mypaylogin.com Open in urlscan Pro
199.192.23.231 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://mypaylogin.com/
Effective URL:
https://mypaylogin.com/
Submission: On March 27 via manual (March 27th 2023, 3:46:07 pm UTC) from US — Scanned from DE

Summary HTTP 195 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 36 IPs in 7 countries across 32 domains to perform 195 HTTP transactions. The main IP is 199.192.23.231, located in United States and belongs to NAMECHEAP-NET, US. The main domain is mypaylogin.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 7th 2022. Valid for: a year.

This is the only time mypaylogin.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 34	199.192.23.231 199.192.23.231	22612 (NAMECHEAP...) (NAMECHEAP-NET)
26	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
1	13.32.99.51 13.32.99.51	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
7	68.71.249.118 68.71.249.118	20093 (ZEROLAG) (ZEROLAG)
25	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1	2600:9000:223... 2600:9000:223c:ca00:c:abe:f440:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
1	18.197.187.90 18.197.187.90	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:36::178	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
3	2600:9000:21a... 2600:9000:21a1:f200:5:c4ab:c3c0:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2620:116:800d... 2620:116:800d:21:c5a4:625:6563:a5bb	16509 (AMAZON-02) (AMAZON-02)
2 2	185.89.210.153 185.89.210.153	29990 (ASN-APPNEX) (ASN-APPNEX)
3 3	198.47.127.18 198.47.127.18	62713 (AS-PUBMATIC) (AS-PUBMATIC)
5 12	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
1 1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	185.64.190.81 185.64.190.81	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 5	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2 2	54.78.191.40 54.78.191.40	16509 (AMAZON-02) (AMAZON-02)
2 2	3.75.62.37 3.75.62.37	16509 (AMAZON-02) (AMAZON-02)
1	69.166.1.12 69.166.1.12	27630 (AS-XFERNET) (AS-XFERNET)
2	2600:9000:223... 2600:9000:223c:7a00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 33	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
2 4	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1 1	209.140.136.209 209.140.136.209	11643 (EBAY) (EBAY)
1	23.206.209.4 23.206.209.4	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	185.89.210.180 185.89.210.180	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	34.246.96.48 34.246.96.48	16509 (AMAZON-02) (AMAZON-02)
9	2a00:1450:400... 2a00:1450:4001:82b::2006	15169 (GOOGLE) (GOOGLE)
1	2a02:fa8:8806... 2a02:fa8:8806:20::2010	41041 (VCLK-EU-SE) (VCLK-EU-SE)
2 2	18.197.15.234 18.197.15.234	16509 (AMAZON-02) (AMAZON-02)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
2 2	37.157.2.234 37.157.2.234	198622 (ADFORM) (ADFORM)
1 1	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
2	2600:9000:223... 2600:9000:223f:c800:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2600:1f13:800... 2600:1f13:800:7781:597a:4662:4114:69b9	16509 (AMAZON-02) (AMAZON-02)
195	36

34 199.192.23.231 (United States) 1 redirects

ASN22612 (NAMECHEAP-NET, US)
PTR: exactly-although.quarantine-pnap.web-hosting.com

mypaylogin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.99.51 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-51.fra60.r.cloudfront.net

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 68.71.249.118 (Picton, Canada)

ASN20093 (ZEROLAG, US)

udmserve.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:ca00:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.197.187.90 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-187-90.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:36::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:21a1:f200:5:c4ab:c3c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

bid.underdog.media	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:c5a4:625:6563:a5bb (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.210.153 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 198.47.127.18 (United States) 3 redirects

ASN62713 (AS-PUBMATIC, US)

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 172.217.18.2 (United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s22-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.81 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.80.39.216 (Canada) 3 redirects

ASN27381 (CASALE-MEDIA, CA)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.78.191.40 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-78-191-40.eu-west-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.75.62.37 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.166.1.12 (United States)

ASN27630 (AS-XFERNET, US)

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223c:7a00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn1.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.140.136.209 (United States) 1 redirects

ASN11643 (EBAY, US)
PTR: andes-public-lvsaz01-1-1.ebay.com

www.ebayadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.206.209.4 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-206-209-4.deploy.static.akamaitechnologies.com

secureir.ebaystatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.210.180 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.246.96.48 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-246-96-48.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82b::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:20::2010 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.197.15.234 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-15-234.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.2.234 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.115 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.130 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223f:c800:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:1f13:800:7781:597a:4662:4114:69b9 (Boardman, United States)

ASN16509 (AMAZON-02, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
59	googlesyndication.com 1 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 108 tpc.googlesyndication.com — Cisco Umbrella Rank: 135	692 KB
34	mypaylogin.com 1 redirects mypaylogin.com	476 KB
32	doubleclick.net 5 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 29 cm.g.doubleclick.net — Cisco Umbrella Rank: 206 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 319	193 KB
10	gstatic.com fonts.gstatic.com www.gstatic.com encrypted-tbn1.gstatic.com	198 KB
9	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 283	118 KB
9	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 747 static.adsafeprotected.com — Cisco Umbrella Rank: 575 dt.adsafeprotected.com — Cisco Umbrella Rank: 530	98 KB
7	google.com 2 redirects adservice.google.com — Cisco Umbrella Rank: 68 www.google.com — Cisco Umbrella Rank: 2	2 KB
7	udmserve.net udmserve.net — Cisco Umbrella Rank: 3022	9 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 187	291 KB
6	pubmatic.com 6 redirects image8.pubmatic.com — Cisco Umbrella Rank: 634 image2.pubmatic.com — Cisco Umbrella Rank: 858 image4.pubmatic.com — Cisco Umbrella Rank: 942 image6.pubmatic.com — Cisco Umbrella Rank: 731	2 KB
6	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	5 KB
5	casalemedia.com 3 redirects ssum-sec.casalemedia.com — Cisco Umbrella Rank: 431 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 535	3 KB
4	adnxs.com 3 redirects secure.adnxs.com — Cisco Umbrella Rank: 389 ib.adnxs.com — Cisco Umbrella Rank: 210	4 KB
3	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 986 pixel.quantserve.com — Cisco Umbrella Rank: 779	10 KB
3	underdog.media bid.underdog.media — Cisco Umbrella Rank: 17553	184 KB
3	google.de adservice.google.de — Cisco Umbrella Rank: 8820	818 B
3	google-analytics.com google-analytics.com — Cisco Umbrella Rank: 16 www.google-analytics.com — Cisco Umbrella Rank: 25 region1.google-analytics.com — Cisco Umbrella Rank: 2368	20 KB
3	sharethis.com platform-api.sharethis.com — Cisco Umbrella Rank: 4615 buttons-config.sharethis.com — Cisco Umbrella Rank: 6055 l.sharethis.com — Cisco Umbrella Rank: 4893	45 KB
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 549	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 743	2 KB
2	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 926	1 KB
2	yahoo.com 2 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 277	547 B
2	360yield.com 2 redirects ad.360yield.com — Cisco Umbrella Rank: 651	648 B
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 5893	557 B
1	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 1976	173 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 31935	610 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2710	104 B
1	ebaystatic.com secureir.ebaystatic.com — Cisco Umbrella Rank: 6020	602 B
1	ebayadservices.com 1 redirects www.ebayadservices.com — Cisco Umbrella Rank: 6545	696 B
1	sonobi.com sync.go.sonobi.com — Cisco Umbrella Rank: 856	500 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 886	608 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	68 KB
195	32

	Domain	Requested by
34	mypaylogin.com	1 redirects mypaylogin.com
33	tpc.googlesyndication.com	1 redirects googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
26	pagead2.googlesyndication.com	mypaylogin.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
18	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net mypaylogin.com
12	cm.g.doubleclick.net	5 redirects googleads.g.doubleclick.net
9	s0.2mdn.net	mypaylogin.com s0.2mdn.net googleads.g.doubleclick.net
7	udmserve.net	mypaylogin.com bid.underdog.media
6	www.gstatic.com	googleads.g.doubleclick.net
6	www.googletagservices.com	googleads.g.doubleclick.net
6	fonts.googleapis.com	mypaylogin.com googleads.g.doubleclick.net
5	dt.adsafeprotected.com	googleads.g.doubleclick.net
4	www.google.com	2 redirects tpc.googlesyndication.com googleads.g.doubleclick.net
3	dsum-sec.casalemedia.com	1 redirects googleads.g.doubleclick.net
3	image8.pubmatic.com	3 redirects
3	bid.underdog.media	udmserve.net bid.underdog.media
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
2	static.adsafeprotected.com	googleads.g.doubleclick.net
2	googleads4.g.doubleclick.net	mypaylogin.com
2	c1.adform.net	2 redirects
2	pm.w55c.net	2 redirects
2	fw.adsafeprotected.com	1 redirects mypaylogin.com
2	ib.adnxs.com	1 redirects googleads.g.doubleclick.net
2	encrypted-tbn1.gstatic.com
2	pixel.quantserve.com	mypaylogin.com
2	rules.quantcount.com	secure.quantserve.com
2	ups.analytics.yahoo.com	2 redirects
2	ad.360yield.com	2 redirects
2	ssum-sec.casalemedia.com	2 redirects
2	secure.adnxs.com	2 redirects
2	fonts.gstatic.com	fonts.googleapis.com
1	image6.pubmatic.com	1 redirects
1	ads.travelaudience.com	1 redirects
1	tr.blismedia.com	googleads.g.doubleclick.net
1	gcm.ctnsnet.com	1 redirects
1	dclk-match.dotomi.com	googleads.g.doubleclick.net
1	secureir.ebaystatic.com
1	www.ebayadservices.com	1 redirects
1	sync.go.sonobi.com	mypaylogin.com
1	image4.pubmatic.com	1 redirects
1	image2.pubmatic.com	1 redirects
1	secure.quantserve.com	udmserve.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	region1.google-analytics.com	www.googletagmanager.com
1	www.google-analytics.com	google-analytics.com
1	l.sharethis.com	platform-api.sharethis.com
1	google-analytics.com	mypaylogin.com
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	www.googletagmanager.com	mypaylogin.com
1	platform-api.sharethis.com	mypaylogin.com
195	50

This site contains links to these domains. Also see Links.

Domain
pay-slips.com

Subject Issuer	Validity	Valid
mypaylogin.com Sectigo RSA Domain Validation Secure Server CA	`2022-07-07` - `2023-08-07`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
sharethis.com Amazon RSA 2048 M01	`2023-02-28` - `2023-07-18`	5 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
udmserve.net DigiCert TLS RSA SHA256 2020 CA1	`2022-05-25` - `2023-06-25`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
underdog.media DigiCert TLS RSA SHA256 2020 CA1	`2022-05-25` - `2023-06-25`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2022-12-06` - `2024-01-07`	a year	crt.sh
quantserve.com R3	`2023-02-13` - `2023-05-14`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-02-10` - `2023-05-27`	4 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-03-06` - `2023-05-29`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-02-12` - `2023-05-13`	3 months	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M01	`2023-02-24` - `2023-09-04`	6 months	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M01	`2023-02-09` - `2023-12-03`	10 months	crt.sh

This page contains 24 frames:

