3A%2F%2Fde.login-vp.com%2Fcnb-bank&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1621375981485&bpp=1&bdt=695&idt=-M&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280&nras=3&correlator=5704546592542&frm=20&pv=1&ga_vid=1921100555.1621375981&ga_sid=1621375981&ga_hid=1612083254&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=3120&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060711&oid=3&pvsid=277186302794104&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=j4FhoGLzc3&p=http%3A//de.login-vp.com&dtd=39
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://de.login-vp.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://de.login-vp.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 18 May 2021 22:13:01 GMT
server: cafe
content-length: 6903
x-xss-protection: 0
set-cookie: IDE=AHWqTUlR5RtYYmkZdCCSz-EiYt_iN1iGk099_FsPVrJ5CHW6Vh80v8gx4mNDIOkXrQI; expires=Sun, 12-Jun-2022 22:13:01 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 18 May 2021 22:13:01 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E234 399 B
223 B 139ms
137ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6983341711079297&output=html&h=176&adk=3812117829&adf=852203437&pi=t.aa~a.3879402452~rp.4&w=730&lmt=1621375981&nsk=87bac126&rafmt=11&pwprc=5000380890&psa=0&ad_type=text_image&format=730x176&url=http%3A%2F%2Fde.login-vp.com%2Fcnb-bank&flash=0&pra=3&wgl=1&fa=26&dt=1621375981485&bpp=2&bdt=695&idt=-M&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280%2C350x280&nras=4&correlator=5704546592542&frm=20&pv=1&ga_vid=1921100555.1621375981&ga_sid=1621375981&ga_hid=1612083254&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=1300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060711&oid=3&pvsid=277186302794104&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=ggqcL8fibn&p=http%3A//de.login-vp.com&dtd=46

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b76d936cdbcbf9a542371b4adbbcb0883c72aa8494632447a0e8cab706212804

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-6983341711079297&output=html&h=176&adk=3812117829&adf=852203437&pi=t.aa~a.3879402452~rp.4&w=730&lmt=1621375981&nsk=87bac126&rafmt=11&pwprc=5000380890&psa=0&ad_type=text_image&format=730x176&url=http%3A%2F%2Fde.login-vp.com%2Fcnb-bank&flash=0&pra=3&wgl=1&fa=26&dt=1621375981485&bpp=2&bdt=695&idt=-M&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280%2C350x280&nras=4&correlator=5704546592542&frm=20&pv=1&ga_vid=1921100555.1621375981&ga_sid=1621375981&ga_hid=1612083254&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=1300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060711&oid=3&pvsid=277186302794104&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=ggqcL8fibn&p=http%3A//de.login-vp.com&dtd=46
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://de.login-vp.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://de.login-vp.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 18 May 2021 22:13:01 GMT
server: cafe
content-length: 199
x-xss-protection: 0
set-cookie: IDE=AHWqTUl4M75QmROWFickS8m7cA646aHP2jJ9n4nGlEGsUyVj1ukmfPGBHrPWrghds8o; expires=Sun, 12-Jun-2022 22:13:01 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 18 May 2021 22:13:01 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C57A 399 B
224 B 101ms
101ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6983341711079297&output=html&h=172&adk=1170218857&adf=1553515836&pi=t.aa~a.3879374461~rp.4&w=730&lmt=1621375981&nsk=b7291182&rafmt=11&pwprc=5000380890&psa=0&ad_type=text_image&format=730x172&url=http%3A%2F%2Fde.login-vp.com%2Fcnb-bank&flash=0&pra=3&wgl=1&fa=26&dt=1621375981485&bpp=1&bdt=696&idt=-M&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280%2C350x280%2C730x176&nras=5&correlator=5704546592542&frm=20&pv=1&ga_vid=1921100555.1621375981&ga_sid=1621375981&ga_hid=1612083254&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=1820&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060711&oid=3&pvsid=277186302794104&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=SfGjG9WVxZ&p=http%3A//de.login-vp.com&dtd=50

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8cf5ca6fe033c49aef317b510a54d4a36f9200278a3960337b526b4ced7dde88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-6983341711079297&output=html&h=172&adk=1170218857&adf=1553515836&pi=t.aa~a.3879374461~rp.4&w=730&lmt=1621375981&nsk=b7291182&rafmt=11&pwprc=5000380890&psa=0&ad_type=text_image&format=730x172&url=http%3A%2F%2Fde.login-vp.com%2Fcnb-bank&flash=0&pra=3&wgl=1&fa=26&dt=1621375981485&bpp=1&bdt=696&idt=-M&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280%2C350x280%2C730x176&nras=5&correlator=5704546592542&frm=20&pv=1&ga_vid=1921100555.1621375981&ga_sid=1621375981&ga_hid=1612083254&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=1820&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060711&oid=3&pvsid=277186302794104&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=SfGjG9WVxZ&p=http%3A//de.login-vp.com&dtd=50
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://de.login-vp.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://de.login-vp.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 18 May 2021 22:13:01 GMT
server: cafe
content-length: 200
x-xss-protection: 0
set-cookie: IDE=AHWqTUmjG9uLXLo-u5BtnRmpIUIEvQqW_nrlnLUGvLjYhGy0Nk7xtRJylS9ZN0oNnWg; expires=Sun, 12-Jun-2022 22:13:01 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 18 May 2021 22:13:01 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A5E1 399 B
224 B 109ms
109ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6983341711079297&output=html&h=172&adk=1170218857&adf=3385562910&pi=t.aa~a.3879400511~rp.4&w=730&lmt=1621375981&nsk=5d9b1eda&rafmt=11&pwprc=5000380890&psa=0&ad_type=text_image&format=730x172&url=http%3A%2F%2Fde.login-vp.com%2Fcnb-bank&flash=0&pra=3&wgl=1&fa=26&dt=1621375981485&bpp=1&bdt=696&idt=-M&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280%2C350x280%2C730x176%2C730x172&nras=6&correlator=5704546592542&frm=20&pv=1&ga_vid=1921100555.1621375981&ga_sid=1621375981&ga_hid=1612083254&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=2596&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060711&oid=3&pvsid=277186302794104&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=8Ly9YsFypB&p=http%3A//de.login-vp.com&dtd=56

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c5ab911a57f9ba75666ced4f9b25acaf1eb78075f98d8d3e2785a593d0d52129

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-6983341711079297&output=html&h=172&adk=1170218857&adf=3385562910&pi=t.aa~a.3879400511~rp.4&w=730&lmt=1621375981&nsk=5d9b1eda&rafmt=11&pwprc=5000380890&psa=0&ad_type=text_image&format=730x172&url=http%3A%2F%2Fde.login-vp.com%2Fcnb-bank&flash=0&pra=3&wgl=1&fa=26&dt=1621375981485&bpp=1&bdt=696&idt=-M&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280%2C350x280%2C730x176%2C730x172&nras=6&correlator=5704546592542&frm=20&pv=1&ga_vid=1921100555.1621375981&ga_sid=1621375981&ga_hid=1612083254&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=2596&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060711&oid=3&pvsid=277186302794104&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=8Ly9YsFypB&p=http%3A//de.login-vp.com&dtd=56
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://de.login-vp.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://de.login-vp.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 18 May 2021 22:13:01 GMT
server: cafe
content-length: 200
x-xss-protection: 0
set-cookie: IDE=AHWqTUnGKy7LpeFz4Ksg15vPE7k7p4AoAzgiHuenIwrKcEob7BZqCXmISjglhSURDaA; expires=Sun, 12-Jun-2022 22:13:01 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 18 May 2021 22:13:01 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B1A4 399 B
223 B 121ms
121ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6983341711079297&output=html&h=172&adk=1170218857&adf=4175359473&pi=t.aa~a.3879378061~rp.4&w=730&lmt=1621375981&nsk=c43f890c&rafmt=11&pwprc=5000380890&psa=0&ad_type=text_image&format=730x172&url=http%3A%2F%2Fde.login-vp.com%2Fcnb-bank&flash=0&pra=3&wgl=1&fa=26&dt=1621375981485&bpp=1&bdt=696&idt=1&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280%2C350x280%2C730x176%2C730x172%2C730x172&nras=7&correlator=5704546592542&frm=20&pv=1&ga_vid=1921100555.1621375981&ga_sid=1621375981&ga_hid=1612083254&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=3447&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060711&oid=3&pvsid=277186302794104&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=a3DbXKRzuT&p=http%3A//de.login-vp.com&dtd=61

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6cc628e53fa1884beaeefc60f6bc08a68f6a49037371a3b7316fe8062ad1e130

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-6983341711079297&output=html&h=172&adk=1170218857&adf=4175359473&pi=t.aa~a.3879378061~rp.4&w=730&lmt=1621375981&nsk=c43f890c&rafmt=11&pwprc=5000380890&psa=0&ad_type=text_image&format=730x172&url=http%3A%2F%2Fde.login-vp.com%2Fcnb-bank&flash=0&pra=3&wgl=1&fa=26&dt=1621375981485&bpp=1&bdt=696&idt=1&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280%2C350x280%2C730x176%2C730x172%2C730x172&nras=7&correlator=5704546592542&frm=20&pv=1&ga_vid=1921100555.1621375981&ga_sid=1621375981&ga_hid=1612083254&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=3447&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060711&oid=3&pvsid=277186302794104&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=a3DbXKRzuT&p=http%3A//de.login-vp.com&dtd=61
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://de.login-vp.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://de.login-vp.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 18 May 2021 22:13:01 GMT
server: cafe
content-length: 199
x-xss-protection: 0
set-cookie: IDE=AHWqTUnm_k3xzkaIyM3H2MxTllCej2qEDtU9QXE0acd2t7q-T2XmAOgiWhjEYqDtoog; expires=Sun, 12-Jun-2022 22:13:01 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 18 May 2021 22:13:01 GMT
cache-control: private

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 5284 0
0 44ms
43ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CA70c7TukYNr_IN_L7_UPg9y90AuQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTY5ODMzNDE3MTEwNzkyOTegAcKu6N0DyAEJqQImGHnx7YG0PqgDAaoE1wFP0NW4vdK28YAhbNTMZy3ePRRTH7RLOSTBMGZwpGLRe-KlEIUcIfLbv98MxEAVoNMG-xmHP2G7WLA_FX1dKQ7zLSMdz6shqhfh1f2H9KHsRSvSKDvYgg5PfyAriiithgLvgkh3EfAlGcoY0KMTgeu9ffg82rGaYy6Dpv6UnbtTmuXUYZkEAWQB1nlaLh7uNqS7ZDBkMyREOH6mQ4Y0-tEWtWP20eUkfxtb6Trs-hA6S1-TubbzIIV54xD6M6I_7nSWZq6qB2rykMbMGcmmhGR7ZQj1b4sJi4AG7cGWv9bnq5_EAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BvYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxgKFhIUcHViLTY5ODMzNDE3MTEwNzkyOTc&sigh=3cKiZ_xCKAU

Requested by

Host: de.login-vp.com
URL: http://de.login-vp.com/cnb-bank

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6983341711079297&output=html&h=280&adk=1414751727&adf=3346987187&pi=t.aa~a.3790863795~rp.3&w=350&fwrn=4&fwrnh=100&lmt=1621375981&rafmt=1&to=qs&pwprc=5000380890&psa=0&format=350x280&url=http%3A%2F%2Fde.login-vp.com%2Fcnb-bank&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1621375981485&bpp=1&bdt=695&idt=-M&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280&nras=3&correlator=5704546592542&frm=20&pv=1&ga_vid=1921100555.1621375981&ga_sid=1621375981&ga_hid=1612083254&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=3120&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060711&oid=3&pvsid=277186302794104&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=j4FhoGLzc3&p=http%3A//de.login-vp.com&dtd=39
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 18 May 2021 22:13:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame 5284 0
0 33ms
16ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1gjq2rbjvngg0wkfpnasbn83rehzqbenbjjmdsvzcyy48051f7kchw08258b4gqhmar735hpt8snmamhc4b0ac2hsd1yhht6eka9w8x88jp6j69zn6hdhjkamafeqng6s5w9jc8pkpxsvxhrmyce96akn65r2c4ehhg7m0fhf2kq3kn8x795zhed3ms5grermcyphnn11qtqp6c8zn3btaqrjn205z8rdc9mypvb33y1y5phqcrwjdz45t6yxg3mamp878h6zgaqg701y99qw7q19g0tbtc8eyz4x737vf255m15ryq0e2tqfcmxnbzyhnt9nfrjrgvc2gf3rtatkaaarxwak8j9wfx26m9t0z6j1xrar14djbmgrqp6zbbnhxtbxarv&b=YKQ77QAIP9oIu-XfAA9uA7cD-DxkEjJ80Alr8Q
Requested by: Host: de.login-vp.com
URL: http://de.login-vp.com/cnb-bank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 18 May 2021 22:13:01 GMT
via: 1.1 google
alt-svc: clear
content-type: image/gif