Primary Page: https://mypaylogin.com/
Frame ID: 06573E383800C5E03A1C8C7571B4095D
Requests: 72 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20190131/zrt_lookup.html
Frame ID: 80F719139F76AE07D32C1F0E94B9B674
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7507174334378103&output=html&adk=1812271804&adf=3025194257&lmt=1679931960&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=404x810_l%7C404x810_r&format=0x0&url=https%3A%2F%2Fmypaylogin.com%2F&ea=0&host=ca-host-pub-2644536267352236&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679931958406&bpp=1379&bdt=261&idt=1672&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=891286276420&frm=20&pv=2&ga_vid=993446239.1679931960&ga_sid=1679931960&ga_hid=2084813799&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44777876%2C44759837%2C31073263&oid=2&pvsid=4092948971483189&tmod=106170907&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=1704
Frame ID: B4C219AA16D63E575C7F68D25F6FE34F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7507174334378103&output=html&h=600&slotname=8170439994&adk=2019289390&adf=4098860367&pi=t.ma~as.8170439994&w=270&fwrn=4&fwrnh=100&lmt=1679931960&rafmt=1&format=270x600&url=https%3A%2F%2Fmypaylogin.com%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679931959788&bpp=9&bdt=1644&idt=326&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=891286276420&frm=20&pv=1&ga_vid=993446239.1679931960&ga_sid=1679931960&ga_hid=2084813799&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=665&ady=1696&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44777876%2C44759837%2C31073263&oid=2&pvsid=4092948971483189&tmod=106170907&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Tj53AnJBYI&p=https%3A//mypaylogin.com&dtd=331
Frame ID: 7B400778129F23B6F4DE40C0F24A4EF6
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: B57DB442175C0A3DC624D123569EF27F
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7507174334378103&output=html&h=90&adk=3070604948&adf=871259380&pi=t.aa~a.2191923801~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1679931961&rafmt=1&to=qs&pwprc=5353064814&format=1200x90&url=https%3A%2F%2Fmypaylogin.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679931961870&bpp=1&bdt=3726&idt=1&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6d0e545c959a423d-22873c7f70dd006b%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_MatgFuSzkmw3WLN4t40liIBx6NVmA&gpic=UID%3D00000bccd2f6c6ae%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_Mbkhwy2NP86M-hFLgja46tZGDb4RA&prev_fmts=0x0%2C270x600&nras=2&correlator=891286276420&frm=20&pv=1&ga_vid=993446239.1679931960&ga_sid=1679931960&ga_hid=2084813799&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1706&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44777876%2C44759837%2C31073263&oid=2&psts=AHQMDFcoAsE9E146kDwWY-GVzVR9LY5COu38D4-t_XpkBrPdL6doLETmfUfO6qIPMJ_7ADEjkvB144CX9WT139_RLCfaZfJz&pvsid=4092948971483189&tmod=106170907&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=RZ0SfOnRAO&p=https%3A//mypaylogin.com&dtd=14
Frame ID: 325D52BDC5B566F58379B80330A7CF95
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1
Frame ID: A2808D7501D88D9FB71E9686D1B1745D
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1
Frame ID: D1BC0CA93BB44C0644A8518360D81757
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1
Frame ID: 0AE33FC6EE931F026DCF574B23A555DF
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1
Frame ID: D2184517F3E6EE5BB833AF0B50008116
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: C6843A4581DA3F9F433D16BB69DE26F5
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 11FFBEE924A4CC610729A064153C87C7
Requests: 2 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: D4FE17549F34C970B852BD83EB784CB7
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: E13FF47CDA84F24BF134C08443F85C93
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/3b1Q3-2ktxseIVt-HK-LDpEKRyl8KDIxhU6os0UJEUg.js
Frame ID: D84410C6DA96E59B23FCCAF6CAF2B974
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/3b1Q3-2ktxseIVt-HK-LDpEKRyl8KDIxhU6os0UJEUg.js
Frame ID: 2CECC51E1F4C68D396B78EBCA83BBFD9
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/3b1Q3-2ktxseIVt-HK-LDpEKRyl8KDIxhU6os0UJEUg.js
Frame ID: 0A60CED383FD7AED5C1E5C098ABFC91D
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/3b1Q3-2ktxseIVt-HK-LDpEKRyl8KDIxhU6os0UJEUg.js
Frame ID: 3DD8361B689FF59DB715DC4FE58C2EE4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYxo39xAEwAQ&v=APEucNXfuqxNP_i8kdD82M7dLYjLueTxYvl8FyMJbt41M4CcdCf3TPTR9Mq4B_MRWpCfsr3LsKSOLbc1kDdVDmsIT085l4nEN5_IGztvUFZB3kapKPe3p9VYl-px7zvSvmPosL5IxYlQ9kSMVkoVVjFfNp5zG1zlAdM3PPENX4tqaWsvciwWc8w
Frame ID: 03CBC94D988E0F87A8DCE4C1432EA24D
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 96CF110B648884F61ED54103B54D4994
Requests: 25 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E2CB0CB8DF1D7138FA2E98DF855E3B13
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D8327506B0636A1BD675C350445BBD11
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/12784067222800087067/index.html
Frame ID: DABE72D6B66FFC3838D9BB53AECFC442
Requests: 8 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 6DB0BC664FA5B83A3CA1112369132EE7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

W2s Forms | MY PAY LOGIN

Page URL History Show full URLs

http://mypaylogin.com/ HTTP 301
https://mypaylogin.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Revslider (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[\'"][^']+revslider[/\w-]+\.css\?ver=([0-9.]+)[\'"]
/revslider/[/\w-]+/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

195
Requests

91 %
HTTPS

49 %
IPv6

32
Domains

50
Subdomains

36
IPs

7
Countries

2414 kB
Transfer

7064 kB
Size

43
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://pay-slips.com/
Title: Self Service Portal

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://mypaylogin.com/ HTTP 301
https://mypaylogin.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 53

https://secure.adnxs.com/getuid?https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bapnid%3D%24UID%3Bcb%3D0.4655557 HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fudmserve.net%252Fudm%252Ffetch.pix%253Fdt%253D1%253Bapnid%253D%2524UID%253Bcb%253D0.4655557 HTTP 302
https://udmserve.net/udm/fetch.pix?dt=1;apnid=6438999064524780455;cb=0.4655557

Request Chain 54

https://image8.pubmatic.com/AdServer/ImgSync?p=156505&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156505%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fudmserve.net%252Fudm%252Ffetch.pix%253Fpmid%253D%2523PMUID%3Bcb%3D0.4655557 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=156505&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156505%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fudmserve.net%252Fudm%252Ffetch.pix%253Fpmid%253D%2523PMUID%3Bcb%3D0.4655557&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QkI0QTkzMkQtRDcyOS00NTI1LUJGRDYtRDU4MDI2QTZBOTdG&gdpr=-1&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QkI0QTkzMkQtRDcyOS00NTI1LUJGRDYtRDU4MDI2QTZBOTdG&gdpr=-1&gdpr_consent=&google_tc= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=-1&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?cb=0.4655557&gdpr=0&p=156505&pmc=1&pr=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fpmid%3DBB4A932D-D729-4525-BFD6-D58026A6A97F HTTP 302
https://udmserve.net/udm/fetch.pix?pmid=BB4A932D-D729-4525-BFD6-D58026A6A97F

Request Chain 55

https://ssum-sec.casalemedia.com/usermatchredir?s=199174&cb=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bcb%3D0.4655557%3Bindx%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bcb%3D0.4655557%3Bindx%3D&s=199174&C=1 HTTP 302
https://udmserve.net/udm/fetch.pix?dt=1;cb=0.4655557;indx=ZCG6OLAjfDhas-U3qTtOKQAADKgAAAAB

Request Chain 56

https://ad.360yield.com/server_match?partner_id=1782&r=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bcb%3D0.4655557%3Bidid%3D%7BPUB_USER_ID%7D HTTP 302
https://ad.360yield.com/ul_cb/server_match?partner_id=1782&r=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bcb%3D0.4655557%3Bidid%3D%7BPUB_USER_ID%7D HTTP 302
https://udmserve.net/udm/fetch.pix?dt=1;cb=0.4655557;idid=d01d93c2-10be-4695-bec2-122650c06ad5

Request Chain 57

https://ups.analytics.yahoo.com/ups/58720/occ?cb=0.4655557 HTTP 302
https://ups.analytics.yahoo.com/ups/58720/occ?cb=0.4655557&verify=true HTTP 302
https://udmserve.net/udm/fetch.pix?dt=1;yahoo=y-VABRNNlE2uEJiQ5P0FpqcWw00Gdc5JzdL2U5FA8-~A

Request Chain 78

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 131

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKD34sLimAEQgAkYgQkyCLhTVvxEnQYN HTTP 301
https://tpc.googlesyndication.com/simgad/2401371329490837093

Request Chain 134

https://www.ebayadservices.com/marketingtracking/v1/ar?mkrid=707-163300-122643-2&mkcid=4&mkevt=2&mpt=2317145035&gdpr=&gdpr_consent=&siteid=77&adtype=0&size=1x1&ipn=admain2&placement=551583 HTTP 301
https://secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/view_pixel_1x1.gif

Request Chain 141

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 154

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOS-awmG1_CHAudKEip431s&google_cver=1

Request Chain 155

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZCG6OLAjfDhas.U3qTtOKQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOS-awmG1_CHAudKEip431s&google_cver=1&google_hm=2

Request Chain 156

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOFOUbDYjGC-LtNhvFfDfwI&google_cver=1

Request Chain 157

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQzODk5OTA2NDUyNDc4MDQ1NQ%3D%3D

Request Chain 170

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESENiQyKipZPE2N81Mz4MyQK0&google_cver=1&google_push=Aer7DvLczcWkwA8aiv2gI72tKgZ7uNQcEnCZotnprWvTCPG7mvg7XXYKppLMXvsMd2SGckUTpvOLPB2q0W0oYufrysFKrzENNyoWBA HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESENiQyKipZPE2N81Mz4MyQK0&google_cver=1&google_push=Aer7DvLczcWkwA8aiv2gI72tKgZ7uNQcEnCZotnprWvTCPG7mvg7XXYKppLMXvsMd2SGckUTpvOLPB2q0W0oYufrysFKrzENNyoWBA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=TlFySUZMTnkxUEdQMlA1&google_gid=CAESENiQyKipZPE2N81Mz4MyQK0&google_cver=1&google_push=Aer7DvLczcWkwA8aiv2gI72tKgZ7uNQcEnCZotnprWvTCPG7mvg7XXYKppLMXvsMd2SGckUTpvOLPB2q0W0oYufrysFKrzENNyoWBA

Request Chain 171

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEAR62HvxgmLWHrAqYt89Uds&google_cver=1&google_push=Aer7DvJBWyrhTy_ChMCceVmoX-ZmxmFm7VYHmbcG5QfHvXCMeGD2x4-hyPSXde1UJH5q1iDxwTA5IkDdbMdsoVWL3AVuMe79ZwrlrA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aer7DvJBWyrhTy_ChMCceVmoX-ZmxmFm7VYHmbcG5QfHvXCMeGD2x4-hyPSXde1UJH5q1iDxwTA5IkDdbMdsoVWL3AVuMe79ZwrlrA&google_hm=t4JODHCHRtOe4mRWtzk6bmo

Request Chain 173

https://ads.travelaudience.com/google_pixel?google_gid=CAESEPvrgqAt-X7VJUU3Mhulxyg&google_cver=1&google_push=Aer7DvJJjjDu9tWdgqzPLHCNbHv7EtekUXxuVoCYOK1UFbwzCeF7_xlZ48OvHuPpX8Ly9f4r-8FxEloQqbqgK8T7qscsavgZVCsAJw HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=7fP4vIWhSF2MRCH2-o74jw2&google_push=Aer7DvJJjjDu9tWdgqzPLHCNbHv7EtekUXxuVoCYOK1UFbwzCeF7_xlZ48OvHuPpX8Ly9f4r-8FxEloQqbqgK8T7qscsavgZVCsAJw

Request Chain 174

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEPv6uH88VpKJzO4prKq2CFo&google_cver=1&google_push=Aer7DvIPDpXzW-QCjr4z__9fkocPSdTaNzpjp7Aazl-BCTHgcj_VEM0YDM72M3XbPUMegj67LxXhd0LPXlF10Zuv0HPuUL2QMgIVEQ HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEPv6uH88VpKJzO4prKq2CFo&google_cver=1&google_push=Aer7DvIPDpXzW-QCjr4z__9fkocPSdTaNzpjp7Aazl-BCTHgcj_VEM0YDM72M3XbPUMegj67LxXhd0LPXlF10Zuv0HPuUL2QMgIVEQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjA4NzcwODY4ODEzNjc4ODQ2OA&google_push=Aer7DvIPDpXzW-QCjr4z__9fkocPSdTaNzpjp7Aazl-BCTHgcj_VEM0YDM72M3XbPUMegj67LxXhd0LPXlF10Zuv0HPuUL2QMgIVEQ

Request Chain 175

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEEXauvAeVNePOjrXyzq_pbA&google_cver=1&google_push=Aer7DvJqJzB6rXMyK5IBh8g4s5y4yNKyWqWtcIeOJhOX7eJWOFWccxFYvRzfIbMVQw7EQsU3h2sccAPDzqBQK2_Vbd_oyowPtXWjgw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=u0qTLdcpRSW_1tWAJqapfw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aer7DvJqJzB6rXMyK5IBh8g4s5y4yNKyWqWtcIeOJhOX7eJWOFWccxFYvRzfIbMVQw7EQsU3h2sccAPDzqBQK2_Vbd_oyowPtXWjgw

Request Chain 193

https://fw.adsafeprotected.com/rfw/st/987057/61527017/4.js?ias_dspID=3&ias_campId=1010147415&ias_pubId=pub-7507174334378103&ias_chanId=1&ias_placementId=19422216621&bidurl=https://mypaylogin.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0gSQZ6aWch2Kn1aDBth-9Ku&adContainerId=brand_safety_OrohZK-wN-a59u8P_IOMuA0&cbFunctionName=goog_wrapCb_OrohZK-wN-a59u8P_IOMuA0&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_728x90.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fmypaylogin.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fmypaylogin.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-7507174334378103%26output%3Dhtml%26h%3D90%26adk%3D3070604948%26adf%3D871259380%26pi%3Dt.aa~a.2191923801~rp.1%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1679931961%26rafmt%3D1%26to%3Dqs%26pwprc%3D5353064814%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fmypaylogin.com%252F%26host%3Dca-host-pub-2644536267352236%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd%26dt%3D1679931961870%26bpp%3D1%26bdt%3D3726%26idt%3D1%26shv%3Dr20230322%26mjsv%3Dm202303210101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253D6d0e545c959a423d-22873c7f70dd006b%253AT%253D1679931960%253ART%253D1679931960%253AS%253DALNI_MatgFuSzkmw3WLN4t40liIBx6NVmA%26gpic%3DUID%253D00000bccd2f6c6ae%253AT%253D1679931960%253ART%253D1679931960%253AS%253DALNI_Mbkhwy2NP86M-hFLgja46tZGDb4RA%26prev_fmts%3D0x0%252C270x600%26nras%3D2%26correlator%3D891286276420%26frm%3D20%26pv%3D1%26ga_vid%3D993446239.1679931960%26ga_sid%3D1679931960%26ga_hid%3D2084813799%26ga_fc%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D200%26ady%3D1706%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759927%252C44759876%252C44777876%252C44759837%252C31073263%26oid%3D2%26psts%3DAHQMDFcoAsE9E146kDwWY-GVzVR9LY5COu38D4-t_XpkBrPdL6doLETmfUfO6qIPMJ_7ADEjkvB144CX9WT139_RLCfaZfJz%26pvsid%3D4092948971483189%26tmod%3D106170907%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26ifi%3D3%26uci%3Da!3%26btvi%3D2%26fsb%3D1%26xpc%3DRZ0SfOnRAO%26p%3Dhttps%253A%2F%2Fmypaylogin.com%26dtd%3D14&adsafe_type=bed&adsafe_jsinfo=,id:86d0530d-b0d6-4fef-173e-3747c4623cbd,c:84QQH7,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-67fb65999c-nlq2r,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:5,mot:0,app:0,maw:0,fm:tzIHjGa+11%7C12%7C131%7C141*.987057-61527017%7C1411%7C1412%7C1413%7C1414%7C1511%7C161%7C171%7C181%7C182%7C19,idMap:141*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:24,oid:7a9ce4c1-ccb6-11ed-a759-9ed19cdea652,v:19.8.400,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js

195 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
mypaylogin.com/
Redirect Chain

http://mypaylogin.com/
https://mypaylogin.com/

42 KB
11 KB

989ms
586ms

Document
text/html

199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 8eb9154545d4038cd2f57124f50ae7374070301eb77021c71d28523bd0296398

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: max-age=3600
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 10409
Content-Type: text/html; charset=UTF-8
Date: Mon, 27 Mar 2023 15:45:57 GMT
Expires: Mon, 27 Mar 2023 16:45:57 GMT
Keep-Alive: timeout=5, max=100
Link: <https://mypaylogin.com/wp-json/>; rel="https://api.w.org/", <https://mypaylogin.com/wp-json/wp/v2/pages/954>; rel="alternate"; type="application/json", <https://mypaylogin.com/>; rel=shortlink
Referrer-Policy
Server: Apache
Vary: Accept-Encoding,User-Agent
X-LiteSpeed-Tag: 2de_HTTP.200

Redirect headers

Connection: Keep-Alive
Content-Length: 231
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 27 Mar 2023 15:45:57 GMT
Keep-Alive: timeout=5, max=100
Location: https://mypaylogin.com/
Server: Apache

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 140 KB
48 KB 188ms
89ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7507174334378103

Requested by

Host: mypaylogin.com
URL: https://mypaylogin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01b9a2d299df898e338e1c76c626386595a2ed0cfb5f20d209d00f137ca31fb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mypaylogin.com/
Origin: https://mypaylogin.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:45:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48847
x-xss-protection: 0
server: cafe
etag: 84675055731256719
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 27 Mar 2023 15:45:58 GMT

GET
H/1.1 200
OK reset.css
mypaylogin.com/wp-content/themes/citadela/design/css/ 2 KB
1 KB 208ms
200ms Stylesheet
text/css 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/themes/citadela/design/css/reset.css?ver=1671620664
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 3dd3db2741c2b611c7b73fdccd23b73a837290292c1fda9c6118d5f315e5360a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:58 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Wed, 21 Dec 2022 11:04:24 GMT
Server: Apache
ETag: "650-5f05483e07e00-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 830
Expires: Tue, 26 Mar 2024 15:45:58 GMT

GET
H/1.1 200
OK base.css
mypaylogin.com/wp-content/themes/citadela/design/css/ 17 KB
5 KB 409ms
199ms Stylesheet
text/css 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/themes/citadela/design/css/base.css?ver=1671620664
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 6a42392f744cf34cdc9eef0942861c7a4e1eba86a20c40dabe35b83f99808262

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:58 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Wed, 21 Dec 2022 11:04:24 GMT
Server: Apache
ETag: "45ad-5f05483e07e00-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 4487
Expires: Tue, 26 Mar 2024 15:45:58 GMT

GET
H/1.1 200
OK style.min.css
mypaylogin.com/wp-includes/css/dist/block-library/ 93 KB
13 KB 606ms
204ms Stylesheet
text/css 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:58 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Wed, 16 Nov 2022 07:18:45 GMT
Server: Apache
ETag: "172a9-5ed9148719f40-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 12518
Expires: Tue, 26 Mar 2024 15:45:58 GMT

GET
H/1.1 200
OK classic-themes.min.css
mypaylogin.com/wp-includes/css/ 217 B
635 B 603ms
198ms Stylesheet
text/css 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-includes/css/classic-themes.min.css?ver=1
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:58 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Sun, 06 Nov 2022 06:26:34 GMT
Server: Apache
ETag: "d9-5ecc763689a80-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 189
Expires: Tue, 26 Mar 2024 15:45:58 GMT

GET
H/1.1 200
OK styles.css
mypaylogin.com/wp-content/plugins/contact-form-7/includes/css/ 3 KB
1 KB 605ms
198ms Stylesheet
text/css 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.5.1
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: ab21762c3f447aa08cbefd5ea3866165f925bd5058a9ae19e23721462de6fb60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:58 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Mon, 27 Mar 2023 13:21:59 GMT
Server: Apache
ETag: "b2b-5f7e1a0ba5c38-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1004
Expires: Tue, 26 Mar 2024 15:45:58 GMT

GET
H/1.1 200
OK rs6.css
mypaylogin.com/wp-content/plugins/revslider/public/assets/css/ 57 KB
12 KB 614ms
204ms Stylesheet
text/css 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.2.2
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 3d2c706c6c0d79356ebb6152ae1e607d31cccff9895043e31ca7f6d34cd79ae1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:58 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Tue, 29 Sep 2020 00:49:41 GMT
Server: Apache
ETag: "e305-5b069287eb340-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 12170
Expires: Tue, 26 Mar 2024 15:45:58 GMT

GET
H2 200 css
fonts.googleapis.com/ 8 KB
1 KB 152ms
52ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700%2C800&subset=cyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext%2Cvietnamese&display=swap&ver=6.1.1

Requested by

Host: mypaylogin.com
URL: https://mypaylogin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1dab49c7e7f030b2673f47a20ce13a30211a6c8c3699456d233453fe94e751a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 27 Mar 2023 15:45:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 27 Mar 2023 15:45:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 27 Mar 2023 15:45:58 GMT

GET
H/1.1 200
OK theme-default-style.css
mypaylogin.com/wp-content/themes/citadela/design/css/ 569 KB
49 KB 620ms
209ms Stylesheet
text/css 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/themes/citadela/design/css/theme-default-style.css?ver=1671620664
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: d2a5d145294313d7daea99d2575b46b3441a1cd8fe31223164aee0373e7d8853

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:58 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Wed, 21 Dec 2022 11:04:24 GMT
Server: Apache
ETag: "8e4ac-5f05483e07e00-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 49711
Expires: Tue, 26 Mar 2024 15:45:58 GMT

GET
H/1.1 200
OK all.min.css
mypaylogin.com/wp-content/themes/citadela/design/css/assets/fontawesome/css/ 54 KB
12 KB 613ms
202ms Stylesheet
text/css 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/themes/citadela/design/css/assets/fontawesome/css/all.min.css?ver=5.8.2
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 06d6e10886ed7de5561acab1935bce1c46174baa9cbd0bcb319aa3b69594131f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:58 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Wed, 21 Dec 2022 11:04:24 GMT
Server: Apache
ETag: "d78f-5f05483e07e00-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 12077
Expires: Tue, 26 Mar 2024 15:45:58 GMT

GET
H/1.1 200
OK photoswipe.css
mypaylogin.com/wp-content/themes/citadela/citadela-theme/assets/photoswipe/ 4 KB
2 KB 807ms
200ms Stylesheet
text/css 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/themes/citadela/citadela-theme/assets/photoswipe/photoswipe.css?ver=4.1.3
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 4812d4e2fbfa080ea51ec6755f24dd8728c9c428cf89ffd34648e7b321801a71

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:58 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Wed, 21 Dec 2022 11:04:24 GMT
Server: Apache
ETag: "1029-5f05483e07e00-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1298
Expires: Tue, 26 Mar 2024 15:45:58 GMT

GET
H/1.1 200
OK default-skin.css
mypaylogin.com/wp-content/themes/citadela/citadela-theme/assets/photoswipe/default-skin/ 11 KB
3 KB 808ms
200ms Stylesheet
text/css 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/themes/citadela/citadela-theme/assets/photoswipe/default-skin/default-skin.css?ver=4.1.3
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 734b9c920ca443dbf993e22a56264e64a738ec99fb2908a5e3f30fdf2480dc5f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:58 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Wed, 21 Dec 2022 11:04:24 GMT
Server: Apache
ETag: "2d57-5f05483e07e00-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2983
Expires: Tue, 26 Mar 2024 15:45:58 GMT

GET
H/1.1 200
OK default.css
mypaylogin.com/wp-content/plugins/tablepress/css/build/ 6 KB
3 KB 1003ms
201ms Stylesheet
text/css 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/plugins/tablepress/css/build/default.css?ver=2.1
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: debb712196d5cadeea88c64b0c3364265abdee5035a71c65ac9172ccdd8250b8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:59 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Mon, 27 Mar 2023 13:22:09 GMT
Server: Apache
ETag: "17c7-5f7e1a1544619-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2452
Expires: Tue, 26 Mar 2024 15:45:59 GMT

GET
H/1.1 200
OK jquery.min.js Show response
mypaylogin.com/wp-includes/js/jquery/ 88 KB
31 KB 1013ms
209ms Script
application/x-javascript 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:59 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Sun, 06 Nov 2022 06:26:34 GMT
Server: Apache
ETag: "15e54-5ecc763689a80-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/x-javascript
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 30995
Expires: Tue, 26 Mar 2024 15:45:59 GMT

GET
H/1.1 200
OK jquery-migrate.min.js Show response
mypaylogin.com/wp-includes/js/jquery/ 11 KB
5 KB 1010ms
202ms Script
application/x-javascript 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:59 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Thu, 19 Nov 2020 20:01:14 GMT
Server: Apache
ETag: "2bd8-5b47b30aa5680-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/x-javascript
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 4169
Expires: Tue, 26 Mar 2024 15:45:59 GMT

GET
H/1.1 200
OK rbtools.min.js Show response
mypaylogin.com/wp-content/plugins/revslider/public/assets/js/ 121 KB
47 KB 1016ms
208ms Script
application/x-javascript 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.0
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 84569c21aafc5b59c74756c75648de4c4564f7733bc1128b0f259ca4191edf77

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:59 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Tue, 29 Sep 2020 00:49:41 GMT
Server: Apache
ETag: "1e4b8-5b069287eb340-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/x-javascript
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 47719
Expires: Tue, 26 Mar 2024 15:45:59 GMT

GET
H/1.1 200
OK rs6.min.js Show response
mypaylogin.com/wp-content/plugins/revslider/public/assets/js/ 285 KB
73 KB 1019ms
209ms Script
application/x-javascript 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.2.2
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 48ea29f1197c91fa6ae6707b59b411b7b4ba78a8c7d00f76c6a669ee12a00e2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:59 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Tue, 29 Sep 2020 00:49:41 GMT
Server: Apache
ETag: "47543-5b069287eb340-gzip"
Vary: Accept-Encoding,User-Agent
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Expires: Tue, 26 Mar 2024 15:45:59 GMT

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 198 KB
45 KB 155ms
45ms Script
text/javascript 13.32.99.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform-api.sharethis.com/js/sharethis.js

Requested by

Host: mypaylogin.com
URL: https://mypaylogin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.99.51 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-99-51.fra60.r.cloudfront.net

Software

Resource Hash

d7a1bdec6b5209de5be156a573409f2f9e30488cca22fb380d2234057c7973f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:39:39 GMT
content-encoding: gzip
via: 1.1 6fc439c8bc0a64a7ab978ce699795274.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA60-P3
age: 379
etag: W/"3184b-xStZrNgO3eG9+q9l3cRkzPWrPx0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
edge-control: cache-maxage=60m,downstream-ttl=60m
cache-control: max-age=600, public
x-cache: Hit from cloudfront
x-amz-cf-id: FF1wpQmbAP__gSGljG_s0oyQ7b_mBxxVbhrddk2h_9SUmnSlcy9UyQ==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 183 KB
68 KB 144ms
55ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-1B7F7WKTNY