GET
H2 200 dr Show response
ad4m.at/ad/ Frame A2EB 2 KB
2 KB 50ms
32ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4m.at/ad/dr?ed=1k19chy52nwdn0qvjyzwj0pxrkbzxjvekmfxdjxardxwrq8mk6q97qkc8rbwh56svbvzdn1qj8654em57pb143cpdbp0taj8bpnhwrgcrgahngacdxh1rh5zk6q1j0qqx1bpxm1yjx31528x54kff9wkjyf5ybz4frkkc3nx61qjfvwmbyy4crpk48674rdnq8pbcc9wgwch2wf8487vq810zvegdmw36grw0frwnvnnmm3ne29nvzcv2xt63cvjp1g383975694b8qk0xpdrbknb049hg5y6vpep468969mgkkrzf4sjfce4xetdrkz4n3x0gvvarpr2apk57k15pn3r9he9qenbarsk9xmp2j1zaqz4z2k7pyrt5pha&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCyjQX7TukYNr_IN_L7_UPg9y90AuQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTY5ODMzNDE3MTEwNzkyOTegAcKu6N0DyAEJqQImGHnx7YG0PqgDAaoE2gFP0NW4vdK28YAhbNTMZy3ePRRTH7RLOSTBMGZwpGLRe-KlEIUcIfLbv98MxEAVoNMG-xmHP2G7WLA_FX1dKQ7zLSMdz6shqhfh1f2H9KHsRSvSKDvYgg5PfyAriiithgLvgkh3EfAlGcoY0KMTgeu9ffg82rGaYy6Dpv6UnbtTmuXUYZkEAWQB1nlaLh7uNqS7ZDBkMyREOH6mQ4Y0-tEWtWP20eUkfxtb6Trs-hA6S1-TubbzIIV54xD6M6I_7nSWZq6qByjwnVQbzE7mTOMz89K8_Xkwn-Ag4oAG7cGWv9bnq5_EAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BvYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1B6tN6rzPTCXGcVNBMS560DiUdVQ%26client%3Dca-pub-6983341711079297%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6983341711079297&output=html&h=280&adk=1414751727&adf=3346987187&pi=t.aa~a.3790863795~rp.3&w=350&fwrn=4&fwrnh=100&lmt=1621375981&rafmt=1&to=qs&pwprc=5000380890&psa=0&format=350x280&url=http%3A%2F%2Fde.login-vp.com%2Fcnb-bank&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1621375981485&bpp=1&bdt=695&idt=-M&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280&nras=3&correlator=5704546592542&frm=20&pv=1&ga_vid=1921100555.1621375981&ga_sid=1621375981&ga_hid=1612083254&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=3120&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060711&oid=3&pvsid=277186302794104&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=j4FhoGLzc3&p=http%3A//de.login-vp.com&dtd=39

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

798898b50f4590c8c1ee20b29a2977752ced895e4659be3bb3c4f1de6407321e

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /ad/dr?ed=1k19chy52nwdn0qvjyzwj0pxrkbzxjvekmfxdjxardxwrq8mk6q97qkc8rbwh56svbvzdn1qj8654em57pb143cpdbp0taj8bpnhwrgcrgahngacdxh1rh5zk6q1j0qqx1bpxm1yjx31528x54kff9wkjyf5ybz4frkkc3nx61qjfvwmbyy4crpk48674rdnq8pbcc9wgwch2wf8487vq810zvegdmw36grw0frwnvnnmm3ne29nvzcv2xt63cvjp1g383975694b8qk0xpdrbknb049hg5y6vpep468969mgkkrzf4sjfce4xetdrkz4n3x0gvvarpr2apk57k15pn3r9he9qenbarsk9xmp2j1zaqz4z2k7pyrt5pha&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCyjQX7TukYNr_IN_L7_UPg9y90AuQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTY5ODMzNDE3MTEwNzkyOTegAcKu6N0DyAEJqQImGHnx7YG0PqgDAaoE2gFP0NW4vdK28YAhbNTMZy3ePRRTH7RLOSTBMGZwpGLRe-KlEIUcIfLbv98MxEAVoNMG-xmHP2G7WLA_FX1dKQ7zLSMdz6shqhfh1f2H9KHsRSvSKDvYgg5PfyAriiithgLvgkh3EfAlGcoY0KMTgeu9ffg82rGaYy6Dpv6UnbtTmuXUYZkEAWQB1nlaLh7uNqS7ZDBkMyREOH6mQ4Y0-tEWtWP20eUkfxtb6Trs-hA6S1-TubbzIIV54xD6M6I_7nSWZq6qByjwnVQbzE7mTOMz89K8_Xkwn-Ag4oAG7cGWv9bnq5_EAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BvYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1B6tN6rzPTCXGcVNBMS560DiUdVQ%26client%3Dca-pub-6983341711079297%26adurl%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Tue, 18 May 2021 22:13:01 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires: 0
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy: block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy: same-origin
pragma: no-cache
surrogate-control: no-store
x-fastcgi-cache: BYPASS
x-backend-server: adsrv-7d3s
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-request-id: 0a232330de00004a9815385000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 65186e2e2a134a98-FRA
content-encoding: br

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 5284 2 KB
1 KB 29ms
7ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:07:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 324
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 01 Jun 2021 22:07:37 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame A9BF 1 KB
749 B 7ms
6ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 18 May 2021 03:14:09 GMT
expires: Wed, 19 May 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 68332
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5284 118 KB
36 KB 24ms
20ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251134821955"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36689
x-xss-protection: 0
expires: Tue, 18 May 2021 22:13:01 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 5284 13 KB
6 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:10:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 168
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 01 Jun 2021 22:10:13 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame A9BF 35 B
463 B 32ms
8ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJFsOE5UCHOmre9TEysZh5Y&google_cver=1&google_push=AQvitUI2TUzsBmMu8JcAD98qP0qKiuKT2UuB5Xss1VUKUV3fOaiVzX08kRd8z5SVdhdukyl7F44QpTu680x8My7B_xYlskzYcbA

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 May 2021 22:13:01 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame A9BF
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEKP7tFglo4W0oetmHSJPmY8&google_cver=1&google_push=AQvitULhF5EbS45PkGZScRYMSXEXX1cI6dFV6SO9ouGb2jTwhbeFlsiuMn7Gbp3cvZv_eFO8Pjz7SS1Fg9IIpxGHsXSf7-DJLWpD
https://rtb.openx.net/sync/dds?google_gid=CAESEKP7tFglo4W0oetmHSJPmY8&google_cver=1&google_push=AQvitULhF5EbS45PkGZScRYMSXEXX1cI6dFV6SO9ouGb2jTwhbeFlsiuMn7Gbp3cvZv_eFO8Pjz7SS1Fg9IIpxGHsXSf7-DJLWpD&...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULhF5EbS45PkGZScRYMSXEXX1cI6dFV6SO9ouGb2jTwhbeFlsiuMn7Gbp3cvZv_eFO8Pjz7SS1Fg9IIpxGHsXSf7-DJLWpD&google_hm=snrcVOt7yY8LNVDSrFyb9g==

170 B
188 B

61ms
61ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULhF5EbS45PkGZScRYMSXEXX1cI6dFV6SO9ouGb2jTwhbeFlsiuMn7Gbp3cvZv_eFO8Pjz7SS1Fg9IIpxGHsXSf7-DJLWpD&google_hm=snrcVOt7yY8LNVDSrFyb9g==

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 May 2021 22:13:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 18 May 2021 22:13:01 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULhF5EbS45PkGZScRYMSXEXX1cI6dFV6SO9ouGb2jTwhbeFlsiuMn7Gbp3cvZv_eFO8Pjz7SS1Fg9IIpxGHsXSf7-DJLWpD&google_hm=snrcVOt7yY8LNVDSrFyb9g==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: s4onl3qf9ph4rk1iecvvflh4rcratq1t

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame A9BF
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=wshKkfIzSXm9BKYqeO0vPw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

62ms
62ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=wshKkfIzSXm9BKYqeO0vPw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJEJ1xG0KtY3NyQdlBzHUmTG8L0WKX7vU5RKXu7s3-gN4gF_Fmu5dqoUVRgx1k8gLuWLHc4IG6FXEtvXAW9HID58PkkgAt1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 May 2021 22:13:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=wshKkfIzSXm9BKYqeO0vPw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJEJ1xG0KtY3NyQdlBzHUmTG8L0WKX7vU5RKXu7s3-gN4gF_Fmu5dqoUVRgx1k8gLuWLHc4IG6FXEtvXAW9HID58PkkgAt1
date: Tue, 18 May 2021 22:13:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame A9BF
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKO5oRgOdWeoAyAYWVJLSzw&google_cver=1&google_push=AQvitUKI0AHWNsmAk265QN-adWcIOFAUV4z5hxFT-oqPO-uO2OmBq12kAtyqI6stsWeVGB4oU4I...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VTEVBSTMtUy1KUjVL&google_push=AQvitUKI0AHWNsmAk265QN-adWcIOFAUV4z5hxFT-oqPO-uO2OmBq12kAtyqI6stsWeVGB4oU4IWr58rJ3zDjK-bldLlN_7YX9o

170 B
188 B

70ms
69ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VTEVBSTMtUy1KUjVL&google_push=AQvitUKI0AHWNsmAk265QN-adWcIOFAUV4z5hxFT-oqPO-uO2OmBq12kAtyqI6stsWeVGB4oU4IWr58rJ3zDjK-bldLlN_7YX9o

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 May 2021 22:13:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09VTEVBSTMtUy1KUjVL&google_push=AQvitUKI0AHWNsmAk265QN-adWcIOFAUV4z5hxFT-oqPO-uO2OmBq12kAtyqI6stsWeVGB4oU4IWr58rJ3zDjK-bldLlN_7YX9o
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame A9BF
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhq...

0
0

GET
H2 200 trk
ag.innovid.com/ Frame A9BF 43 B
296 B 71ms
20ms Image
image/gif 2a05:d01c:1d8:8101:ac20:41f1:bf24:9b3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESENghrdEgqfS1wfFXh9a0DDc&google_cver=1&google_push=AQvitUIyOywcAAOWBKbtuG3idVi4MFBELlMKeyb3dnnEBdFH1piIYsS_jq-Busdcbh1kSBnhMKxX9BexOKuKmFsovJfEodvlffQ4
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6983341711079297&output=html&h=280&adk=1414751727&adf=3346987187&pi=t.aa~a.3790863795~rp.3&w=350&fwrn=4&fwrnh=100&lmt=1621375981&rafmt=1&to=qs&pwprc=5000380890&psa=0&format=350x280&url=http%3A%2F%2Fde.login-vp.com%2Fcnb-bank&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1621375981485&bpp=1&bdt=695&idt=-M&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280&nras=3&correlator=5704546592542&frm=20&pv=1&ga_vid=1921100555.1621375981&ga_sid=1621375981&ga_hid=1612083254&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1005&ady=3120&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060711&oid=3&pvsid=277186302794104&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=j4FhoGLzc3&p=http%3A//de.login-vp.com&dtd=39
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8101:ac20:41f1:bf24:9b3 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 May 2021 22:13:01 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 1
expires: -1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame A9BF
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEMwhy86blDewJ0ReAGIt3j0&google_cver=1&google_push=AQvitULppso3iwinKGEV2coF...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitULppso3iwinKGEV2coF1EjvqqcJe7F_nWbM9ATZiePiNtb1BoqzCAYBoxTrl5PushWkBnJijMp2S-6gVZeL5XXYQ4qVrJ18tQ&google_hm=