Requested by

Host: mypaylogin.com
URL: https://mypaylogin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f42181a1111c720eaf1321eaad9ce063f6e397304aac01e511c2bffee43739f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:45:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 68891
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 27 Mar 2023 15:45:59 GMT

GET
H/1.1 200
OK fa-solid-900.woff2
mypaylogin.com/wp-content/themes/citadela/design/css/assets/fontawesome/webfonts/ 73 KB
73 KB 1206ms
202ms Font
application/font-woff2 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/themes/citadela/design/css/assets/fontawesome/webfonts/fa-solid-900.woff2
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 0fe6a4357505cb0d3ca8ba0671ad57df6b7410ca02cb8065eed58e2c0381e640

Request headers

Referer: https://mypaylogin.com/
Origin: https://mypaylogin.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:59 GMT
Content-Encoding: gzip
Referrer-Policy
Server: Apache
ETag: "12258-5f05483e07e00-gzip"
Vary: Accept-Encoding,User-Agent
Transfer-Encoding: chunked
Content-Type: application/font-woff2
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Expires: Tue, 26 Mar 2024 15:45:59 GMT

GET
H/1.1 200
OK fa-regular-400.woff2
mypaylogin.com/wp-content/themes/citadela/design/css/assets/fontawesome/webfonts/ 13 KB
14 KB 1211ms
199ms Font
application/font-woff2 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/themes/citadela/design/css/assets/fontawesome/webfonts/fa-regular-400.woff2
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 9da8be2e5def63c77f53ed660306098debe21d622c79756180a4a626ba21c6af

Request headers

Referer: https://mypaylogin.com/
Origin: https://mypaylogin.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:59 GMT
Content-Encoding: gzip
Referrer-Policy
Server: Apache
ETag: "3510-5f05483e07e00-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/font-woff2
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 13607
Expires: Tue, 26 Mar 2024 15:45:59 GMT

GET
H/1.1 200
OK fa-brands-400.woff2
mypaylogin.com/wp-content/themes/citadela/design/css/assets/fontawesome/webfonts/ 73 KB
73 KB 1413ms
201ms Font
application/font-woff2 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/themes/citadela/design/css/assets/fontawesome/webfonts/fa-brands-400.woff2
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 57c96fd4294617fb0bf3842d1f77ec2365ff0d0d00b6817508b6192df0e8c169

Request headers

Referer: https://mypaylogin.com/
Origin: https://mypaylogin.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:59 GMT
Content-Encoding: gzip
Referrer-Policy
Server: Apache
ETag: "123a0-5f05483e07e00-gzip"
Vary: Accept-Encoding,User-Agent
Transfer-Encoding: chunked
Content-Type: application/font-woff2
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Expires: Tue, 26 Mar 2024 15:45:59 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 140 KB
48 KB 93ms
91ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7507174334378103&host=ca-host-pub-2644536267352236

Requested by

Host: mypaylogin.com
URL: https://mypaylogin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e8b67794d91a8c62f80771d5cdf29398752ded3315cffd050b90cdec2834b58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mypaylogin.com/
Origin: https://mypaylogin.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:45:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48874
x-xss-protection: 0
server: cafe
etag: 10333440758801090118
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 27 Mar 2023 15:45:59 GMT

GET
H/1.1 200
OK index.js Show response
mypaylogin.com/wp-content/plugins/contact-form-7/includes/swv/js/ 10 KB
3 KB 1422ms
201ms Script
application/x-javascript 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.5.1
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 52db930f81d97113dde679cac624cb5435b56d4ac486e91a0b6692d2cb615a84

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:59 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Mon, 27 Mar 2023 13:21:59 GMT
Server: Apache
ETag: "2801-5f7e1a0ba5850-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/x-javascript
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 3010
Expires: Tue, 26 Mar 2024 15:45:59 GMT

GET
H/1.1 200
OK index.js Show response
mypaylogin.com/wp-content/plugins/contact-form-7/includes/js/ 13 KB
5 KB 1608ms
199ms Script
application/x-javascript 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.5.1
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 1060091178cbd6c843b802f516f230f1a3a1e85f1afbd6ef84d80e5430ba457e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:59 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Mon, 27 Mar 2023 13:21:59 GMT
Server: Apache
ETag: "328f-5f7e1a0ba6020-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/x-javascript
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 4182
Expires: Tue, 26 Mar 2024 15:45:59 GMT

GET
H/1.1 200
OK js.cookie.min.js Show response
mypaylogin.com/wp-content/plugins/ad-invalid-click-protector/assets/js/ 1 KB
1 KB 1607ms
198ms Script
application/x-javascript 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/plugins/ad-invalid-click-protector/assets/js/js.cookie.min.js?ver=3.0.0
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 85e74cf367fdd70c3bdbb603df85574f4f7e9a99b6f77c3e0b4cee1c9fe5105c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:59 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Wed, 22 Mar 2023 11:30:12 GMT
Server: Apache
ETag: "5dc-5f77b7bb53df0-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/x-javascript
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 726
Expires: Tue, 26 Mar 2024 15:45:59 GMT

GET
H/1.1 200
OK jquery.iframetracker.min.js Show response
mypaylogin.com/wp-content/plugins/ad-invalid-click-protector/assets/js/ 3 KB
2 KB 1624ms
202ms Script
application/x-javascript 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/plugins/ad-invalid-click-protector/assets/js/jquery.iframetracker.min.js?ver=2.1.0
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 169129c84912473c3eea8cb0783089f986648c26f879f25caf12b9933feedebe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:59 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Wed, 22 Mar 2023 11:30:12 GMT
Server: Apache
ETag: "c72-5f77b7bb53df0-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/x-javascript
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 1249
Expires: Tue, 26 Mar 2024 15:45:59 GMT

GET
H/1.1 200
OK aicp.min.js Show response
mypaylogin.com/wp-content/plugins/ad-invalid-click-protector/assets/js/ 777 B
891 B 1807ms
201ms Script
application/x-javascript 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/plugins/ad-invalid-click-protector/assets/js/aicp.min.js?ver=1.0
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 1e0a52e09f6a82103811fb05011f1487605df55d406ecaad89c68999d67f8ae0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:59 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Wed, 22 Mar 2023 11:30:12 GMT
Server: Apache
ETag: "309-5f77b7bb53df0-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/x-javascript
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 429
Expires: Tue, 26 Mar 2024 15:45:59 GMT

GET
H/1.1 200
OK modernizr.touch.min.js Show response
mypaylogin.com/wp-content/themes/citadela/citadela-theme/assets/modernizr/ 3 KB
2 KB 1806ms
199ms Script
application/x-javascript 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/themes/citadela/citadela-theme/assets/modernizr/modernizr.touch.min.js?ver=3.6.0
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 29756d1e9926e455608bf53d668030ae9a1b0240f4a3374fe4a5af788bc71c83

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:59 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Wed, 21 Dec 2022 11:04:24 GMT
Server: Apache
ETag: "cdd-5f05483e07e00-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/x-javascript
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 1549
Expires: Tue, 26 Mar 2024 15:45:59 GMT

GET
H/1.1 200
OK jquery.waypoints.min.js Show response
mypaylogin.com/wp-content/themes/citadela/citadela-theme/assets/waypoints/ 9 KB
3 KB 1807ms
199ms Script
application/x-javascript 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/themes/citadela/citadela-theme/assets/waypoints/jquery.waypoints.min.js?ver=4.0.1
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 368daab67b1a5b2b2802edbbac79a2aa4ba992a2ebf9c67b98ad784d8004018c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:59 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Wed, 21 Dec 2022 11:04:24 GMT
Server: Apache
ETag: "2344-5f05483e07e00-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/x-javascript
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 2753
Expires: Tue, 26 Mar 2024 15:45:59 GMT

GET
H/1.1 200
OK photoswipe.min.js Show response
mypaylogin.com/wp-content/themes/citadela/citadela-theme/assets/photoswipe/ 31 KB
12 KB 1808ms
199ms Script
application/x-javascript 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/themes/citadela/citadela-theme/assets/photoswipe/photoswipe.min.js?ver=4.1.3
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 78fc260a16dbbd76ec3b4da56ccdc7a076d21d31c501e0a17a4175c4a25d95ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:59 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Wed, 21 Dec 2022 11:04:24 GMT
Server: Apache
ETag: "7ca0-5f05483e07e00-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/x-javascript
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 12235
Expires: Tue, 26 Mar 2024 15:45:59 GMT

GET
H/1.1 200
OK photoswipe-ui-default.min.js Show response
mypaylogin.com/wp-content/themes/citadela/citadela-theme/assets/photoswipe/ 10 KB
4 KB 1827ms
202ms Script
application/x-javascript 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/themes/citadela/citadela-theme/assets/photoswipe/photoswipe-ui-default.min.js?ver=4.1.3
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 50a9333a7ff0d660714662cb1ab49ec81e1ed716eba78c729600166f7338da95

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:45:59 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Wed, 21 Dec 2022 11:04:24 GMT
Server: Apache
ETag: "2696-5f05483e07e00-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/x-javascript
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 3755
Expires: Tue, 26 Mar 2024 15:45:59 GMT

GET
H/1.1 200
OK focus-within-polyfill.min.js Show response
mypaylogin.com/wp-content/themes/citadela/citadela-theme/assets/polyfills/ 974 B
919 B 2009ms
198ms Script
application/x-javascript 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/themes/citadela/citadela-theme/assets/polyfills/focus-within-polyfill.min.js?ver=5.0.4
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: e8d139ee2ae1d25c8d2b6dad4d3618a213d0b0179eb29ae29434e2fd5653f73a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:46:00 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Wed, 21 Dec 2022 11:04:24 GMT
Server: Apache
ETag: "3ce-5f05483e07e00-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/x-javascript
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 457
Expires: Tue, 26 Mar 2024 15:46:00 GMT

GET
H/1.1 200
OK fancybox.js Show response
mypaylogin.com/wp-content/themes/citadela/design/js/ 5 KB
2 KB 2010ms
200ms Script
application/x-javascript 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/themes/citadela/design/js/fancybox.js?ver=1671620664
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: bd132cec40dfd4f31611d972baefccab71ad9c618ac47fe1cbb39afea497f5c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:46:00 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Wed, 21 Dec 2022 11:04:24 GMT
Server: Apache
ETag: "1399-5f05483e07e00-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/x-javascript
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 1605
Expires: Tue, 26 Mar 2024 15:46:00 GMT

GET
H/1.1 200
OK menu.js Show response
mypaylogin.com/wp-content/themes/citadela/design/js/ 16 KB
4 KB 2011ms
201ms Script
application/x-javascript 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/themes/citadela/design/js/menu.js?ver=1671620664
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 0cf228bfa7cd9d4c526703d7eabee1e278a77943ad402b82bf34678b873d3b4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:46:00 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Wed, 21 Dec 2022 11:04:24 GMT
Server: Apache
ETag: "3e4f-5f05483e07e00-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/x-javascript
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 3706
Expires: Tue, 26 Mar 2024 15:46:00 GMT

GET
H/1.1 200
OK mobile.js Show response
mypaylogin.com/wp-content/themes/citadela/design/js/ 1 KB
1015 B 2009ms
199ms Script
application/x-javascript 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-content/themes/citadela/design/js/mobile.js?ver=1671620664
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 9fbb78d831f4409c5d513b230b46466af266b896851f86a80c51acdc664bb135

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:46:00 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Wed, 21 Dec 2022 11:04:24 GMT
Server: Apache
ETag: "594-5f05483e07e00-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/x-javascript
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 553
Expires: Tue, 26 Mar 2024 15:46:00 GMT

GET
H/1.1 200
OK img.fetch Show response
udmserve.net/udm/ 32 KB
5 KB 743ms
193ms Script
application/x-javascript 68.71.249.118
ZEROLAG

General

Check archive.org

Show headers Download Go to

Full URL: https://udmserve.net/udm/img.fetch?sid=18969;tid=1;dt=6;
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 68.71.249.118 Picton, Canada, ASN20093 (ZEROLAG, US),
Reverse DNS
Software: /
Resource Hash: 50acee13b4d29f658d9d10ceaf7b5a139924516d42d1e1b79fb1c73083193744

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 27 Mar 2023 15:46:00 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3p: NOI DSP CURa ADMa DEVa PSAa PSDa OUR IND UNI COM NAV INT
Content-Type: application/x-javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Expires: 0