170 B
188 B

61ms
61ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitULppso3iwinKGEV2coF1EjvqqcJe7F_nWbM9ATZiePiNtb1BoqzCAYBoxTrl5PushWkBnJijMp2S-6gVZeL5XXYQ4qVrJ18tQ&google_hm=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 May 2021 22:13:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 18 May 2021 22:13:01 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitULppso3iwinKGEV2coF1EjvqqcJe7F_nWbM9ATZiePiNtb1BoqzCAYBoxTrl5PushWkBnJijMp2S-6gVZeL5XXYQ4qVrJ18tQ&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Mon, 17 May 2021 22:13:01 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame A9BF 0
236 B 195ms
60ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KksgyMXO8X9Hws6uFeF0tl_34v6FA-JKVhFz8j5gmrZRKKZWDI60w_EZr-By-JF3V2JJMD4A

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:01 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame 5284 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c76b9ce98859b0d8f6b4d8e82e05cf5d9a773e66dd79a48ab2a19d5b1f6ab459

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 default.css
ad4m.at/0.1.122-318/style/one-ad/ Frame A2EB 58 KB
59 KB 40ms
23ms Stylesheet
text/css 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/0.1.122-318/style/one-ad/default.css
Requested by: Host: ad4m.at
URL: https://ad4m.at/ad/dr?ed=1k19chy52nwdn0qvjyzwj0pxrkbzxjvekmfxdjxardxwrq8mk6q97qkc8rbwh56svbvzdn1qj8654em57pb143cpdbp0taj8bpnhwrgcrgahngacdxh1rh5zk6q1j0qqx1bpxm1yjx31528x54kff9wkjyf5ybz4frkkc3nx61qjfvwmbyy4crpk48674rdnq8pbcc9wgwch2wf8487vq810zvegdmw36grw0frwnvnnmm3ne29nvzcv2xt63cvjp1g383975694b8qk0xpdrbknb049hg5y6vpep468969mgkkrzf4sjfce4xetdrkz4n3x0gvvarpr2apk57k15pn3r9he9qenbarsk9xmp2j1zaqz4z2k7pyrt5pha&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCyjQX7TukYNr_IN_L7_UPg9y90AuQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTY5ODMzNDE3MTEwNzkyOTegAcKu6N0DyAEJqQImGHnx7YG0PqgDAaoE2gFP0NW4vdK28YAhbNTMZy3ePRRTH7RLOSTBMGZwpGLRe-KlEIUcIfLbv98MxEAVoNMG-xmHP2G7WLA_FX1dKQ7zLSMdz6shqhfh1f2H9KHsRSvSKDvYgg5PfyAriiithgLvgkh3EfAlGcoY0KMTgeu9ffg82rGaYy6Dpv6UnbtTmuXUYZkEAWQB1nlaLh7uNqS7ZDBkMyREOH6mQ4Y0-tEWtWP20eUkfxtb6Trs-hA6S1-TubbzIIV54xD6M6I_7nSWZq6qByjwnVQbzE7mTOMz89K8_Xkwn-Ag4oAG7cGWv9bnq5_EAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BvYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1B6tN6rzPTCXGcVNBMS560DiUdVQ%26client%3Dca-pub-6983341711079297%26adurl%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 494627acb3c86254c238efaf66afcaf30d4293c7512a37a72b51a380d55e3880

Request headers

Referer: https://ad4m.at/ad/dr?ed=1k19chy52nwdn0qvjyzwj0pxrkbzxjvekmfxdjxardxwrq8mk6q97qkc8rbwh56svbvzdn1qj8654em57pb143cpdbp0taj8bpnhwrgcrgahngacdxh1rh5zk6q1j0qqx1bpxm1yjx31528x54kff9wkjyf5ybz4frkkc3nx61qjfvwmbyy4crpk48674rdnq8pbcc9wgwch2wf8487vq810zvegdmw36grw0frwnvnnmm3ne29nvzcv2xt63cvjp1g383975694b8qk0xpdrbknb049hg5y6vpep468969mgkkrzf4sjfce4xetdrkz4n3x0gvvarpr2apk57k15pn3r9he9qenbarsk9xmp2j1zaqz4z2k7pyrt5pha&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCyjQX7TukYNr_IN_L7_UPg9y90AuQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTY5ODMzNDE3MTEwNzkyOTegAcKu6N0DyAEJqQImGHnx7YG0PqgDAaoE2gFP0NW4vdK28YAhbNTMZy3ePRRTH7RLOSTBMGZwpGLRe-KlEIUcIfLbv98MxEAVoNMG-xmHP2G7WLA_FX1dKQ7zLSMdz6shqhfh1f2H9KHsRSvSKDvYgg5PfyAriiithgLvgkh3EfAlGcoY0KMTgeu9ffg82rGaYy6Dpv6UnbtTmuXUYZkEAWQB1nlaLh7uNqS7ZDBkMyREOH6mQ4Y0-tEWtWP20eUkfxtb6Trs-hA6S1-TubbzIIV54xD6M6I_7nSWZq6qByjwnVQbzE7mTOMz89K8_Xkwn-Ag4oAG7cGWv9bnq5_EAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BvYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1B6tN6rzPTCXGcVNBMS560DiUdVQ%26client%3Dca-pub-6983341711079297%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=XxVHlg==, md5=RCdMWH7YOCWDIhuwI9UcWg==
date: Tue, 18 May 2021 22:13:01 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 4929234
cf-polished: origSize=59196
x-guploader-uploadid: ABg5-Uy4aivieyuBWrRiQC4_Ppn1uUsCErWp3PCNabOAR1DHIeajjF0MmTZg9JuSRGfocIdDxNZdYx3-JXnC-nTF81uHDLT_kw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 58969
cf-request-id: 0a2323316a00004a9dbf9f0000000001
last-modified: Tue, 16 Mar 2021 10:53:32 GMT
server: cloudflare
etag: "44274c587ed8382583221bb023d51c5a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=W8x%2ByhZ9LxSSByb838EAtzoT4MBUxUMJUVtRWVRVCE6ZKljL0Fb8FgAUA7u604eW9KOq%2B%2FzjOLIGZQP5Cu4DiszEfVZ95i507cMX6AgCZKEHD2vi"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1615892011975494
content-type: text/css
expires: Tue, 22 Mar 2022 20:59:07 GMT
cache-control: public, max-age=31536000, no-transform
x-goog-stored-content-length: 6688
accept-ranges: bytes
cf-ray: 65186e2f0d144a9d-FRA
cf-bgj: minify

GET
H3-29 200 fxpcopuw.js Show response
ad4m.at/ Frame A2EB 36 KB
12 KB 33ms
16ms Script
application/javascript 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/fxpcopuw.js
Requested by: Host: ad4m.at
URL: https://ad4m.at/ad/dr?ed=1k19chy52nwdn0qvjyzwj0pxrkbzxjvekmfxdjxardxwrq8mk6q97qkc8rbwh56svbvzdn1qj8654em57pb143cpdbp0taj8bpnhwrgcrgahngacdxh1rh5zk6q1j0qqx1bpxm1yjx31528x54kff9wkjyf5ybz4frkkc3nx61qjfvwmbyy4crpk48674rdnq8pbcc9wgwch2wf8487vq810zvegdmw36grw0frwnvnnmm3ne29nvzcv2xt63cvjp1g383975694b8qk0xpdrbknb049hg5y6vpep468969mgkkrzf4sjfce4xetdrkz4n3x0gvvarpr2apk57k15pn3r9he9qenbarsk9xmp2j1zaqz4z2k7pyrt5pha&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCyjQX7TukYNr_IN_L7_UPg9y90AuQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTY5ODMzNDE3MTEwNzkyOTegAcKu6N0DyAEJqQImGHnx7YG0PqgDAaoE2gFP0NW4vdK28YAhbNTMZy3ePRRTH7RLOSTBMGZwpGLRe-KlEIUcIfLbv98MxEAVoNMG-xmHP2G7WLA_FX1dKQ7zLSMdz6shqhfh1f2H9KHsRSvSKDvYgg5PfyAriiithgLvgkh3EfAlGcoY0KMTgeu9ffg82rGaYy6Dpv6UnbtTmuXUYZkEAWQB1nlaLh7uNqS7ZDBkMyREOH6mQ4Y0-tEWtWP20eUkfxtb6Trs-hA6S1-TubbzIIV54xD6M6I_7nSWZq6qByjwnVQbzE7mTOMz89K8_Xkwn-Ag4oAG7cGWv9bnq5_EAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BvYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1B6tN6rzPTCXGcVNBMS560DiUdVQ%26client%3Dca-pub-6983341711079297%26adurl%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c01c98dc32c9889b4120afd376d61fe7a172b6cb323b48011b71572a4d97ff8a

Request headers

Referer: https://ad4m.at/ad/dr?ed=1k19chy52nwdn0qvjyzwj0pxrkbzxjvekmfxdjxardxwrq8mk6q97qkc8rbwh56svbvzdn1qj8654em57pb143cpdbp0taj8bpnhwrgcrgahngacdxh1rh5zk6q1j0qqx1bpxm1yjx31528x54kff9wkjyf5ybz4frkkc3nx61qjfvwmbyy4crpk48674rdnq8pbcc9wgwch2wf8487vq810zvegdmw36grw0frwnvnnmm3ne29nvzcv2xt63cvjp1g383975694b8qk0xpdrbknb049hg5y6vpep468969mgkkrzf4sjfce4xetdrkz4n3x0gvvarpr2apk57k15pn3r9he9qenbarsk9xmp2j1zaqz4z2k7pyrt5pha&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCyjQX7TukYNr_IN_L7_UPg9y90AuQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTY5ODMzNDE3MTEwNzkyOTegAcKu6N0DyAEJqQImGHnx7YG0PqgDAaoE2gFP0NW4vdK28YAhbNTMZy3ePRRTH7RLOSTBMGZwpGLRe-KlEIUcIfLbv98MxEAVoNMG-xmHP2G7WLA_FX1dKQ7zLSMdz6shqhfh1f2H9KHsRSvSKDvYgg5PfyAriiithgLvgkh3EfAlGcoY0KMTgeu9ffg82rGaYy6Dpv6UnbtTmuXUYZkEAWQB1nlaLh7uNqS7ZDBkMyREOH6mQ4Y0-tEWtWP20eUkfxtb6Trs-hA6S1-TubbzIIV54xD6M6I_7nSWZq6qByjwnVQbzE7mTOMz89K8_Xkwn-Ag4oAG7cGWv9bnq5_EAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BvYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1B6tN6rzPTCXGcVNBMS560DiUdVQ%26client%3Dca-pub-6983341711079297%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=VHPQMw==, md5=O4FGM/ivTqRkLkRDXbVbMw==
date: Tue, 18 May 2021 22:13:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 17250
x-guploader-uploadid: ABg5-UyHG-hOHMrblKFIYL7z0-xw-9pArwKph-VJrtcWULownBnqKUo-1GLHEGsXvwH8Zp6QorI5FIk9wmVPTpub1M4
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a2323316a00004a9d9e1e4000000001
last-modified: Thu, 06 May 2021 17:25:03 GMT
server: cloudflare
etag: W/"3b814633f8af4ea4642e44435db55b33"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6k%2Fulg7OCkJoMJDlITJXFigC8cAqdSjPgAhHSh1SZj%2FmF80sexM90fNJmhi7iqXCw%2FbhbVgvnR277Wk2g7ZtpxxI9eSFVHsLto99BNw1FahmJ5vO"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1620321903630655
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 12034
cf-ray: 65186e2f0d164a9d-FRA
expires: Tue, 18 May 2021 17:25:31 GMT

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame A2EB 3 KB
4 KB 31ms
15ms Image
image/png 2606:4700:3032::6815:57ae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: ad4m.at
URL: https://ad4m.at/0.1.122-318/style/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:57ae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

Referer: https://ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:01 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6497
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3262
cf-request-id: 0a232331a20000d6f9a2bb4000000001
last-modified: Thu, 08 May 2014 12:48:39 GMT
server: cloudflare
etag: "536b7d27-cbe"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=d1HxVqfVOWMCahAGN6zTWpbHLVUA%2FkkM2G0uWP71cUHT8s7jcWEKuyAXX27Vpivc4YJPr2i2fAQkbB8b39PQ3PEWPkAucGoPJyw73HOKAR%2BAVDMWTv0Pe0QRyNRj4W7xzg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=7200
accept-ranges: bytes
cf-ray: 65186e2f6877d6f9-FRA

GET
H3-29 200 frame.html Show response
ad4m.at/ Frame 69A9 2 KB
2 KB 21ms
20ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad4m.at/ad/dr?ed=1k19chy52nwdn0qvjyzwj0pxrkbzxjvekmfxdjxardxwrq8mk6q97qkc8rbwh56svbvzdn1qj8654em57pb143cpdbp0taj8bpnhwrgcrgahngacdxh1rh5zk6q1j0qqx1bpxm1yjx31528x54kff9wkjyf5ybz4frkkc3nx61qjfvwmbyy4crpk48674rdnq8pbcc9wgwch2wf8487vq810zvegdmw36grw0frwnvnnmm3ne29nvzcv2xt63cvjp1g383975694b8qk0xpdrbknb049hg5y6vpep468969mgkkrzf4sjfce4xetdrkz4n3x0gvvarpr2apk57k15pn3r9he9qenbarsk9xmp2j1zaqz4z2k7pyrt5pha&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCyjQX7TukYNr_IN_L7_UPg9y90AuQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTY5ODMzNDE3MTEwNzkyOTegAcKu6N0DyAEJqQImGHnx7YG0PqgDAaoE2gFP0NW4vdK28YAhbNTMZy3ePRRTH7RLOSTBMGZwpGLRe-KlEIUcIfLbv98MxEAVoNMG-xmHP2G7WLA_FX1dKQ7zLSMdz6shqhfh1f2H9KHsRSvSKDvYgg5PfyAriiithgLvgkh3EfAlGcoY0KMTgeu9ffg82rGaYy6Dpv6UnbtTmuXUYZkEAWQB1nlaLh7uNqS7ZDBkMyREOH6mQ4Y0-tEWtWP20eUkfxtb6Trs-hA6S1-TubbzIIV54xD6M6I_7nSWZq6qByjwnVQbzE7mTOMz89K8_Xkwn-Ag4oAG7cGWv9bnq5_EAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BvYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1B6tN6rzPTCXGcVNBMS560DiUdVQ%26client%3Dca-pub-6983341711079297%26adurl%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad4m.at/ad/dr?ed=1k19chy52nwdn0qvjyzwj0pxrkbzxjvekmfxdjxardxwrq8mk6q97qkc8rbwh56svbvzdn1qj8654em57pb143cpdbp0taj8bpnhwrgcrgahngacdxh1rh5zk6q1j0qqx1bpxm1yjx31528x54kff9wkjyf5ybz4frkkc3nx61qjfvwmbyy4crpk48674rdnq8pbcc9wgwch2wf8487vq810zvegdmw36grw0frwnvnnmm3ne29nvzcv2xt63cvjp1g383975694b8qk0xpdrbknb049hg5y6vpep468969mgkkrzf4sjfce4xetdrkz4n3x0gvvarpr2apk57k15pn3r9he9qenbarsk9xmp2j1zaqz4z2k7pyrt5pha&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCyjQX7TukYNr_IN_L7_UPg9y90AuQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTY5ODMzNDE3MTEwNzkyOTegAcKu6N0DyAEJqQImGHnx7YG0PqgDAaoE2gFP0NW4vdK28YAhbNTMZy3ePRRTH7RLOSTBMGZwpGLRe-KlEIUcIfLbv98MxEAVoNMG-xmHP2G7WLA_FX1dKQ7zLSMdz6shqhfh1f2H9KHsRSvSKDvYgg5PfyAriiithgLvgkh3EfAlGcoY0KMTgeu9ffg82rGaYy6Dpv6UnbtTmuXUYZkEAWQB1nlaLh7uNqS7ZDBkMyREOH6mQ4Y0-tEWtWP20eUkfxtb6Trs-hA6S1-TubbzIIV54xD6M6I_7nSWZq6qByjwnVQbzE7mTOMz89K8_Xkwn-Ag4oAG7cGWv9bnq5_EAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BvYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1B6tN6rzPTCXGcVNBMS560DiUdVQ%26client%3Dca-pub-6983341711079297%26adurl%3D

Response headers

date: Tue, 18 May 2021 22:13:01 GMT
content-type: text/html
x-guploader-uploadid: ABg5-UyHG4nMyrBK5WNqT49HT3fkOWy09Qi7AMHmefEGKv6EedjpZshPX4m1mr0_df4AnWlv4nSV1j8tT1-PHgSflkckYhyoGQ
expires: Tue, 18 May 2021 23:13:01 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
x-goog-generation: 1588777770164783
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
age: 2251026
cache-control: public, max-age=3600
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
cf-request-id: 0a2323319800004a9dbe1c1000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=s3kwrLojp6%2Bz3H3uEhbMEBgyrGfXxEztDFn896k4x1OmRdpymmE63SbWY%2BrpR0RRRrCrteKMdNmUlpMWXT%2FS7ltE%2Fdpr2noUl%2BR88RWDEx0NlhSw"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 65186e2f5d854a9d-FRA
content-encoding: br

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
7 KB 25ms
23ms XHR
application/json 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210511&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1291fac0902b96a4b23f1a84d40a8b5038a5d11c661c766df4edc27815ff54fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 18 May 2021 22:13:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7629
x-xss-protection: 0

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Tue, 18 May 2021 22:13:02 GMT

GET
H2 200 frame.html Show response
ad4mat.net/ Frame 7855 1 KB
991 B 15ms
13ms Document
text/html 2606:4700:3032::6815:57ae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4mat.net/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:57ae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 611c31ecafe54c74f78e765296e1b04c0e51ecdc5f7d62c0c3441732aca01964

Request headers

:method: GET
:authority: ad4mat.net
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:02 GMT
content-type: text/html
last-modified: Thu, 12 Apr 2018 07:50:15 GMT
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=86400
cf-cache-status: HIT
age: 6498
cf-request-id: 0a2323320c0000d6f9f51a7000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=lpw4p6H2thOshd9XE01Z1h%2FFfsYS%2BJX%2BdontE1uDI6lyLPo8KHcdr7Jcd%2Fqyso0pXaod4ngqFFRuFmxIZRylWyQDcS57eestOTf55ytoPWrg6wQyRSJM"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 65186e301966d6f9-FRA
content-encoding: br

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 95E9 12 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://de.login-vp.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://de.login-vp.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Tue, 18 May 2021 22:04:35 GMT
expires: Wed, 18 May 2022 22:04:35 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 507
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 TMm5Vd8VytjbCcmIcJumdaM-J7Gy9TN2HX45D5FEMFw.js Show response
pagead2.googlesyndication.com/bg/ Frame 95E9 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/TMm5Vd8VytjbCcmIcJumdaM-J7Gy9TN2HX45D5FEMFw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4cc9b955df15cad8db09c988709ba675a33e27b1b2f533761d7e390f9144305c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 14:21:07 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 06 May 2021 09:28:00 GMT
server: sffe
age: 28315
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5679
x-xss-protection: 0
expires: Wed, 18 May 2022 14:21:07 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210511&jk=277186302794104&bg=!FhWlFVHNAAY59bwoOfU7ACkAdvg8Wq8kNiPAP78BmrGFe9lODQlIFIwQjrZGbggbzSUES6R9mRLpOwIAAAB8UgAAAAtoAQcKAFhoRn_gV1R9yY9BrQRz8D5P6ul-mGlecq1RvxmZJxykoiVElqiC1F9X5wOJs0eJ9vT7GE1xxuq1SDtkUlrqlEforYCzi-Q-BLKRFF-i7ewKOO-XsE76KHk6mQJRzb9RMmzwokXnS_a7TqCDaNkMHyCB6hE1tbczB-bp-wYaBFhV5QPvducKWNxzlhckzaVCWNUXITBzCFLZRmObsFYm0QNy0073jGPD-65E_-puGA8w8XzQiInxIzC2jFEsNxAQ8Jr8dvivBMAQxmjVN8nwOLuZPpi8QbvgMXFfYDz2AD2S5c06A7SUHEQrAR30bpfAUUHyWvjY-J3N4oFUCbml-UgdZRzEJDpHsKfjP8hv64vLtz_40QlpZtrH0fkPIAeQv-A9isbFmrFymKI9HX-YKKZ6BeHcR1xi-k7E_jS8Csq37nkMPm3ujWPsea0AmjIFbtbVM8yZOc9qE-dtxsonepf9gVwiXeHZ8mZJOllqA-AbAi-rrmJzt4tEm1Nu3nIW6e_navACWytHQ27cGbbLSgGPEkoBcKDsNfKkFreSYBzcK2DQ8KTa_agBYEvOnxbeSuFnWMUUw2atFBA1CS2aXfchwIscvis_sHode0ieJK1eBuY3AnU2LYKxiqsvPD7SWR8ZuFD1sVrbP5Nzy0mHNi4B9CP2TwmgEXJw4-zoR9FbLoGSyWZDUhLzcCpYmzmexpMTDF9HsMNgB8X7omxs_t5VHb2RFLxeZ775XpaJdV-4HnNcU9ApsY2cf7fPWlKNvWIe_GRKE5HIfvQoZo_Ef7Rv0WOPxYbN5hwsn1W7GqE2JqQTHH5MG-w1OGXCezL-sP5qlp0N18pp94RcdQIIpBS8C8erBItTTuEeufp5SbJX6L_MYy4p2uxzMcSXzSuZCnexDwnft5Zv3OWw8bU

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://de.login-vp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 May 2021 22:13:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 rs Show response
ad4m.at/ Frame A2EB 1 KB
2 KB 23ms
23ms XHR
text/plain 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1b84c7063114efb7448aa538680c6fef0eefe80fd45ba68c83bc1b96d7bc2df8

Request headers

Referer: https://ad4m.at/ad/dr?ed=1k19chy52nwdn0qvjyzwj0pxrkbzxjvekmfxdjxardxwrq8mk6q97qkc8rbwh56svbvzdn1qj8654em57pb143cpdbp0taj8bpnhwrgcrgahngacdxh1rh5zk6q1j0qqx1bpxm1yjx31528x54kff9wkjyf5ybz4frkkc3nx61qjfvwmbyy4crpk48674rdnq8pbcc9wgwch2wf8487vq810zvegdmw36grw0frwnvnnmm3ne29nvzcv2xt63cvjp1g383975694b8qk0xpdrbknb049hg5y6vpep468969mgkkrzf4sjfce4xetdrkz4n3x0gvvarpr2apk57k15pn3r9he9qenbarsk9xmp2j1zaqz4z2k7pyrt5pha&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCyjQX7TukYNr_IN_L7_UPg9y90AuQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTY5ODMzNDE3MTEwNzkyOTegAcKu6N0DyAEJqQImGHnx7YG0PqgDAaoE2gFP0NW4vdK28YAhbNTMZy3ePRRTH7RLOSTBMGZwpGLRe-KlEIUcIfLbv98MxEAVoNMG-xmHP2G7WLA_FX1dKQ7zLSMdz6shqhfh1f2H9KHsRSvSKDvYgg5PfyAriiithgLvgkh3EfAlGcoY0KMTgeu9ffg82rGaYy6Dpv6UnbtTmuXUYZkEAWQB1nlaLh7uNqS7ZDBkMyREOH6mQ4Y0-tEWtWP20eUkfxtb6Trs-hA6S1-TubbzIIV54xD6M6I_7nSWZq6qByjwnVQbzE7mTOMz89K8_Xkwn-Ag4oAG7cGWv9bnq5_EAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BvYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1B6tN6rzPTCXGcVNBMS560DiUdVQ%26client%3Dca-pub-6983341711079297%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 18 May 2021 22:13:04 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-backend-server: rs-hn3r
cf-request-id: 0a23233a2300004a9d19801000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mJMoKFR3T2hmBcW6dMr4E1n6%2BmfFf4HtHTWYxmxRnB4jrHJyZ50O1OcpWkcG33%2FadbLLgPYlLEXDI%2FNUZ4uCjgafOZNr27EvR00C3WtQVzVEwLB9"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://ad4m.at
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
access-control-allow-credentials: true
cf-ray: 65186e3d0dc04a9d-FRA