GET
H/1.1 200
OK wp-emoji-release.min.js Show response
mypaylogin.com/wp-includes/js/ 18 KB
5 KB 201ms
200ms Script
application/x-javascript 199.192.23.231
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://mypaylogin.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 199.192.23.231 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: exactly-although.quarantine-pnap.web-hosting.com
Software: Apache /
Resource Hash: 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: public
Date: Mon, 27 Mar 2023 15:46:00 GMT
Content-Encoding: gzip
Referrer-Policy
Last-Modified: Sat, 28 May 2022 16:08:44 GMT
Server: Apache
ETag: "48b9-5e014a31b5b00-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/x-javascript
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 5009
Expires: Tue, 26 Mar 2024 15:46:00 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303210101/ 350 KB
117 KB 192ms
105ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303210101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7507174334378103&plah=mypaylogin.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7507174334378103

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3e19021518a433408f42cdfc65e3e2b4df2ceaa4dfbbc942cda575fe23cbd3b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:45:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119747
x-xss-protection: 0
server: cafe
etag: 376230685706617147
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 27 Mar 2023 15:45:59 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230322/r20190131/ Frame 80F7 10 KB
5 KB 130ms
40ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230322/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7507174334378103

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mypaylogin.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 84994
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Mar 2023 16:09:24 GMT
etag: 2378337311435320485
expires: Sun, 09 Apr 2023 16:09:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 5ff42dbbf474080012973d4b.js Show response
buttons-config.sharethis.com/js/ 30 B
472 B 541ms
436ms Script
text/javascript 2600:9000:223c:ca00:c:abe:f440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://buttons-config.sharethis.com/js/5ff42dbbf474080012973d4b.js

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:ca00:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:46:01 GMT
via: 1.1 b9d2ce196c8a711fb15d92175d58476e.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Tue, 05 Jan 2021 09:13:33 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
etag: "e6e1643313740711175f51662a65b42f"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: text/javascript
cache-control: max-age=60,public
accept-ranges: bytes
content-length: 30
x-amz-cf-id: KEHL7m9xGvAsry-zGz8KaEL1C1L0jN_n5be8n0_uMfnXL74xZJhr9w==

GET
H2 200 analytics.js Show response
google-analytics.com/ 49 KB
20 KB 157ms
40ms Script
text/javascript 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://google-analytics.com/analytics.js

Requested by

Host: mypaylogin.com
URL: https://mypaylogin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 27 Mar 2023 14:05:18 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 6041
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Mon, 27 Mar 2023 16:05:18 GMT

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
401 B 185ms
41ms XHR
text/plain 18.197.187.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://l.sharethis.com/pview?event=pview&hostname=mypaylogin.com&location=%2F&product=ga&url=https%3A%2F%2Fmypaylogin.com%2F&source=googleanalytics-wordpress&fcmp=false&fcmpv2=false&has_segmentio=false&title=W2s%20Forms%20%7C%20MY%20PAY%20LOGIN&cms=unknown&publisher=5ff42dbbf474080012973d4b&sop=true&version=st_sop.js&lang=en&description=What%20to%20do%20when%20you%20don%27t%20receive%20your%20w2s%3F%20All%20employees%20should%20receive%20their%20w2%20statements%20from%20their%20employers%20by%2031st%20January.&ua=&ua_mobile=false&ua_full_version_list=

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.197.187.90 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-197-187-90.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date: Mon, 27 Mar 2023 15:45:59 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: https://mypaylogin.com
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ 44 KB
44 KB 131ms
40ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C700%2C800&subset=cyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext%2Cvietnamese&display=swap&ver=6.1.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mypaylogin.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 08:37:39 GMT
x-content-type-options: nosniff
age: 544100
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Mar 2024 08:37:39 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
313 B 199ms
46ms XHR
text/plain 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=2084813799&t=pageview&_s=1&dl=https%3A%2F%2Fmypaylogin.com%2F&ul=en-us&de=UTF-8&dt=W2s%20Forms%20%7C%20MY%20PAY%20LOGIN&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=866143981&gjid=454653354&cid=993446239.1679931960&tid=UA-122111422-1&_gid=861325565.1679931960&_r=1&_slc=1&z=1527533469

Requested by

Host: google-analytics.com
URL: https://google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://mypaylogin.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:00 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://mypaylogin.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
253 B 137ms
47ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-1B7F7WKTNY&gtm=45je33m0&_p=2084813799&gdid=dZTNiMT&cid=993446239.1679931960&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1679931960&sct=1&seg=0&dl=https%3A%2F%2Fmypaylogin.com%2F&dt=W2s%20Forms%20%7C%20MY%20PAY%20LOGIN&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-1B7F7WKTNY
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://mypaylogin.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 395 B
608 B 191ms
47ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=mypaylogin.com&callback=_gfp_s_&client=ca-pub-7507174334378103

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303210101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7507174334378103&plah=mypaylogin.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5206017966892905a24b1f83f98d168755785eb431f4bb66a7c7dabfadc5d8a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:46:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 256
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 169ms
48ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=mypaylogin.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:46:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 153ms
50ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=mypaylogin.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:46:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B4C2 505 KB
100 KB 1646ms
1645ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7507174334378103&output=html&adk=1812271804&adf=3025194257&lmt=1679931960&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=404x810_l%7C404x810_r&format=0x0&url=https%3A%2F%2Fmypaylogin.com%2F&ea=0&host=ca-host-pub-2644536267352236&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679931958406&bpp=1379&bdt=261&idt=1672&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=891286276420&frm=20&pv=2&ga_vid=993446239.1679931960&ga_sid=1679931960&ga_hid=2084813799&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44777876%2C44759837%2C31073263&oid=2&pvsid=4092948971483189&tmod=106170907&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=1704

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

293cc52fc9963a474270b819a804eb688b5d38497c2321ff6aa407edb5d46ca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mypaylogin.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 101819
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Mar 2023 15:46:01 GMT
expires: Mon, 27 Mar 2023 15:46:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7B40 70 KB
22 KB 898ms
897ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7507174334378103&output=html&h=600&slotname=8170439994&adk=2019289390&adf=4098860367&pi=t.ma~as.8170439994&w=270&fwrn=4&fwrnh=100&lmt=1679931960&rafmt=1&format=270x600&url=https%3A%2F%2Fmypaylogin.com%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679931959788&bpp=9&bdt=1644&idt=326&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=891286276420&frm=20&pv=1&ga_vid=993446239.1679931960&ga_sid=1679931960&ga_hid=2084813799&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=665&ady=1696&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44777876%2C44759837%2C31073263&oid=2&pvsid=4092948971483189&tmod=106170907&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Tj53AnJBYI&p=https%3A//mypaylogin.com&dtd=331

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b10675bf296441c176229747bcbd5e76204633a2952c0778ccd75bc163a17733

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mypaylogin.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 22100
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Mar 2023 15:46:00 GMT
expires: Mon, 27 Mar 2023 15:46:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 udm-r3_v2.19.0.js Show response
bid.underdog.media/ 581 KB
181 KB 187ms
57ms Script
application/javascript 2600:9000:21a1:f200:5:c4ab:c3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bid.underdog.media/udm-r3_v2.19.0.js
Requested by: Host: udmserve.net
URL: https://udmserve.net/udm/img.fetch?sid=18969;tid=1;dt=6;
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21a1:f200:5:c4ab:c3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b742b5939794635c6f4ec1939ebb50e65199da40c766fbfc11da2319601fcea7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 17:54:35 GMT
content-encoding: gzip
via: 1.1 7a353ac52edd918080eb1d76630437d4.cloudfront.net (CloudFront)
last-modified: Wed, 22 Mar 2023 17:49:16 GMT
server: AmazonS3
x-amz-cf-pop: MUC51-C1
age: 424286
etag: "67e8e0a972f2d7c23a0eaa235052ba55"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 185125
x-amz-cf-id: ZXm33pLwOUrAYLSWk4kibqIuSVlrClmtyxMJEpGg4XVMqtJhoqQMpA==

GET
H2 200 quant.js Show response
secure.quantserve.com/ 22 KB
9 KB 128ms
40ms Script
application/javascript 2620:116:800d:21:c5a4:625:6563:a5bb
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: udmserve.net
URL: https://udmserve.net/udm/img.fetch?sid=18969;tid=1;dt=6;
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e8cd4bf2f547eb60b69a54a5340d5feed5905e1e5ea0ef3d3aefe6a6c1523fe7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:46:00 GMT
content-encoding: gzip
etag: "qnbLQo87mD/KmvsyZTIxlQ=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Mon, 03 Apr 2023 15:46:00 GMT

GET
H/1.1

200
OK

fetch.pix
udmserve.net/udm/
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bapnid%3D%24UID%3Bcb%3D0.4655557
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fudmserve.net%252Fudm%252Ffetch.pix%253Fdt%253D1%253Bapnid%253D%2524UID%253Bcb%253D0.4655557
https://udmserve.net/udm/fetch.pix?dt=1;apnid=6438999064524780455;cb=0.4655557

43 B
612 B

356ms
180ms

Image
image/gif

68.71.249.118
ZEROLAG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udmserve.net/udm/fetch.pix?dt=1;apnid=6438999064524780455;cb=0.4655557
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Server: 68.71.249.118 Picton, Canada, ASN20093 (ZEROLAG, US),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date: Mon, 27 Mar 2023 15:46:00 GMT
Cache-Control: max-age=43200
Connection: Keep-Alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

Date: Mon, 27 Mar 2023 15:46:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.7.106; 80.255.7.106; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 12b043ef-30b6-4673-9171-dcb3aba7b7b4
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://udmserve.net/udm/fetch.pix?dt=1;apnid=6438999064524780455;cb=0.4655557
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

fetch.pix
udmserve.net/udm/
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=156505&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156505%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fudmserve.net%...
https://image8.pubmatic.com/AdServer/ImgSync?p=156505&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156505%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fudmserve.net%...
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QkI0QTkzMkQtRDcyOS00NTI1LUJGRDYtRDU4MDI2QTZBOTdG&gdpr=-1&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QkI0QTkzMkQtRDcyOS00NTI1LUJGRDYtRDU4MDI2QTZBOTdG&gdpr=-1&gdpr_consent=&google_tc=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=-1&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?cb=0.4655557&gdpr=0&p=156505&pmc=1&pr=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fpmid%3DBB4A932D-D729-4525-BFD6-D58026A6A97F
https://udmserve.net/udm/fetch.pix?pmid=BB4A932D-D729-4525-BFD6-D58026A6A97F

43 B
628 B

178ms
178ms

Image
image/gif

68.71.249.118
ZEROLAG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udmserve.net/udm/fetch.pix?pmid=BB4A932D-D729-4525-BFD6-D58026A6A97F
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Server: 68.71.249.118 Picton, Canada, ASN20093 (ZEROLAG, US),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date: Mon, 27 Mar 2023 15:46:01 GMT
Cache-Control: max-age=43200
Connection: Keep-Alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

location: https://udmserve.net/udm/fetch.pix?pmid=BB4A932D-D729-4525-BFD6-D58026A6A97F
date: Mon, 27 Mar 2023 14:02:48 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1

200
OK

fetch.pix
udmserve.net/udm/
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=199174&cb=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bcb%3D0.4655557%3Bindx%3D
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bcb%3D0.4655557%3Bindx%3D&s=199174&C=1
https://udmserve.net/udm/fetch.pix?dt=1;cb=0.4655557;indx=ZCG6OLAjfDhas-U3qTtOKQAADKgAAAAB

43 B
624 B

500ms
177ms

Image
image/gif

68.71.249.118
ZEROLAG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udmserve.net/udm/fetch.pix?dt=1;cb=0.4655557;indx=ZCG6OLAjfDhas-U3qTtOKQAADKgAAAAB
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Server: 68.71.249.118 Picton, Canada, ASN20093 (ZEROLAG, US),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date: Mon, 27 Mar 2023 15:46:01 GMT
Cache-Control: max-age=43200
Connection: Keep-Alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

Pragma: no-cache
Date: Mon, 27 Mar 2023 15:46:00 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://udmserve.net/udm/fetch.pix?dt=1;cb=0.4655557;indx=ZCG6OLAjfDhas-U3qTtOKQAADKgAAAAB
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

fetch.pix
udmserve.net/udm/
Redirect Chain

https://ad.360yield.com/server_match?partner_id=1782&r=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bcb%3D0.4655557%3Bidid%3D%7BPUB_USER_ID%7D
https://ad.360yield.com/ul_cb/server_match?partner_id=1782&r=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bcb%3D0.4655557%3Bidid%3D%7BPUB_USER_ID%7D
https://udmserve.net/udm/fetch.pix?dt=1;cb=0.4655557;idid=d01d93c2-10be-4695-bec2-122650c06ad5