GET
H2 200 rar Show response
as.ad4m.at/ad/ Frame 27F6 9 KB
4 KB 20ms
18ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=6b90aefaf9ad061e0023d7e84b575dd3%2F16921679771943276568&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21erq1ze01e4rqd8yhj9aj7e385jmxtfw71ts8b115t0evegsgc3zmtqb29jd97ee5h484z4krx8bbz7vhd6taq0msm38mxtj20bxs6pgr18e2s6jz9mgsr87jrqdm66x2c8b4t5en4n338j75r67z8dtx7bnjmsh9ppeagsswnk2az405z1qv0wn9p9bbhe47nznas23s7yhczm89gsbdfz4re9ayc4pzb1h1an9bn0whvvb5vfsgw5d7czc%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCyjQX7TukYNr_IN_L7_UPg9y90AuQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTY5ODMzNDE3MTEwNzkyOTegAcKu6N0DyAEJqQImGHnx7YG0PqgDAaoE2gFP0NW4vdK28YAhbNTMZy3ePRRTH7RLOSTBMGZwpGLRe-KlEIUcIfLbv98MxEAVoNMG-xmHP2G7WLA_FX1dKQ7zLSMdz6shqhfh1f2H9KHsRSvSKDvYgg5PfyAriiithgLvgkh3EfAlGcoY0KMTgeu9ffg82rGaYy6Dpv6UnbtTmuXUYZkEAWQB1nlaLh7uNqS7ZDBkMyREOH6mQ4Y0-tEWtWP20eUkfxtb6Trs-hA6S1-TubbzIIV54xD6M6I_7nSWZq6qByjwnVQbzE7mTOMz89K8_Xkwn-Ag4oAG7cGWv9bnq5_EAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BvYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1B6tN6rzPTCXGcVNBMS560DiUdVQ%2526client%253Dca-pub-6983341711079297%2526adurl%253D&y=0&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b7b3e57d1f7017879cf06f884cbc44a7e7316f3f34956e63c3b7dc125458819

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: as.ad4m.at
:scheme: https
:path: /ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=6b90aefaf9ad061e0023d7e84b575dd3%2F16921679771943276568&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21erq1ze01e4rqd8yhj9aj7e385jmxtfw71ts8b115t0evegsgc3zmtqb29jd97ee5h484z4krx8bbz7vhd6taq0msm38mxtj20bxs6pgr18e2s6jz9mgsr87jrqdm66x2c8b4t5en4n338j75r67z8dtx7bnjmsh9ppeagsswnk2az405z1qv0wn9p9bbhe47nznas23s7yhczm89gsbdfz4re9ayc4pzb1h1an9bn0whvvb5vfsgw5d7czc%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCyjQX7TukYNr_IN_L7_UPg9y90AuQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTY5ODMzNDE3MTEwNzkyOTegAcKu6N0DyAEJqQImGHnx7YG0PqgDAaoE2gFP0NW4vdK28YAhbNTMZy3ePRRTH7RLOSTBMGZwpGLRe-KlEIUcIfLbv98MxEAVoNMG-xmHP2G7WLA_FX1dKQ7zLSMdz6shqhfh1f2H9KHsRSvSKDvYgg5PfyAriiithgLvgkh3EfAlGcoY0KMTgeu9ffg82rGaYy6Dpv6UnbtTmuXUYZkEAWQB1nlaLh7uNqS7ZDBkMyREOH6mQ4Y0-tEWtWP20eUkfxtb6Trs-hA6S1-TubbzIIV54xD6M6I_7nSWZq6qByjwnVQbzE7mTOMz89K8_Xkwn-Ag4oAG7cGWv9bnq5_EAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BvYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1B6tN6rzPTCXGcVNBMS560DiUdVQ%2526client%253Dca-pub-6983341711079297%2526adurl%253D&y=0&z=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:04 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-request-id: 0a23233a3f00004a98423c9000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 65186e3d3b414a98-FRA
content-encoding: br

GET
H3-29 200 default.css
as.ad4m.at/ad/style/0.1.5/one-ad/ Frame 27F6 59 KB
7 KB 16ms
15ms Stylesheet
text/css 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.5/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=6b90aefaf9ad061e0023d7e84b575dd3%2F16921679771943276568&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21erq1ze01e4rqd8yhj9aj7e385jmxtfw71ts8b115t0evegsgc3zmtqb29jd97ee5h484z4krx8bbz7vhd6taq0msm38mxtj20bxs6pgr18e2s6jz9mgsr87jrqdm66x2c8b4t5en4n338j75r67z8dtx7bnjmsh9ppeagsswnk2az405z1qv0wn9p9bbhe47nznas23s7yhczm89gsbdfz4re9ayc4pzb1h1an9bn0whvvb5vfsgw5d7czc%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCyjQX7TukYNr_IN_L7_UPg9y90AuQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTY5ODMzNDE3MTEwNzkyOTegAcKu6N0DyAEJqQImGHnx7YG0PqgDAaoE2gFP0NW4vdK28YAhbNTMZy3ePRRTH7RLOSTBMGZwpGLRe-KlEIUcIfLbv98MxEAVoNMG-xmHP2G7WLA_FX1dKQ7zLSMdz6shqhfh1f2H9KHsRSvSKDvYgg5PfyAriiithgLvgkh3EfAlGcoY0KMTgeu9ffg82rGaYy6Dpv6UnbtTmuXUYZkEAWQB1nlaLh7uNqS7ZDBkMyREOH6mQ4Y0-tEWtWP20eUkfxtb6Trs-hA6S1-TubbzIIV54xD6M6I_7nSWZq6qByjwnVQbzE7mTOMz89K8_Xkwn-Ag4oAG7cGWv9bnq5_EAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BvYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1B6tN6rzPTCXGcVNBMS560DiUdVQ%2526client%253Dca-pub-6983341711079297%2526adurl%253D&y=0&z=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6eb2eeb98d7863e83999538cf81b884b389af4236e217f80eb7e6e75bc0113c

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=6b90aefaf9ad061e0023d7e84b575dd3%2F16921679771943276568&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21erq1ze01e4rqd8yhj9aj7e385jmxtfw71ts8b115t0evegsgc3zmtqb29jd97ee5h484z4krx8bbz7vhd6taq0msm38mxtj20bxs6pgr18e2s6jz9mgsr87jrqdm66x2c8b4t5en4n338j75r67z8dtx7bnjmsh9ppeagsswnk2az405z1qv0wn9p9bbhe47nznas23s7yhczm89gsbdfz4re9ayc4pzb1h1an9bn0whvvb5vfsgw5d7czc%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCyjQX7TukYNr_IN_L7_UPg9y90AuQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTY5ODMzNDE3MTEwNzkyOTegAcKu6N0DyAEJqQImGHnx7YG0PqgDAaoE2gFP0NW4vdK28YAhbNTMZy3ePRRTH7RLOSTBMGZwpGLRe-KlEIUcIfLbv98MxEAVoNMG-xmHP2G7WLA_FX1dKQ7zLSMdz6shqhfh1f2H9KHsRSvSKDvYgg5PfyAriiithgLvgkh3EfAlGcoY0KMTgeu9ffg82rGaYy6Dpv6UnbtTmuXUYZkEAWQB1nlaLh7uNqS7ZDBkMyREOH6mQ4Y0-tEWtWP20eUkfxtb6Trs-hA6S1-TubbzIIV54xD6M6I_7nSWZq6qByjwnVQbzE7mTOMz89K8_Xkwn-Ag4oAG7cGWv9bnq5_EAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BvYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1B6tN6rzPTCXGcVNBMS560DiUdVQ%2526client%253Dca-pub-6983341711079297%2526adurl%253D&y=0&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:04 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 116433
cf-polished: origSize=60655
surrogate-control: no-store
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=3600
cf-request-id: 0a23233a5800004a9d9c3d2000000001
cf-ray: 65186e3d5e464a9d-FRA
expires: Tue, 18 May 2021 23:13:04 GMT

GET
H2 200 B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
assets.ad4m.at/logo/ Frame 27F6 18 KB
19 KB 31ms
25ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=6b90aefaf9ad061e0023d7e84b575dd3%2F16921679771943276568&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21erq1ze01e4rqd8yhj9aj7e385jmxtfw71ts8b115t0evegsgc3zmtqb29jd97ee5h484z4krx8bbz7vhd6taq0msm38mxtj20bxs6pgr18e2s6jz9mgsr87jrqdm66x2c8b4t5en4n338j75r67z8dtx7bnjmsh9ppeagsswnk2az405z1qv0wn9p9bbhe47nznas23s7yhczm89gsbdfz4re9ayc4pzb1h1an9bn0whvvb5vfsgw5d7czc%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCyjQX7TukYNr_IN_L7_UPg9y90AuQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTY5ODMzNDE3MTEwNzkyOTegAcKu6N0DyAEJqQImGHnx7YG0PqgDAaoE2gFP0NW4vdK28YAhbNTMZy3ePRRTH7RLOSTBMGZwpGLRe-KlEIUcIfLbv98MxEAVoNMG-xmHP2G7WLA_FX1dKQ7zLSMdz6shqhfh1f2H9KHsRSvSKDvYgg5PfyAriiithgLvgkh3EfAlGcoY0KMTgeu9ffg82rGaYy6Dpv6UnbtTmuXUYZkEAWQB1nlaLh7uNqS7ZDBkMyREOH6mQ4Y0-tEWtWP20eUkfxtb6Trs-hA6S1-TubbzIIV54xD6M6I_7nSWZq6qByjwnVQbzE7mTOMz89K8_Xkwn-Ag4oAG7cGWv9bnq5_EAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BvYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1B6tN6rzPTCXGcVNBMS560DiUdVQ%2526client%253Dca-pub-6983341711079297%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54d35e66675f9cc2ab471d0c389573b5ab0902937b397914a177712b27678a46

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=GT8dCw==, md5=4YyWNM3TGeacJ2VHXynNEw==
date: Tue, 18 May 2021 22:13:04 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 55631
cf-polished: origFmt=png, origSize=35453
x-guploader-uploadid: ABg5-UxOw4oNXwikwUfiTkChJrYWQtGY8orw3fcfTM11QasuRqBvlBfhs6xXhJwbh86lUMk-yy7iywKzvHN3658inXCGp-vNhA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 18872
cf-request-id: 0a23233a5b00004a9868b66000000001
last-modified: Mon, 18 May 2020 12:30:29 GMT
server: cloudflare
etag: "e18c9634cdd319e69c2765475f29cd13"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Qg6sbOlnwBvL1Ovh9Ifq5hZHcMznMFZ7mBdogT5MEUwTvFOx5ILg8rbglyLjv5iwhzuVQS5itQn%2Bo847d6Rv3DPOBxoLfdlPgDayMH5Yutgx6gKoVOMF7O1nvw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1589805029334103
content-type: image/webp
expires: Wed, 19 May 2021 22:13:04 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 35453
accept-ranges: bytes
cf-ray: 65186e3d5b834a98-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 A012F5D8E216B662BCC639EFCE48E0BB093DAE488B3795D30A56E98E58F3F85831088246988EB178E8D9AAEC22C831FEB67C179E776973AC655CFF57EDC5D13C
assets.ad4m.at/product_image/ Frame 27F6 2 KB
2 KB 19ms
14ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/A012F5D8E216B662BCC639EFCE48E0BB093DAE488B3795D30A56E98E58F3F85831088246988EB178E8D9AAEC22C831FEB67C179E776973AC655CFF57EDC5D13C
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=6b90aefaf9ad061e0023d7e84b575dd3%2F16921679771943276568&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21erq1ze01e4rqd8yhj9aj7e385jmxtfw71ts8b115t0evegsgc3zmtqb29jd97ee5h484z4krx8bbz7vhd6taq0msm38mxtj20bxs6pgr18e2s6jz9mgsr87jrqdm66x2c8b4t5en4n338j75r67z8dtx7bnjmsh9ppeagsswnk2az405z1qv0wn9p9bbhe47nznas23s7yhczm89gsbdfz4re9ayc4pzb1h1an9bn0whvvb5vfsgw5d7czc%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCyjQX7TukYNr_IN_L7_UPg9y90AuQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTY5ODMzNDE3MTEwNzkyOTegAcKu6N0DyAEJqQImGHnx7YG0PqgDAaoE2gFP0NW4vdK28YAhbNTMZy3ePRRTH7RLOSTBMGZwpGLRe-KlEIUcIfLbv98MxEAVoNMG-xmHP2G7WLA_FX1dKQ7zLSMdz6shqhfh1f2H9KHsRSvSKDvYgg5PfyAriiithgLvgkh3EfAlGcoY0KMTgeu9ffg82rGaYy6Dpv6UnbtTmuXUYZkEAWQB1nlaLh7uNqS7ZDBkMyREOH6mQ4Y0-tEWtWP20eUkfxtb6Trs-hA6S1-TubbzIIV54xD6M6I_7nSWZq6qByjwnVQbzE7mTOMz89K8_Xkwn-Ag4oAG7cGWv9bnq5_EAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BvYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1B6tN6rzPTCXGcVNBMS560DiUdVQ%2526client%253Dca-pub-6983341711079297%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a1fd9f71c69648edfe742cc8b1d2141a95d063e630aaa06a5cdf5faa50650d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=bJ9ALA==, md5=ejqY/mc9t7JQK9XG0TFuLA==
date: Tue, 18 May 2021 22:13:04 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 157806
cf-polished: origFmt=png, origSize=4031
x-guploader-uploadid: ABg5-UzGiRR4yimbWKfGJZpmBb7Y7HRFdwG_OsOerIJSuqRrvfrFIfTgIYrYfkjPNAsraqsGAdYkDRgmZq7_XAan-8Y
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1598
cf-request-id: 0a23233a5d00004a98731c2000000001
last-modified: Wed, 20 Jan 2021 17:03:56 GMT
server: cloudflare
etag: "7a3a98fe673db7b2502bd5c6d1316e2c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=50XHZ5r%2BIEqAFZV0GTGAzaORFLAxa2dXRU5SuTSRWg5KDLx4ZwzR34to2c79tXi6WVfURSPvfcEftaFlQb7oRpF25ytFud97te4lgyhOeJ6t0AxZ1klTP8w%2F1g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1611162235947637
content-type: image/webp
expires: Wed, 19 May 2021 22:13:04 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 4031
accept-ranges: bytes
cf-ray: 65186e3d6b8d4a98-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 27F6 43 B
703 B 269ms
79ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519498&v=14098&q=368694&r=412871&pv=1&pref3=oneidDjeT3fwfbqPS3HmH9t1twAmF4tmTk8roneid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 18 May 2021 22:13:04 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2 200 092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
assets.ad4m.at/logo/ Frame 27F6 38 KB
39 KB 28ms
24ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=6b90aefaf9ad061e0023d7e84b575dd3%2F16921679771943276568&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21erq1ze01e4rqd8yhj9aj7e385jmxtfw71ts8b115t0evegsgc3zmtqb29jd97ee5h484z4krx8bbz7vhd6taq0msm38mxtj20bxs6pgr18e2s6jz9mgsr87jrqdm66x2c8b4t5en4n338j75r67z8dtx7bnjmsh9ppeagsswnk2az405z1qv0wn9p9bbhe47nznas23s7yhczm89gsbdfz4re9ayc4pzb1h1an9bn0whvvb5vfsgw5d7czc%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCyjQX7TukYNr_IN_L7_UPg9y90AuQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTY5ODMzNDE3MTEwNzkyOTegAcKu6N0DyAEJqQImGHnx7YG0PqgDAaoE2gFP0NW4vdK28YAhbNTMZy3ePRRTH7RLOSTBMGZwpGLRe-KlEIUcIfLbv98MxEAVoNMG-xmHP2G7WLA_FX1dKQ7zLSMdz6shqhfh1f2H9KHsRSvSKDvYgg5PfyAriiithgLvgkh3EfAlGcoY0KMTgeu9ffg82rGaYy6Dpv6UnbtTmuXUYZkEAWQB1nlaLh7uNqS7ZDBkMyREOH6mQ4Y0-tEWtWP20eUkfxtb6Trs-hA6S1-TubbzIIV54xD6M6I_7nSWZq6qByjwnVQbzE7mTOMz89K8_Xkwn-Ag4oAG7cGWv9bnq5_EAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BvYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1B6tN6rzPTCXGcVNBMS560DiUdVQ%2526client%253Dca-pub-6983341711079297%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a636d2c8ace706866349aaf2d1661b25c94a9523ab602e32d106fbba2a2b23

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=EKOc3w==, md5=wqT4IuWoMfO1yrOci8rmHQ==
date: Tue, 18 May 2021 22:13:04 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1132856
cf-polished: origFmt=png, origSize=44613
x-guploader-uploadid: ABg5-UwWzV8Vi9wwWB9_t92BZ3hXsqxnGcNPAW0LaVCSpyGkAeICaRXs_LpZzjWYyirMRzo7C0cmfApc-NiuzLQfsg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 39202
cf-request-id: 0a23233a5d00004a9837300000000001
last-modified: Wed, 22 Jan 2020 13:11:41 GMT
server: cloudflare
etag: "c2a4f822e5a831f3b5cab39c8bcae61d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=cqndX%2FjOS5%2F%2FjfInGwKzGmIOvZ39Jhu9UBAIOd2OUvUz3kvinH3VyYNK0qW4xQ3uz8Ntwtu%2BWb3i%2B4jYGu%2F%2FWEvunBiyfPRaWziseprYPYsk61hyUi0ECIoj0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698701189315
content-type: image/webp
expires: Wed, 19 May 2021 22:13:04 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 44613
accept-ranges: bytes
cf-ray: 65186e3d6b8f4a98-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
assets.ad4m.at/ Frame 27F6 113 KB
113 KB 29ms
25ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=6b90aefaf9ad061e0023d7e84b575dd3%2F16921679771943276568&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21erq1ze01e4rqd8yhj9aj7e385jmxtfw71ts8b115t0evegsgc3zmtqb29jd97ee5h484z4krx8bbz7vhd6taq0msm38mxtj20bxs6pgr18e2s6jz9mgsr87jrqdm66x2c8b4t5en4n338j75r67z8dtx7bnjmsh9ppeagsswnk2az405z1qv0wn9p9bbhe47nznas23s7yhczm89gsbdfz4re9ayc4pzb1h1an9bn0whvvb5vfsgw5d7czc%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCyjQX7TukYNr_IN_L7_UPg9y90AuQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTY5ODMzNDE3MTEwNzkyOTegAcKu6N0DyAEJqQImGHnx7YG0PqgDAaoE2gFP0NW4vdK28YAhbNTMZy3ePRRTH7RLOSTBMGZwpGLRe-KlEIUcIfLbv98MxEAVoNMG-xmHP2G7WLA_FX1dKQ7zLSMdz6shqhfh1f2H9KHsRSvSKDvYgg5PfyAriiithgLvgkh3EfAlGcoY0KMTgeu9ffg82rGaYy6Dpv6UnbtTmuXUYZkEAWQB1nlaLh7uNqS7ZDBkMyREOH6mQ4Y0-tEWtWP20eUkfxtb6Trs-hA6S1-TubbzIIV54xD6M6I_7nSWZq6qByjwnVQbzE7mTOMz89K8_Xkwn-Ag4oAG7cGWv9bnq5_EAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BvYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1B6tN6rzPTCXGcVNBMS560DiUdVQ%2526client%253Dca-pub-6983341711079297%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85a096c073faa7b2f0cd16adf42aef4c64f0e2b34dedcd1379b6cc48e126f7fa

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=UWAYGw==, md5=A1esecs/9FudVn6rgMfjTA==
date: Tue, 18 May 2021 22:13:04 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 438324
cf-polished: origFmt=png, origSize=136328
x-guploader-uploadid: ABg5-UzUZIcCBFc2yRHVskFkCHgIz-FjGHX-yNU58TQRA1v2Vn4M_mR1Clqu4zD4eYe2DHYymBnsXa-fC2xIXXhTEY44ynzw5g
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 115268
cf-request-id: 0a23233a5f00004a9844a6c000000001
last-modified: Tue, 29 Oct 2019 09:42:57 GMT
server: cloudflare
etag: "0357ac79cb3ff45b9d567eab80c7e34c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=J3pNtRen8QjZqCq51BurcU1nrK92bx8B%2BT5XQ3%2BYcBDZukKBNYFpI7icdGm8V%2BeW0nGSYk6hGW8MRcfkic2LZhDcdq0luBjaT6wYdLFz7qm2qphS5Cnz9HQjMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1572342177666668
content-type: image/webp
expires: Wed, 19 May 2021 22:13:04 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 136328
accept-ranges: bytes
cf-ray: 65186e3d6b914a98-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 27F6 43 B
704 B 268ms
78ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2338586&v=11830&q=357066&r=412871&pv=1&pref3=oneidDjeT3fwfe9T3HmH9t1tEjxT4tmTk8roneid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 18 May 2021 22:13:04 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2 200 E8A0B3404CF65D67FABF74F38D2E787E97D75F650E6720B8A047EFE226A7A598DA94FFCF3CDCC52A3B206A422DD3D5082778689277BC79BF962DEE607C6331D8
assets.ad4m.at/logo/ Frame 27F6 38 KB
38 KB 28ms
25ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/E8A0B3404CF65D67FABF74F38D2E787E97D75F650E6720B8A047EFE226A7A598DA94FFCF3CDCC52A3B206A422DD3D5082778689277BC79BF962DEE607C6331D8
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=6b90aefaf9ad061e0023d7e84b575dd3%2F16921679771943276568&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21erq1ze01e4rqd8yhj9aj7e385jmxtfw71ts8b115t0evegsgc3zmtqb29jd97ee5h484z4krx8bbz7vhd6taq0msm38mxtj20bxs6pgr18e2s6jz9mgsr87jrqdm66x2c8b4t5en4n338j75r67z8dtx7bnjmsh9ppeagsswnk2az405z1qv0wn9p9bbhe47nznas23s7yhczm89gsbdfz4re9ayc4pzb1h1an9bn0whvvb5vfsgw5d7czc%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCyjQX7TukYNr_IN_L7_UPg9y90AuQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTY5ODMzNDE3MTEwNzkyOTegAcKu6N0DyAEJqQImGHnx7YG0PqgDAaoE2gFP0NW4vdK28YAhbNTMZy3ePRRTH7RLOSTBMGZwpGLRe-KlEIUcIfLbv98MxEAVoNMG-xmHP2G7WLA_FX1dKQ7zLSMdz6shqhfh1f2H9KHsRSvSKDvYgg5PfyAriiithgLvgkh3EfAlGcoY0KMTgeu9ffg82rGaYy6Dpv6UnbtTmuXUYZkEAWQB1nlaLh7uNqS7ZDBkMyREOH6mQ4Y0-tEWtWP20eUkfxtb6Trs-hA6S1-TubbzIIV54xD6M6I_7nSWZq6qByjwnVQbzE7mTOMz89K8_Xkwn-Ag4oAG7cGWv9bnq5_EAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BvYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1B6tN6rzPTCXGcVNBMS560DiUdVQ%2526client%253Dca-pub-6983341711079297%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d997fba7832cb78b0933a9eb2ce191d53234c978e25c6c8fc50c75923ea8405e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=RkBJ3g==, md5=Kw4C6d3nfjHTjXjXPcaeTw==
date: Tue, 18 May 2021 22:13:04 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2211648
cf-polished: origFmt=png, origSize=77267
x-guploader-uploadid: ABg5-UzoVAfxQFgz6L9HcmHPW2e7eCBHNd0a2b8Kvrug8-8oPgzdAE-ChRdy7eBzZNRyXD7MxjB9gF3gK83zeR6hUB0
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 38696
cf-request-id: 0a23233a5e00004a9868b67000000001
last-modified: Wed, 22 Jan 2020 13:11:48 GMT
server: cloudflare
etag: "2b0e02e9dde77e31d38d78d73dc69e4f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=CmQidL2WKDYQeXoPvyvXCZpFPD0xZKN8WWTnHLmk4f9eGiV%2FZlZP4xqRyH7vwCi0Uu4DibbPd85IikW%2FM86%2Bqos5OEgH5wM1QukAnKxXFnu4KwBH0e3W1wGJYw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698708801217
content-type: image/webp
expires: Wed, 19 May 2021 22:13:04 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 77267
accept-ranges: bytes
cf-ray: 65186e3d6b954a98-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 B45F893E9FFC024BF63F31BCCBD125167CBC3446F3678FC31F706A695A83CDCA7427229BCA4C5992B83E2F60A147FCD1B6148725AA0AF3ABB801A6BB7EA78390
assets.ad4m.at/ Frame 27F6 84 KB
84 KB 17ms
14ms Image
image/jpeg 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/B45F893E9FFC024BF63F31BCCBD125167CBC3446F3678FC31F706A695A83CDCA7427229BCA4C5992B83E2F60A147FCD1B6148725AA0AF3ABB801A6BB7EA78390
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=6b90aefaf9ad061e0023d7e84b575dd3%2F16921679771943276568&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21erq1ze01e4rqd8yhj9aj7e385jmxtfw71ts8b115t0evegsgc3zmtqb29jd97ee5h484z4krx8bbz7vhd6taq0msm38mxtj20bxs6pgr18e2s6jz9mgsr87jrqdm66x2c8b4t5en4n338j75r67z8dtx7bnjmsh9ppeagsswnk2az405z1qv0wn9p9bbhe47nznas23s7yhczm89gsbdfz4re9ayc4pzb1h1an9bn0whvvb5vfsgw5d7czc%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCyjQX7TukYNr_IN_L7_UPg9y90AuQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTY5ODMzNDE3MTEwNzkyOTegAcKu6N0DyAEJqQImGHnx7YG0PqgDAaoE2gFP0NW4vdK28YAhbNTMZy3ePRRTH7RLOSTBMGZwpGLRe-KlEIUcIfLbv98MxEAVoNMG-xmHP2G7WLA_FX1dKQ7zLSMdz6shqhfh1f2H9KHsRSvSKDvYgg5PfyAriiithgLvgkh3EfAlGcoY0KMTgeu9ffg82rGaYy6Dpv6UnbtTmuXUYZkEAWQB1nlaLh7uNqS7ZDBkMyREOH6mQ4Y0-tEWtWP20eUkfxtb6Trs-hA6S1-TubbzIIV54xD6M6I_7nSWZq6qByjwnVQbzE7mTOMz89K8_Xkwn-Ag4oAG7cGWv9bnq5_EAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BvYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1B6tN6rzPTCXGcVNBMS560DiUdVQ%2526client%253Dca-pub-6983341711079297%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4832f5768a8d71f5e7504a48274d822a72e79b39fe43a071c13852097da8ec6b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=e08Zuw==, md5=psibsHmVB2WUau7aQuE9AQ==
date: Tue, 18 May 2021 22:13:04 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2250938
cf-polished: origSize=90165, status=webp_bigger
x-guploader-uploadid: ABg5-UwpHlAtA2qVPfv3ecx4V7j-_tqzuivxuNwBFwB9F0Tqg3buBEkTuErpWsLNYW6yOWM3URGwbMAmc2fRHKIfAFA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 85604
cf-request-id: 0a23233a5e00004a984c87c000000001
last-modified: Wed, 09 Oct 2019 16:06:53 GMT
server: cloudflare
etag: "a6c89bb079950765946aeeda42e13d01"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=uehV98UebHMSscKKTB9Mok6F85w%2FEY8iFq07CiOc2dIrC6Lr4Ws%2BJheHOlIybNX6Cozs%2BEhU0H3IGupwNyd9aY8a3zkZFin9RCHQQ2YXN15%2B%2FIRXpd%2BbUlHPpw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1570637213281727
content-type: image/jpeg
expires: Wed, 19 May 2021 22:13:04 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 90165
accept-ranges: bytes
cf-ray: 65186e3d6b974a98-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK link.html Show response
track.webgains.com/ Frame 27F6 12 KB
12 KB 369ms
134ms Script
text/html 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=713569&wgcampaignid=1384975&js=1&nw=1&clickref=oneidbM4CQfZfp5QFYHbHzt8Cwr5uetJT5Weoneid__dc_reach_suite02wkz&viewref=oneidPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7oneid__dc_reach_suite02wkz
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=6b90aefaf9ad061e0023d7e84b575dd3%2F16921679771943276568&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21erq1ze01e4rqd8yhj9aj7e385jmxtfw71ts8b115t0evegsgc3zmtqb29jd97ee5h484z4krx8bbz7vhd6taq0msm38mxtj20bxs6pgr18e2s6jz9mgsr87jrqdm66x2c8b4t5en4n338j75r67z8dtx7bnjmsh9ppeagsswnk2az405z1qv0wn9p9bbhe47nznas23s7yhczm89gsbdfz4re9ayc4pzb1h1an9bn0whvvb5vfsgw5d7czc%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCyjQX7TukYNr_IN_L7_UPg9y90AuQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTY5ODMzNDE3MTEwNzkyOTegAcKu6N0DyAEJqQImGHnx7YG0PqgDAaoE2gFP0NW4vdK28YAhbNTMZy3ePRRTH7RLOSTBMGZwpGLRe-KlEIUcIfLbv98MxEAVoNMG-xmHP2G7WLA_FX1dKQ7zLSMdz6shqhfh1f2H9KHsRSvSKDvYgg5PfyAriiithgLvgkh3EfAlGcoY0KMTgeu9ffg82rGaYy6Dpv6UnbtTmuXUYZkEAWQB1nlaLh7uNqS7ZDBkMyREOH6mQ4Y0-tEWtWP20eUkfxtb6Trs-hA6S1-TubbzIIV54xD6M6I_7nSWZq6qByjwnVQbzE7mTOMz89K8_Xkwn-Ag4oAG7cGWv9bnq5_EAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BvYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1B6tN6rzPTCXGcVNBMS560DiUdVQ%2526client%253Dca-pub-6983341711079297%2526adurl%253D&y=0&z=0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 242882d776f9fcfbb02c9cc770be9e9081789ced66aaf69cbd2d1b46d23d2d05