43 B
628 B

452ms
175ms

Image
image/gif

68.71.249.118
ZEROLAG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udmserve.net/udm/fetch.pix?dt=1;cb=0.4655557;idid=d01d93c2-10be-4695-bec2-122650c06ad5
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Server: 68.71.249.118 Picton, Canada, ASN20093 (ZEROLAG, US),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date: Mon, 27 Mar 2023 15:46:01 GMT
Cache-Control: max-age=43200
Connection: Keep-Alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

location: https://udmserve.net/udm/fetch.pix?dt=1;cb=0.4655557;idid=d01d93c2-10be-4695-bec2-122650c06ad5
access-control-allow-origin: *
date: Mon, 27 Mar 2023 15:46:00 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

fetch.pix
udmserve.net/udm/
Redirect Chain

https://ups.analytics.yahoo.com/ups/58720/occ?cb=0.4655557
https://ups.analytics.yahoo.com/ups/58720/occ?cb=0.4655557&verify=true
https://udmserve.net/udm/fetch.pix?dt=1;yahoo=y-VABRNNlE2uEJiQ5P0FpqcWw00Gdc5JzdL2U5FA8-~A

43 B
637 B

177ms
176ms

Image
image/gif

68.71.249.118
ZEROLAG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udmserve.net/udm/fetch.pix?dt=1;yahoo=y-VABRNNlE2uEJiQ5P0FpqcWw00Gdc5JzdL2U5FA8-~A
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: HTTP/1.1
Server: 68.71.249.118 Picton, Canada, ASN20093 (ZEROLAG, US),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date: Mon, 27 Mar 2023 15:46:00 GMT
Cache-Control: max-age=43200
Connection: Keep-Alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

location: https://udmserve.net/udm/fetch.pix?dt=1;yahoo=y-VABRNNlE2uEJiQ5P0FpqcWw00Gdc5JzdL2U5FA8-~A
date: Mon, 27 Mar 2023 15:46:00 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 200
OK us
sync.go.sonobi.com/ 0
500 B 606ms
121ms Image
text/plain 69.166.1.12
AS-XFERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fudmserve.net%2Fudm%2Ffetch.pix%3Fdt%3D1%3Bcb%3D0.4655557%3Bsonobi%3D%5BUID%5D

Requested by

Host: mypaylogin.com
URL: https://mypaylogin.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

69.166.1.12 , United States, ASN27630 (AS-XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 27 Mar 2023 15:46:01 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: go-iad-2-5-103
Content-Type: text/plain; charset=utf8
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 rules-p-effSsmMYCbAck.js Show response
rules.quantcount.com/ 160 B
633 B 262ms
40ms Script
application/javascript 2600:9000:223c:7a00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-effSsmMYCbAck.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:7a00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f4110d145ad25681a3ef677782ec9a807407fe09b028c2ea15648833ed9cac60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:16:22 GMT
via: 1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 1779
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 160
last-modified: Thu, 13 Oct 2022 22:21:01 GMT
server: AmazonS3
etag: "435cbd9bc4b3440e866ad1f4f7d1ef02"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
x-amz-cf-id: I2S3M0udTaIA4DKDZbHfcqRqxicwzo6PpM0GV4nJboJM1yDssCjC1g==

GET
H2 200 rules-p-Pz67dCqdsHfxh.js Show response
rules.quantcount.com/ 160 B
634 B 263ms
41ms Script
application/javascript 2600:9000:223c:7a00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-Pz67dCqdsHfxh.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:7a00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 11b2088deff6ac044087d2ef9e23453bc600e5e505f5cca9bd62a4cfe6d11a74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:23:47 GMT
via: 1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 1334
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 160
last-modified: Thu, 13 Oct 2022 23:00:33 GMT
server: AmazonS3
etag: "eee1bd1fc55b604b66cd9e63c4f811b8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
x-amz-cf-id: OgLnKGYL_NUndwH3UGPCfF9rOWqz32NTBsurDpCyKZ0G4TQ6X6RS4Q==

GET
H2 200 bc_UZYxC75kqDLRiEd9GoEYOmovVVM.js Show response
bid.underdog.media/ 2 KB
1 KB 46ms
46ms Script
application/x-javascript 2600:9000:21a1:f200:5:c4ab:c3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bid.underdog.media/bc_UZYxC75kqDLRiEd9GoEYOmovVVM.js
Requested by: Host: bid.underdog.media
URL: https://bid.underdog.media/udm-r3_v2.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21a1:f200:5:c4ab:c3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 261df23b8d9a3f12b2c8b2ac7f3515b29ca4b3beb546db4e7cddb13658aabe7f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:40:12 GMT
content-encoding: gzip
via: 1.1 7a353ac52edd918080eb1d76630437d4.cloudfront.net (CloudFront)
last-modified: Mon, 27 Mar 2023 15:30:08 GMT
server: AmazonS3
x-amz-cf-pop: MUC51-C1
age: 349
etag: "b409c1ba491dc90433ef63d48e24b1dd"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=1800
accept-ranges: bytes
content-length: 990
x-amz-cf-id: CB8TqboAeiI-WvLeGO4mqQLnGLUrk40IUJdE6PfiEmOyf_3bF2o9Ig==

GET
H2 200 rrv7.js Show response
bid.underdog.media/ 1 KB
1 KB 47ms
46ms Script
application/x-javascript 2600:9000:21a1:f200:5:c4ab:c3c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bid.underdog.media/rrv7.js
Requested by: Host: bid.underdog.media
URL: https://bid.underdog.media/udm-r3_v2.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21a1:f200:5:c4ab:c3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 930caf678f76ec9641fe6230eaf554950de623fedf1655a7d26d38906ba01a7b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:14:50 GMT
content-encoding: gzip
via: 1.1 7a353ac52edd918080eb1d76630437d4.cloudfront.net (CloudFront)
last-modified: Mon, 27 Mar 2023 15:00:04 GMT
server: AmazonS3
x-amz-cf-pop: MUC51-C1
age: 1871
etag: "acf77e6fb67492c97e3bc3289310b475"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=7200
accept-ranges: bytes
content-length: 679
x-amz-cf-id: Go6YA9FURbXe-FjM9WJjgNcftmEXr1_J1PfjK1rmNwEF6j0LvvWdgg==

GET
H/1.1 200
OK img.fetch Show response
udmserve.net/udm/ 1 B
470 B 405ms
185ms Script
application/x-javascript 68.71.249.118
ZEROLAG

General

Check archive.org

Show headers Download Go to

Full URL: https://udmserve.net/udm/img.fetch?sid=18969;tid=1;dt=6;gdprApplies=true;consentGiven=false;consentData=cmpMissing
Requested by: Host: bid.underdog.media
URL: https://bid.underdog.media/udm-r3_v2.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 68.71.249.118 Picton, Canada, ASN20093 (ZEROLAG, US),
Reverse DNS
Software: /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

P3p: NOI DSP CURa ADMa DEVa PSAa PSDa OUR IND UNI COM NAV INT
Date: Mon, 27 Mar 2023 15:46:01 GMT
Connection: Keep-Alive
Content-Length: 1
Content-Type: application/x-javascript

GET
H2 200 pixel;r=352858900;rf=0;a=p-Pz67dCqdsHfxh;url=https%3A%2F%2Fmypaylogin.com%2F;uht=2;fpan=1;fpa=P0-1197053966-1679931960674;pbc=;ns=0;ce=1;qjs=1;qv=757f3135-20230316172511;cm=;gdpr=0;ref=;d=mypaylogi...
pixel.quantserve.com/ 35 B
371 B 44ms
43ms Image
image/gif 2620:116:800d:21:c5a4:625:6563:a5bb
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=352858900;rf=0;a=p-Pz67dCqdsHfxh;url=https%3A%2F%2Fmypaylogin.com%2F;uht=2;fpan=1;fpa=P0-1197053966-1679931960674;pbc=;ns=0;ce=1;qjs=1;qv=757f3135-20230316172511;cm=;gdpr=0;ref=;d=mypaylogin.com;dst=0;et=1679931960940;tzo=0;ogl=locale.en_US%2Csite_name.MY%20PAY%20LOGIN%20%7C%20An%20Employee%20News%20Portal%2Ctype.article%2Ctitle.W2s%20Forms%20%7C%20MY%20PAY%20LOGIN%2Cdescription.What%20to%20do%20when%20you%20don't%20receive%20your%20w2s%3F%20All%20employees%20should%20receive%20their%20w%2Curl.https%3A%2F%2Fmypaylogin%252Ecom%2F;ses=c1a24f63-21f3-4f14-aba0-d160d5dcd75d

Requested by

Host: mypaylogin.com
URL: https://mypaylogin.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:00 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 pixel;r=432210640;labels=edge.1%2Csid.18969;rf=0;a=p-effSsmMYCbAck;url=https%3A%2F%2Fmypaylogin.com%2F;uht=2;fpan=1;fpa=P0-1197053966-1679931960674;pbc=;ns=0;ce=1;qjs=1;qv=757f3135-20230316172511;c...
pixel.quantserve.com/ 35 B
371 B 43ms
42ms Image
image/gif 2620:116:800d:21:c5a4:625:6563:a5bb
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=432210640;labels=edge.1%2Csid.18969;rf=0;a=p-effSsmMYCbAck;url=https%3A%2F%2Fmypaylogin.com%2F;uht=2;fpan=1;fpa=P0-1197053966-1679931960674;pbc=;ns=0;ce=1;qjs=1;qv=757f3135-20230316172511;cm=;gdpr=0;ref=;d=mypaylogin.com;dst=0;et=1679931960941;tzo=0;ogl=locale.en_US%2Csite_name.MY%20PAY%20LOGIN%20%7C%20An%20Employee%20News%20Portal%2Ctype.article%2Ctitle.W2s%20Forms%20%7C%20MY%20PAY%20LOGIN%2Cdescription.What%20to%20do%20when%20you%20don't%20receive%20your%20w2s%3F%20All%20employees%20should%20receive%20their%20w%2Curl.https%3A%2F%2Fmypaylogin%252Ecom%2F;ses=c1a24f63-21f3-4f14-aba0-d160d5dcd75d

Requested by

Host: mypaylogin.com
URL: https://mypaylogin.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:c5a4:625:6563:a5bb , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:00 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 7B40 8 KB
990 B 52ms
50ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7507174334378103&output=html&h=600&slotname=8170439994&adk=2019289390&adf=4098860367&pi=t.ma~as.8170439994&w=270&fwrn=4&fwrnh=100&lmt=1679931960&rafmt=1&format=270x600&url=https%3A%2F%2Fmypaylogin.com%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679931959788&bpp=9&bdt=1644&idt=326&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=891286276420&frm=20&pv=1&ga_vid=993446239.1679931960&ga_sid=1679931960&ga_hid=2084813799&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=665&ady=1696&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44777876%2C44759837%2C31073263&oid=2&pvsid=4092948971483189&tmod=106170907&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Tj53AnJBYI&p=https%3A//mypaylogin.com&dtd=331

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

74017d97a0876e72ef09a14ea0b3ad49a744811c726e7b05e305d4a6e3e07612

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 27 Mar 2023 15:46:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 27 Mar 2023 14:05:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 27 Mar 2023 15:46:01 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame 7B40 2 KB
818 B 185ms
71ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84210
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 09 Apr 2023 16:22:31 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/ Frame 7B40 22 KB
9 KB 173ms
59ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78a0b7266f642f96b673c4065063dba46a80f651ff12352eb82aa877c23b9186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 16:24:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84115
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9109
x-xss-protection: 0
server: cafe
etag: 16040247357158217350
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 09 Apr 2023 16:24:06 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame 7B40 3 KB
1 KB 187ms
77ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 13:41:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7467
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 10 Apr 2023 13:41:34 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame 7B40 20 KB
9 KB 176ms
62ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84210
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 09 Apr 2023 16:22:31 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7B40 158 KB
49 KB 59ms
52ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:46:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Mar 2023 15:46:01 GMT

GET
H2 200 23cf7cdae9f50ee7270380e7f4964b21.js Show response
www.gstatic.com/mysidia/ Frame 7B40 34 KB
15 KB 167ms
56ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/23cf7cdae9f50ee7270380e7f4964b21.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfb251ab625fc65ba9da3b27cc16fc25459480c929e6e8ff1efb2fa87fd72659

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 11:58:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 445650
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14432
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 21:58:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 20 Jun 2023 11:58:31 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 7B40 0
0 87ms
87ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CMo4iOLohZPbdCZHwtge8pLDoBM2okqRv0eLrlpkR2tkeEAEgiOqyHGCVwqaCsAegAdvU38ECyAEBqQKtn_dC9RCyPqgDAaoE4gFP0Dv9BZp_GJjmt8c43u9hrtGwlheoXETg-CI-XRA85gSEhS5NzRpObrhFNjBYuwH0Y6iq1q8a3B-9sbMWGrYSW9cpBJLDtEk5vnqcuLE2Ccl5jdSwiwjLHYBe60s_GB1sDrZZS-N76Im9__en-3DCFjfDS02OuQa7ObylvY9sw99F6Ccg__fN49yJH5MkwQ6L7UyAdhZSQ83KrpXe21TD4vI-D0lasZHMW8ooPTfgi3Vz5DjcAJAImyF4wI8Szge7o5V-3L-toL90WvKqXbTIAyrITSajPTL6CAj_u6swjNxlwASxlfHIlwSSBQQIBBgBkgUECAUYBIAHwb2XwAOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCPhAvSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDdAVAYAXAbIXHAoaCAASFHB1Yi03NTA3MTc0MzM0Mzc4MTAzGAA&sigh=vDrWi-ISyC0&uach_m=[UACH]&cid=CAQSGwDUE5ym6y3uAklcZdGWSK9sRxK1JE6owGRY3RgB&template_id=5020

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7507174334378103&output=html&h=600&slotname=8170439994&adk=2019289390&adf=4098860367&pi=t.ma~as.8170439994&w=270&fwrn=4&fwrnh=100&lmt=1679931960&rafmt=1&format=270x600&url=https%3A%2F%2Fmypaylogin.com%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679931959788&bpp=9&bdt=1644&idt=326&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=891286276420&frm=20&pv=1&ga_vid=993446239.1679931960&ga_sid=1679931960&ga_hid=2084813799&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=665&ady=1696&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44777876%2C44759837%2C31073263&oid=2&pvsid=4092948971483189&tmod=106170907&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Tj53AnJBYI&p=https%3A//mypaylogin.com&dtd=331
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 27 Mar 2023 15:46:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 7B40 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a663467e111fd2237a1bc5255e8d702b099f29cb553ecab24efe98cbf898b5d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B57D 143 B
166 B 47ms
39ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7507174334378103&output=html&h=600&slotname=8170439994&adk=2019289390&adf=4098860367&pi=t.ma~as.8170439994&w=270&fwrn=4&fwrnh=100&lmt=1679931960&rafmt=1&format=270x600&url=https%3A%2F%2Fmypaylogin.com%2F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679931959788&bpp=9&bdt=1644&idt=326&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=891286276420&frm=20&pv=1&ga_vid=993446239.1679931960&ga_sid=1679931960&ga_hid=2084813799&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=665&ady=1696&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44777876%2C44759837%2C31073263&oid=2&pvsid=4092948971483189&tmod=106170907&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Tj53AnJBYI&p=https%3A//mypaylogin.com&dtd=331
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2959
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Mar 2023 14:56:42 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 7B40 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 632ef1e58ee645d5dbdc02c943c931dfcc2371b1552214297a0e3f911c4ed61f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 7B40 28 KB
28 KB 41ms
40ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 08:37:40 GMT
x-content-type-options: nosniff
age: 544101
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Mar 2024 08:37:40 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B57D
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

51ms
51ms

Document
text/html

2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Mar 2023 15:46:01 GMT
expires: Mon, 27 Mar 2023 15:46:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Mar 2023 15:46:01 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 90ms
89ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230322&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ff67729bda9324ecd6c4722edc54ab8e90875696114aff68f733dd5e3b5941e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:46:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11207
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303210101/ 150 KB
51 KB 92ms
91ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303210101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fbc076b6349a619fe8e0d988e644b3b0b62766d90fe3c81cd7c1e0376e29bad7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:46:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52130
x-xss-protection: 0
server: cafe
etag: 15111029700477610149
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Mar 2023 15:46:01 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 50ms
49ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=mypaylogin.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:46:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 53ms
52ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=mypaylogin.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:46:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 325D 21 KB
9 KB 701ms
701ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7507174334378103&output=html&h=90&adk=3070604948&adf=871259380&pi=t.aa~a.2191923801~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1679931961&rafmt=1&to=qs&pwprc=5353064814&format=1200x90&url=https%3A%2F%2Fmypaylogin.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679931961870&bpp=1&bdt=3726&idt=1&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6d0e545c959a423d-22873c7f70dd006b%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_MatgFuSzkmw3WLN4t40liIBx6NVmA&gpic=UID%3D00000bccd2f6c6ae%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_Mbkhwy2NP86M-hFLgja46tZGDb4RA&prev_fmts=0x0%2C270x600&nras=2&correlator=891286276420&frm=20&pv=1&ga_vid=993446239.1679931960&ga_sid=1679931960&ga_hid=2084813799&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1706&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44777876%2C44759837%2C31073263&oid=2&psts=AHQMDFcoAsE9E146kDwWY-GVzVR9LY5COu38D4-t_XpkBrPdL6doLETmfUfO6qIPMJ_7ADEjkvB144CX9WT139_RLCfaZfJz&pvsid=4092948971483189&tmod=106170907&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=RZ0SfOnRAO&p=https%3A//mypaylogin.com&dtd=14

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0b9f4185fe4e69a4411aaa177edfd8ad3aae9c5887bc309b1d88bfdf7317fabb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mypaylogin.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 9158
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Mar 2023 15:46:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 58ms
56ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:46:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 27 Mar 2023 15:46:01 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 51ms
51ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=mypaylogin.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:46:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 52ms
51ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=mypaylogin.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:46:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/ Frame A280 10 KB
4 KB 40ms
39ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mypaylogin.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 73395
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Mar 2023 19:22:46 GMT
etag: 2378337311435320485
expires: Sun, 09 Apr 2023 19:22:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/ Frame D1BC 10 KB
4 KB 50ms
39ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mypaylogin.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 73396
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Mar 2023 19:22:46 GMT
etag: 2378337311435320485
expires: Sun, 09 Apr 2023 19:22:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/ Frame 0AE3 10 KB
4 KB 44ms
41ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mypaylogin.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 73396
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Mar 2023 19:22:46 GMT
etag: 2378337311435320485
expires: Sun, 09 Apr 2023 19:22:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/ Frame D218 10 KB
4 KB 43ms
41ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mypaylogin.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 73396
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Mar 2023 19:22:46 GMT
etag: 2378337311435320485
expires: Sun, 09 Apr 2023 19:22:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css2
fonts.googleapis.com/ Frame A280 4 KB
636 B 57ms
54ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 27 Mar 2023 15:46:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 27 Mar 2023 14:03:45 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 27 Mar 2023 15:46:02 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame A280 205 B
518 B 42ms
40ms Image
image/png 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 14:16:24 GMT
x-content-type-options: nosniff
age: 5378
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 26 Mar 2024 14:16:24 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame A280 604 B
694 B 43ms
41ms Image
image/png 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 14:05:36 GMT
x-content-type-options: nosniff
age: 6026
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 26 Mar 2024 14:05:36 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/elements/html/ Frame A280 20 KB
8 KB 41ms
39ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0102fdfbd0b06f4718e32f6586659557a6234c0111940c1fa3d697c42b067c1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 17:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81877
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8563
x-xss-protection: 0
server: cafe
etag: 3720302941478166528
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 09 Apr 2023 17:01:25 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame C684 13 KB
5 KB 44ms
41ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mypaylogin.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 7468
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 27 Mar 2023 13:41:34 GMT
expires: Tue, 26 Mar 2024 13:41:34 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 11FF 783 B
971 B 54ms
49ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

21b91880a6490f798cb5c43c7957d633e6bc82cf164bd2224efbae715d08d0cf

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-8kRpwHy6GvRkDUdUKdvlbw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mypaylogin.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-8kRpwHy6GvRkDUdUKdvlbw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 27 Mar 2023 15:46:02 GMT
expires: Mon, 27 Mar 2023 15:46:02 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 css
fonts.googleapis.com/ Frame D1BC 2 KB
535 B 50ms
49ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

582c2586c49819d9dfe5cb88653679a40bf930ca86f1dc01a4afd821a9eab97e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 27 Mar 2023 15:46:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 27 Mar 2023 14:09:38 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 27 Mar 2023 15:46:02 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame D1BC 2 KB
765 B 44ms
39ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84211
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 09 Apr 2023 16:22:31 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/ Frame D1BC 22 KB
9 KB 50ms
44ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78a0b7266f642f96b673c4065063dba46a80f651ff12352eb82aa877c23b9186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 16:24:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84116
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9109
x-xss-protection: 0
server: cafe
etag: 16040247357158217350
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 09 Apr 2023 16:24:06 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame D1BC 3 KB
1 KB 91ms
86ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 13:41:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7468
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 10 Apr 2023 13:41:34 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame D1BC 20 KB
8 KB 51ms
47ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84211
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 09 Apr 2023 16:22:31 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D1BC 158 KB
48 KB 56ms
51ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:46:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Mar 2023 15:46:02 GMT

GET
H2 200 23cf7cdae9f50ee7270380e7f4964b21.js Show response
www.gstatic.com/mysidia/ Frame D1BC 34 KB
14 KB 46ms
42ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/23cf7cdae9f50ee7270380e7f4964b21.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfb251ab625fc65ba9da3b27cc16fc25459480c929e6e8ff1efb2fa87fd72659

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 11:58:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 445651
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14432
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 21:58:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 20 Jun 2023 11:58:31 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 0AE3 6 KB
672 B 53ms
50ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 27 Mar 2023 15:46:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 27 Mar 2023 14:07:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 27 Mar 2023 15:46:02 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame 0AE3 2 KB
765 B 87ms
86ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84211
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 09 Apr 2023 16:22:31 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/ Frame 0AE3 22 KB
9 KB 49ms
49ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78a0b7266f642f96b673c4065063dba46a80f651ff12352eb82aa877c23b9186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 16:24:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84116
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9109
x-xss-protection: 0
server: cafe
etag: 16040247357158217350
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 09 Apr 2023 16:24:06 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame 0AE3 3 KB
1 KB 85ms
84ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 13:41:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7468
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 10 Apr 2023 13:41:34 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame 0AE3 20 KB
8 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84211
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 09 Apr 2023 16:22:31 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0AE3 158 KB
48 KB 98ms
98ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:46:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Mar 2023 15:46:02 GMT

GET
H2 200 23cf7cdae9f50ee7270380e7f4964b21.js Show response
www.gstatic.com/mysidia/ Frame 0AE3 34 KB
14 KB 48ms
48ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/23cf7cdae9f50ee7270380e7f4964b21.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfb251ab625fc65ba9da3b27cc16fc25459480c929e6e8ff1efb2fa87fd72659

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 11:58:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 445651
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14432
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 21:58:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 20 Jun 2023 11:58:31 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame D218 0
0 108ms
106ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C6r4lOLohZMuBCpKAtwezjYygDc716c5vrYes9b4Q5IOpqKEOEAEgiOqyHGCVwqaCsAegAZ2w7qEDyAECqQKtn_dC9RCyPqgDAcgDyQSqBOQBT9BgU_ldK1_JVgZy1XhGY1VgqWLRgODzkzJmeUXOGzdqU6BXhf5O4pOj46iFg4AWd6os2EDRstdbeCXw7UOLq9jQVYJOGOpRjp_vYf2ywg01Ro-ZyXfH5XALGvUiJc2e30sXZJTH09puFCzDG75Psv99Bsgll4JLIBGcRQ3jozsYyt9a6Hi5RGnTLELHaHqmPEx96HoLpXYR5fUbM-t758hQyxNFWRFjjo0qkvPKKxTPkiX-SU4shDMegtTFeDaD857HZePUzWI1yyKhFGYprC4j9bVIFeCvPLK9VwTfKr949QAIwATnzc6EngSSBQQIBBgBkgUECAUYBKAGAoAH9bSbXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEO_hKtIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMN0BUBgBcBshccChoIABIUcHViLTc1MDcxNzQzMzQzNzgxMDMYAA&sigh=4rAEhgcdV8o&uach_m=[UACH]&cid=CAQSGwDUE5ymwdSpjvxS7l3z2myrBGisA3pH5JFZZxgB

Requested by

Host: mypaylogin.com
URL: https://mypaylogin.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 27 Mar 2023 15:46:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/ Frame D218 22 KB
9 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78a0b7266f642f96b673c4065063dba46a80f651ff12352eb82aa877c23b9186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 16:24:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84116
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9109
x-xss-protection: 0
server: cafe
etag: 16040247357158217350
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 09 Apr 2023 16:24:06 GMT

GET
H3 200 332783578288202191
tpc.googlesyndication.com/simgad/ Frame D218 18 KB
18 KB 88ms
87ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/332783578288202191?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qmh3KLA9241rO6gPDbVmqJxd-VJdw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

297c8d4b044ed3cf15cf7708e5ef8e171c5154ac3282f84237e14bde6a471028

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:20 GMT
x-content-type-options: nosniff
age: 423642
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18164
x-xss-protection: 0
last-modified: Fri, 14 Oct 2022 12:50:11 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 21 Mar 2024 18:05:20 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame D218 3 KB
1 KB 76ms
75ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 13:41:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7468
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 10 Apr 2023 13:41:34 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame D218 20 KB
8 KB 66ms
64ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84211
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 09 Apr 2023 16:22:31 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D218 158 KB
48 KB 73ms
71ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:46:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Mar 2023 15:46:02 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame D218 34 KB
14 KB 76ms
75ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