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 18 May 2021 22:13:04 GMT
Last-Modified: Tue, 18 May 2021 22:13:04 GMT
Server: Apache
Transfer-Encoding: chunked
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html;charset=utf-8
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 27F6 60 KB
60 KB 174ms
61ms Script
application/javascript 143.204.98.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=713569&wgcampaignid=1384975&js=1&nw=1&clickref=oneidbM4CQfZfp5QFYHbHzt8Cwr5uetJT5Weoneid__dc_reach_suite02wkz&viewref=oneidPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7oneid__dc_reach_suite02wkz
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-5.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f992d4e165a593df5d567f6ad58aae2b9609cc3870a5eb91483268e5b48c3e77

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 07:59:27 GMT
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
last-modified: Thu, 22 Apr 2021 14:01:05 GMT
server: AmazonS3
age: 51218
etag: "4f1db9fdf90b4f2a5576501528dc54bc"
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 61124
x-amz-cf-id: u61DDP0BLtuZRUyCIv5QW_MBXGrDf6HhlExCnlk2WrH6QIzWH8e23g==

GET
H/1.1 200
OK hit Show response
diapi.webgains.com/2.0/ Frame 27F6 79 B
374 B 267ms
77ms Script
text/javascript 81.29.72.47
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://diapi.webgains.com/2.0/hit?callback=hitCallback&wgpayload=78a44iFBBNlY5Du4UXuKrnZ2CI9XkPrwVL6tqAhbrmQmkqlE4Ww.GEFF0Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6STpjB9TjQDKMhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7spjt.gEngMQEjZr_WhXTA2s.XTVV26y8GGEDd5ihORoVyFGh8cmvSuCKzIlnY6xljQlpRDuxfTNJxTqRejPm8LKfAaZ4ySy.aPjftcktBttIVugwcAuyPBDjaY2ftckuyPBB2SCX0iakJ1Xd_CquW.QhRhk6Hb9LarUqUdHz16rgPtFFg4Jh5DtOQs.BN1eNBRMgRe4GSr_Jz9_z16sZPuVr914VecL57GY5BNv_0TjV.2Z6&wgcookie=%7B%22wgifp12607%22%3A%5B%221384975%22%2C%2212607%22%2C%22713569%22%2C%22%22%2C%221621375984%22%2C%22%22%2C%22%22%2C%22%22%2C%221776895984%22%2C%22oneidPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7oneid__dc_reach_suite02wkz%22%5D%7D&wgchecksum=a08a9cd4d39a0af99b109dbca84a015a&userIP=195.181.166.68&doAffectv=1&wgtime=1621375984
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=713569&wgcampaignid=1384975&js=1&nw=1&clickref=oneidbM4CQfZfp5QFYHbHzt8Cwr5uetJT5Weoneid__dc_reach_suite02wkz&viewref=oneidPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7oneid__dc_reach_suite02wkz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.29.72.47 Croydon, United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 81-29-72-47.servers.dedipower.net
Software: Apache /
Resource Hash: 17b47a1ed2cd2e1ec86f4735497e2956eb34be0a66fc20b427148f65c6ebaca5

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 18 May 2021 22:13:04 GMT
Server: Apache
Connection: close
Content-Length: 79
Content-Type: text/javascript;charset=utf-8

GET
H/1.1 200
OK link.html
track.webgains.com/ Frame 27F6 85 KB
85 KB 189ms
66ms Image
image/png 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgcampaignid=1384975&viewref=oneidpA9u1fgfj9WfKC4HmtztQ7Yhbt7tERYoneid__webplexmedia_advancedad_Desktop_300x250&wglinkid=713569
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=6b90aefaf9ad061e0023d7e84b575dd3%2F16921679771943276568&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D21erq1ze01e4rqd8yhj9aj7e385jmxtfw71ts8b115t0evegsgc3zmtqb29jd97ee5h484z4krx8bbz7vhd6taq0msm38mxtj20bxs6pgr18e2s6jz9mgsr87jrqdm66x2c8b4t5en4n338j75r67z8dtx7bnjmsh9ppeagsswnk2az405z1qv0wn9p9bbhe47nznas23s7yhczm89gsbdfz4re9ayc4pzb1h1an9bn0whvvb5vfsgw5d7czc%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCyjQX7TukYNr_IN_L7_UPg9y90AuQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTY5ODMzNDE3MTEwNzkyOTegAcKu6N0DyAEJqQImGHnx7YG0PqgDAaoE2gFP0NW4vdK28YAhbNTMZy3ePRRTH7RLOSTBMGZwpGLRe-KlEIUcIfLbv98MxEAVoNMG-xmHP2G7WLA_FX1dKQ7zLSMdz6shqhfh1f2H9KHsRSvSKDvYgg5PfyAriiithgLvgkh3EfAlGcoY0KMTgeu9ffg82rGaYy6Dpv6UnbtTmuXUYZkEAWQB1nlaLh7uNqS7ZDBkMyREOH6mQ4Y0-tEWtWP20eUkfxtb6Trs-hA6S1-TubbzIIV54xD6M6I_7nSWZq6qByjwnVQbzE7mTOMz89K8_Xkwn-Ag4oAG7cGWv9bnq5_EAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BvYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1B6tN6rzPTCXGcVNBMS560DiUdVQ%2526client%253Dca-pub-6983341711079297%2526adurl%253D&y=0&z=0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 272d25a3bc4e780b90797dc968a382dbccaa40157d7612ace2f59f2768a6bb86

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 18 May 2021 22:13:04 GMT
Last-Modified: Tue, 18 May 2021 22:13:04 GMT
Server: Apache
Transfer-Encoding: chunked
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: image/png
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK fp_decode.html Show response
track.webgains.com/ Frame 27F6 63 B
270 B 312ms
87ms Fetch
application/json 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/fp_decode.html?wgpayload=.8a44iFBBNlY5Du4UXuKrnZ2CI9XkPrwVL6tqAhbrmQmkqlE4Ww.GEFF0Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6STpjB9TjQDKMhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7spjt.gEngMQEjZr_WhXTA2s.XTVV26y8GGEDd5ihORoVyFGh8cmvSuCKzIlnY6xljQlpRDuxfTNJxTqRejPm8LKfAaZ4ySy.aPjftcktBttIVugwcAuyPBDjaY2ftckuyPBB2SCX0iakJ1Xd_CquWumWiLs2dI_AIQjvEodUW2vqCRc7L1eLY6SKw.5B0KB5DAqDK1civmeU_HzW2wHCSFQ_01kKJA237lY5BSmVjMk.96t
Requested by: Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 84f8704bdc07ab2809b5a9dd028ef0c9e0001bd0b21c32fc06c18231069a581e

Request headers

Accept: application/json
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 18 May 2021 22:13:05 GMT
Server: Apache
Connection: close
Keep-Alive: timeout=1, max=100
Content-Length: 63
Content-Type: application/json

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 216ms
67ms Preflight 54.72.18.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Server: 54.72.18.9 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-18-9.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://as.ad4m.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 18 May 2021 22:13:05 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 27F6 16 B
232 B 108ms
108ms Fetch
application/json 54.72.18.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.72.18.9 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-72-18-9.eu-west-1.compute.amazonaws.com

Software

nginx / PHP/7.3.27

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 18 May 2021 22:13:05 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.3.27
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

GET
H2 200 tech-essence-clk.min.js Show response
analytics-wg.webgains.io/ Frame 27F6 44 KB
45 KB 57ms
54ms Script
application/javascript 143.204.98.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics-wg.webgains.io/tech-essence-clk.min.js
Requested by: Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-5.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 97cfbffddbcbf00dcf4b38e122383cbc49f8bde482552271ef0a127ea03e5ae5

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 19:29:47 GMT
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
last-modified: Tue, 02 Feb 2021 10:42:29 GMT
server: AmazonS3
age: 9798
etag: "8c03dbb33c82f21c7644b0fbe99c300a"
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 45522
x-amz-cf-id: ktkmCKA5nja4FlU2UNzJ0NN6LEnLc4ktXIUmlv5kCMb-odo3y8ksvw==

GET
H2 200 tag Show response
w-it.m-t.io/ Frame 27F6 18 B
205 B 58ms
25ms Script
application/javascript 2a00:1450:4001:808::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://w-it.m-t.io/tag?type=impr&date=1621375985742
Requested by: Host: analytics-wg.webgains.io
URL: https://analytics-wg.webgains.io/tech-essence-clk.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: f981ac999350c901e815738482797ae651bd0d240aae589d56f5b027ad9715da

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 22:13:05 GMT
content-encoding: gzip
server: Google Frontend
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
x-cloud-trace-context: 85b470b9f79710b4ad4b3d1ad6e7e310
cache-control: private
content-length: 38

GET
H2 200 track Show response
w-it.m-t.io/ Frame 27F6 0
75 B 22ms
21ms Script
application/javascript 2a00:1450:4001:808::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://w-it.m-t.io/track?campaignId=1384975&clickId=12607_1384975_16213759845074_87fb447134&programId=12607&expiry=1776895984&acc=wg&scriptTag=&type=postview&indicator=df7fdf376058e01a1608907c6397971c&
Requested by: Host: analytics-wg.webgains.io
URL: https://analytics-wg.webgains.io/tech-essence-clk.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-cloud-trace-context: ff74684b8f2686aeb88902c056403edf
server: Google Frontend
date: Tue, 18 May 2021 22:13:05 GMT
content-length: 0
content-type: application/javascript;charset=utf-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKQ77Vwet3b1a4eOzOTF_gAAAOsAAAAB&google_cver=1&google_gid=CAESENJmUwXpUQJhAkLZ2KzhsG0&google_push=AQvitUIQMN3itiwT33j755OFwtzaCIIE2wbhqf7h-jKUK8CO7OuRXXpFuvssbjuozjHPl52uh6EFAaZBUTdzAI_urug6sIIWDWAc

Verdicts & Comments Add Verdict or Comment

79 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 03:44:31	Name: IDE Value: AHWqTUlR5RtYYmkZdCCSz-EiYt_iN1iGk099_FsPVrJ5CHW6Vh80v8gx4mNDIOkXrQI
.login-vp.com/	1970-01-20 03:44:31	Name: __gads Value: ID=4aaf530d8808c1bd-222e4c4217c800ac:T=1621375981:RT=1621375981:S=ALNI_MZ9eY9LXE2-x_80dnL2mkln5Fq3fw
.login-vp.com/	1970-01-20 11:54:07	Name: _ga Value: GA1.1.1921100555.1621375981
.login-vp.com/	1970-01-20 11:54:07	Name: _ga_LFL5HW1V30 Value: GS1.1.1621375980.1.0.1621375980.0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://analytics.webgains.io/pvClk.min.js(Line 1) Message: Webgains [object Object]

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad4m.at
ad4mat.net
adservice.google.com
adservice.google.de
ag.innovid.com
analytics-wg.webgains.io
analytics.webgains.io
api.webgains.io
as.ad4m.at
assets.ad4m.at
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
de.login-vp.com
diapi.webgains.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
image6.pubmatic.com
login-vp.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
portal-db.live
prod-rtb.ad4mat.net
rtb.openx.net
static-de.ad4mat.net
tpc.googlesyndication.com
track.webgains.com
w-it.m-t.io
www.awin1.com
www.google-analytics.com
www.googletagmanager.com
www.googletagservices.com
cm.g.doubleclick.net
104.111.239.217
139.177.207.225
143.204.98.5
172.217.16.130
172.217.23.98
185.64.190.78
217.182.200.19
2600:1901:0:76b9::
2606:4700:20::681a:ad1
2606:4700:3032::6815:57ae
2606:4700:3033::6815:2561
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2a00:1450:4001:801::200a
2a00:1450:4001:802::2001
2a00:1450:4001:802::2003
2a00:1450:4001:808::2013
2a00:1450:4001:809::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:810::2008
2a00:1450:4001:811::2002
2a00:1450:4001:813::2002
2a00:1450:4001:828::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::200e
2a03:2880:f045:10:face:b00c:0:3
2a05:d01c:1d8:8101:ac20:41f1:bf24:9b3
35.186.253.211
45.79.27.228
46.236.13.147
54.72.18.9
69.173.144.138
81.29.72.47
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c4dbe4fcd9aa17731dbe27f053b03e60f11dd9561fcbf1faafe86f7c4b86173
0c889baa24e49e0b4574ae6d7d034c14df70d13ff229b4de038fa22f211b6d08
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
1291fac0902b96a4b23f1a84d40a8b5038a5d11c661c766df4edc27815ff54fd
17b47a1ed2cd2e1ec86f4735497e2956eb34be0a66fc20b427148f65c6ebaca5
1b84c7063114efb7448aa538680c6fef0eefe80fd45ba68c83bc1b96d7bc2df8
1e22927b700cf19b85c8eba2eab2c5b66b195e02eed0bccef14963d7609ee2d1
2227bcfe6825425df00844a0251571f00cbd4341842c23812962abfc5eaa0819
242882d776f9fcfbb02c9cc770be9e9081789ced66aaf69cbd2d1b46d23d2d05
272d25a3bc4e780b90797dc968a382dbccaa40157d7612ace2f59f2768a6bb86
2a138f5a790f47f9c8e1b3b6c88ea4fecb1abd1b1011a7d842b721d2fa943ed3
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e
336bb30461d407ee72236de87aca4fe68d611e1bee0030326778c858a4685b1c
35d0dd68824ade6374d7fa5e1eac626f0392d4eeb2007b283f9d092695edeecb
36c106ca46ee3c0976d1b67a09aab1853a32c48e05dad7a46b58940aa1a1b57d
36cce5cae3d2e0045b2b2b6cbffdad7a0aba3e99919cc219bbf0578efdc45585
39319b0d60b3aacabf57aba9c00f65cb01c3d1dd36aeffb41bbe6e9de01fa9df
3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019
4373a7c880f00a8373da62d923fdb65d84317ae8755e8a66b48e098b29adf53f
4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf
4832f5768a8d71f5e7504a48274d822a72e79b39fe43a071c13852097da8ec6b
494627acb3c86254c238efaf66afcaf30d4293c7512a37a72b51a380d55e3880
4cc9b955df15cad8db09c988709ba675a33e27b1b2f533761d7e390f9144305c
4cee2ec512f868c345f558cc81ef3e9e22c076c4888c72cc8b1d1b289842478f
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
51347e5b4036f4ff0a92ba97e5daef833e73439c5a3ff34e530179da33082cc0
54d35e66675f9cc2ab471d0c389573b5ab0902937b397914a177712b27678a46
5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
611c31ecafe54c74f78e765296e1b04c0e51ecdc5f7d62c0c3441732aca01964
66f661926ae6c1e13c6b2169733476eb03b9be46e333e5f81eab69a5b0d27ace
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
6b7b3e57d1f7017879cf06f884cbc44a7e7316f3f34956e63c3b7dc125458819
6cc628e53fa1884beaeefc60f6bc08a68f6a49037371a3b7316fe8062ad1e130
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
76cce5465f6ef2aecd7bfa79d77aa732945d8ec2bc93c16db70bead01634d6a1
798898b50f4590c8c1ee20b29a2977752ced895e4659be3bb3c4f1de6407321e
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
79a1fd9f71c69648edfe742cc8b1d2141a95d063e630aaa06a5cdf5faa50650d
79a636d2c8ace706866349aaf2d1661b25c94a9523ab602e32d106fbba2a2b23
7e1cd4509233853425cafd689119c000565c4cb44f451ec1c248e5c4e91f0b33
7f3145c87d3570154f633975e8a4f8d30aa38603edaba145501e9c90ddbe186c
7fab3f3b6c74294d7a1775b2076bfe090ae5fc7b0f3165a6f73017f3d7c0e5f1
84f8704bdc07ab2809b5a9dd028ef0c9e0001bd0b21c32fc06c18231069a581e
85a096c073faa7b2f0cd16adf42aef4c64f0e2b34dedcd1379b6cc48e126f7fa
885f49feb8e498aa65425db9775be10ed3f99632f29734472fd4036079bc7c75
89193e20761849411588763243bbdad79d084aac4651c2917c9edfc9a46ec908
8cf5ca6fe033c49aef317b510a54d4a36f9200278a3960337b526b4ced7dde88
8cfa13213e0e044b46b217595186161312bc1a90d34e637fb9361a82341a26d6
8f5315ed9f5e070e85a60e405d9aac92286319c20c2fcb39cc2d6c01090c652d
927ed0086a3612da7a5a8da3cd723ad45a84ade4161f885f6c6a4c5c9ec38ebc
96f7e71f0d3a77aba48e72cdf117ae6bf70b3b143463ee88629985c249c97d0d
979945cfae928c5ad7fdf1256c32a2b6e12a7c86f6774a7cd41d8aa542720e64
97cfbffddbcbf00dcf4b38e122383cbc49f8bde482552271ef0a127ea03e5ae5
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9eab240aa1579cd829366df5b73a9376ad0d3b7279ce6fb69315caa0222e6078
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a32103059d288257e1cfc589470a0ce5c146f2cb2530e2bef92fca723c4234ad
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a
a771db742c2a7688324e3750fbb0a1c5cb07034dd2cd5a4e48bd9593988119be
a837f051ac8249ce2e1c0215298ef878bc3b3017bc2b8e5bdea1cd88e8e1e54c
a8a63d4068def45025d00d6942b874e65109f9721784c3840a34f245b222a5b8
ab62007cefe281885ed8e628a4cbc3852e2f2f1c25e98e12561a6d81167c747d
aeec355c5253b6331b21fe54fef82488f857b9cb2c0f50069ed86d5f7e37612b
af718a9183e0dec5fec9c68726f4bb03eb19d332ed9140aef29aafd328222023
b76d936cdbcbf9a542371b4adbbcb0883c72aa8494632447a0e8cab706212804
c01c98dc32c9889b4120afd376d61fe7a172b6cb323b48011b71572a4d97ff8a
c5ab911a57f9ba75666ced4f9b25acaf1eb78075f98d8d3e2785a593d0d52129
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c643e72fa16a0a9bce413c5047cf216fda281eeb4a47ac538807620c5a964439
c6eb2eeb98d7863e83999538cf81b884b389af4236e217f80eb7e6e75bc0113c
c76b9ce98859b0d8f6b4d8e82e05cf5d9a773e66dd79a48ab2a19d5b1f6ab459
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4
d86e98e5c29e7a6cda4fe7a8b623dd49ba415cc072066f09de985adbc322d25b
d997fba7832cb78b0933a9eb2ce191d53234c978e25c6c8fc50c75923ea8405e
da793eada5850ecee8fc84ef5fc79b9d5bf9f74504c0e74cdbda602aff8baf40
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb1249871aedd4a8aca8bacf8dc546638362ebf4aa3d8c92a253ba89f41fe437
f0893856b554c60f747201fd6efbfa01d29ed4c7f1ae0422e534050eba48b194
f35d7fdc8e1577d304b580887ba55ded5946566031d89a8b139c09b820963df5
f981ac999350c901e815738482797ae651bd0d240aae589d56f5b027ad9715da
f992d4e165a593df5d567f6ad58aae2b9609cc3870a5eb91483268e5b48c3e77

de.login-vp.com Open in urlscan Pro 139.177.207.225 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

89 Requests

97 %HTTPS

61 %IPv6

25 Domains

35 Subdomains

30 IPs

6 Countries

1537 kBTransfer

3063 kBSize

4 Cookies

20 Outgoing links

Redirected requests

89 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

de.login-vp.com Open in urlscan Pro
139.177.207.225 Public Scan

Screenshot
Live screenshot

Full Image

89
Requests

97 %
HTTPS

61 %
IPv6

25
Domains

35
Subdomains

30
IPs

6
Countries

1537 kB
Transfer

3063 kB
Size

4
Cookies

89 HTTP transactions
13 data transactions