15eaeb49112cb71de08a452c992fed4d87476508ede572843ab40ef34d254ebf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 16:59:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81984
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13832
x-xss-protection: 0
server: cafe
etag: 12056988738142335449
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 09 Apr 2023 16:59:38 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame D4FE 8 KB
895 B 50ms
50ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 27 Mar 2023 15:46:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 27 Mar 2023 14:11:10 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 27 Mar 2023 15:46:02 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame D4FE 2 KB
765 B 40ms
40ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84211
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 09 Apr 2023 16:22:31 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/ Frame D4FE 22 KB
9 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78a0b7266f642f96b673c4065063dba46a80f651ff12352eb82aa877c23b9186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 16:24:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84116
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9109
x-xss-protection: 0
server: cafe
etag: 16040247357158217350
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 09 Apr 2023 16:24:06 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame D4FE 3 KB
1 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 13:41:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7468
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 10 Apr 2023 13:41:34 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame D4FE 20 KB
8 KB 46ms
45ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84211
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 09 Apr 2023 16:22:31 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D4FE 158 KB
48 KB 72ms
70ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:46:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Mar 2023 15:46:02 GMT

GET
H3 200 23cf7cdae9f50ee7270380e7f4964b21.js Show response
www.gstatic.com/mysidia/ Frame D4FE 34 KB
14 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/23cf7cdae9f50ee7270380e7f4964b21.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfb251ab625fc65ba9da3b27cc16fc25459480c929e6e8ff1efb2fa87fd72659

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 11:58:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 445651
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14432
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 21:58:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 20 Jun 2023 11:58:31 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 11FF 0
0 75ms
73ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230322&jk=4092948971483189&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 200 3b1Q3-2ktxseIVt-HK-LDpEKRyl8KDIxhU6os0UJEUg.js Show response
pagead2.googlesyndication.com/bg/ Frame C684 36 KB
14 KB 41ms
39ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/3b1Q3-2ktxseIVt-HK-LDpEKRyl8KDIxhU6os0UJEUg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ddbd50dfeda4b71b1e215b7e1caf8b0e910a47297c283231854ea8b345091148

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 14:06:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5980
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14404
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 26 Mar 2024 14:06:22 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E13F 143 B
166 B 44ms
39ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2960
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Mar 2023 14:56:42 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame D218 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 13dfe4c5762ec7bfb4d41934c0f2b78cd73e86c38896e36b6431c1e2403ea7b8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame D1BC 41 KB
41 KB 184ms
82ms Image
image/jpeg 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcRAdVgmZcAWzP_L8v08sNvW7YYL-Rc1PhYhhiB94JH5f-4iEz0L1glnULk1hQ&usqp=CAI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3228192a6ddce5b0d6ad2ef149a07d539a7a7fba51f70505e02481c4ebbcd8bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:14 GMT
x-content-type-options: nosniff
age: 423648
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41521
x-xss-protection: 0
last-modified: Sun, 26 Jun 2022 05:03:05 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 21 Mar 2024 18:05:14 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame D1BC 27 KB
27 KB 141ms
40ms Image
image/jpeg 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcTp5d0lVSMkssQyFc3DJCg5j3ufU-ghE-su5bw5L0I3sIBJXrVTkbAqfXZGjA&usqp=CAI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ffac4300a08fe98e9ec7fbcdf0088a4289ffa784f63a4b751a7de477459935b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 09:00:10 GMT
x-content-type-options: nosniff
age: 24352
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27541
x-xss-protection: 0
last-modified: Sat, 28 Jan 2023 10:03:41 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Tue, 26 Mar 2024 09:00:10 GMT

GET
H3

200

2401371329490837093
tpc.googlesyndication.com/simgad/ Frame D1BC
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKD34sLimAEQgAkYgQkyCLhTVvxEnQYN
https://tpc.googlesyndication.com/simgad/2401371329490837093

98 KB
98 KB

42ms
41ms

Image
image/jpeg

2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2401371329490837093

Protocol

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

270be58b040d0b59d87a4deea0ca09e1b49916b84858005cd3e3e1f2d302ba32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 18:05:11 GMT
x-content-type-options: nosniff
age: 423651
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100649
x-xss-protection: 0
last-modified: Wed, 05 May 2021 19:23:23 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 21 Mar 2024 18:05:11 GMT

Redirect headers

date: Sun, 26 Mar 2023 19:22:25 GMT
x-content-type-options: nosniff
server: cafe
age: 73417
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/2401371329490837093
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 25 Apr 2023 19:22:25 GMT

GET
DATA 200
OK truncated
/ Frame D1BC 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cafd152a359f2852ba26ac3075a4fc8266a7109b836df360779ddd506f978e4c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 3b1Q3-2ktxseIVt-HK-LDpEKRyl8KDIxhU6os0UJEUg.js Show response
pagead2.googlesyndication.com/bg/ Frame D844 36 KB
14 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/3b1Q3-2ktxseIVt-HK-LDpEKRyl8KDIxhU6os0UJEUg.js

Requested by

Host: mypaylogin.com
URL: https://mypaylogin.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ddbd50dfeda4b71b1e215b7e1caf8b0e910a47297c283231854ea8b345091148

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 14:06:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5980
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14404
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 26 Mar 2024 14:06:22 GMT

GET
H2

200

view_pixel_1x1.gif
secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/ Frame D1BC
Redirect Chain

https://www.ebayadservices.com/marketingtracking/v1/ar?mkrid=707-163300-122643-2&mkcid=4&mkevt=2&mpt=2317145035&gdpr=&gdpr_consent=&siteid=77&adtype=0&size=1x1&ipn=admain2&placement=551583
https://secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/view_pixel_1x1.gif

43 B
602 B

184ms
45ms

Image
image/gif

23.206.209.4
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/view_pixel_1x1.gif

Protocol

Server

23.206.209.4 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-206-209-4.deploy.static.akamaitechnologies.com

Software

ebay server /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

suppress-x-frame-options: true
content-encoding: gzip
x-content-type-options: nosniff
x-cache-lookup: HIT from include-cache-1:80
x-cdn: AKAMAI
date: Mon, 27 Mar 2023 15:46:03 GMT
akamai-grn: , , , , , , , , 0.dcd5ce17.1679931963.41d2179e
strict-transport-security: max-age=31536000
content-length: 57
x-xss-protection: 1; mode=block
server: ebay server
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
rlogid: t6q%60uebwh%3D9vjdq%60uebwh*q1kmm%28rbpv6775-18441b1dd77-0xe3
access-control-allow-headers: *
expires: Tue, 26 Mar 2024 15:46:03 GMT

Redirect headers

date: Mon, 27 Mar 2023 15:46:01 GMT
strict-transport-security: max-age=31536000
accept-ch: sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-ua-full-version
server: ebay-proxy-server
x-ebay-pop-id: SLBLVSAZ01
content-type: image/gif
location: https://secureir.ebaystatic.com/cr/mscdn/64e017fc0bf98153dd694dc97d24a1ac/view_pixel_1x1.gif
cache-control: private,no-cache,no-store
x-envoy-upstream-service-time: 34
rlogid: t6baubqsodf%3F%3Cumjgcp%60tqjfc*4t%3Fpn%28rbpv67%3A1-18723bf75ca-0x2338
content-length: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame D1BC 0
19 B 84ms
84ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CvUujOLohZMmBCpKAtwezjYygDZmR5slv5PuE3IQP3f6fpoAYEAEgiOqyHGCVwqaCsAegAZbGm_4DyAEJqQKtn_dC9RCyPqgDAcgDywSqBOEBT9CN69IZ9rZgefpuuM78O5aJqCwcKYAD-MniGYa7-UYJgAVt0hym2d8zmStKWSE9e0Qwa1jONYag3Z5IAEzdue7_vVwInHH9kW1d_rxGtnv8fprxmgHL-vwPOZ83wqPByF4CecIYoyBU73kYidMl9iAlSg490-w16C9c0WGaIsVH660-cYjOlTp3c9ee4VxYHw9ap6RiRwP7LGAcQh0gbVqVlLsrQjIJQkTed54FNyFN50TO9qHpRzNBgVB0WCoEJh_RtmWeYzfcceeTrFQFsM8uruftoKD_EU2OJME10jbhwASSyK725QOSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAH-_uyPqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB6a-G9gHAPIHBBDG2xPSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTC4gUA9AVAZgWAYAXAbIXHAoaCAASFHB1Yi03NTA3MTc0MzM0Mzc4MTAzGAA&sigh=WIHaUBb1LX4&uach_m=[UACH]&cid=CAQSGwDUE5ymwdSpjvxS7l3z2myrBGisA3pH5JFZZxgB&template_id=494&vis=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 27 Mar 2023 15:46:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 2076313506083323656
tpc.googlesyndication.com/simgad/2714303006361358567/ Frame 0AE3 10 KB
10 KB 42ms
41ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2714303006361358567/2076313506083323656

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78dfac590a35c773bb440d7f8de51c99e70c96c49a80be701bc565960e6fa864

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 12:33:06 GMT
x-content-type-options: nosniff
age: 97976
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9781
x-xss-protection: 0
last-modified: Fri, 18 Mar 2022 14:03:46 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 25 Mar 2024 12:33:06 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/12170484971983623987/ Frame 0AE3 731 B
759 B 40ms
40ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12170484971983623987/14763004658117789537?w=100&h=100

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ab1c76ab8274b4157c52806e2d528a2ebf947fbec10f83b3a3b28911ebadc9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 22 Mar 2023 10:06:25 GMT
x-content-type-options: nosniff
age: 452377
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 731
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 01:23:49 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 21 Mar 2024 10:06:25 GMT

GET
DATA 200
OK truncated
/ Frame 0AE3 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 0AE3 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f5028e642669082c7ef64151825c01dbbae8649947fec407bfd6521d9371536d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 3b1Q3-2ktxseIVt-HK-LDpEKRyl8KDIxhU6os0UJEUg.js Show response
pagead2.googlesyndication.com/bg/ Frame 2CEC 36 KB
14 KB 48ms
32ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/3b1Q3-2ktxseIVt-HK-LDpEKRyl8KDIxhU6os0UJEUg.js

Requested by

Host: mypaylogin.com
URL: https://mypaylogin.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ddbd50dfeda4b71b1e215b7e1caf8b0e910a47297c283231854ea8b345091148

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 14:06:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5980
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14404
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 26 Mar 2024 14:06:22 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E13F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

58ms
58ms

Document
text/html

2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Mar 2023 15:46:02 GMT
expires: Mon, 27 Mar 2023 15:46:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Mar 2023 15:46:02 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 3b1Q3-2ktxseIVt-HK-LDpEKRyl8KDIxhU6os0UJEUg.js Show response
pagead2.googlesyndication.com/bg/ Frame 0A60 36 KB
14 KB 41ms
39ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/3b1Q3-2ktxseIVt-HK-LDpEKRyl8KDIxhU6os0UJEUg.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ddbd50dfeda4b71b1e215b7e1caf8b0e910a47297c283231854ea8b345091148

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 14:06:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5980
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14404
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 26 Mar 2024 14:06:22 GMT

GET
H3 200 3b1Q3-2ktxseIVt-HK-LDpEKRyl8KDIxhU6os0UJEUg.js Show response
pagead2.googlesyndication.com/bg/ Frame 3DD8 36 KB
14 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/3b1Q3-2ktxseIVt-HK-LDpEKRyl8KDIxhU6os0UJEUg.js

Requested by

Host: mypaylogin.com
URL: https://mypaylogin.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ddbd50dfeda4b71b1e215b7e1caf8b0e910a47297c283231854ea8b345091148

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 14:06:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5980
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14404
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 26 Mar 2024 14:06:22 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0AE3 0
19 B 84ms
83ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CadglOLohZMqBCpKAtwezjYygDcjHu7ZvrL3g668RjeKS_oApEAEgiOqyHGCVwqaCsAegAaK0qL8DyAEJqAMByAPLBKoE4QFP0Ia7sIuZ4lGzMcyKulF5HQ9AYkvgTP8uC5T8cv6-uGRflzodr6YVeeNJZrHU_iaI5y9fx2L7VYNhRsBcsxR9RggKywrPWjX_jsFdXWuvINRGmcaSXqLvCAWztA59-VaKOynfN4420baHMrRX3GxC_Vj7oKQ0dCvLh5oBV-WAgkmN3dC4xOK6UAqVjstWX0ICVqvZphgm0e6xhvQjUSpeIGgcD6FXf6PYNb4kCxHa7DTIa0IKV9mtQqIw_p1r38M8x82mrzhn0KDToDR8wtCsLvIRT0IQLMuwcuC7pQCpXxvABIjv84iWBJIFBAgEGAGSBQQIBRgEoAYugAfGy9dAqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQ8fgI0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwG4E-QD2BMM0BUBmBYBgBcBshccChoIABIUcHViLTc1MDcxNzQzMzQzNzgxMDMYAA&sigh=d5D-fh6qayM&uach_m=[UACH]&cid=CAQSGwDUE5ymwdSpjvxS7l3z2myrBGisA3pH5JFZZxgB&template_id=484&vis=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 27 Mar 2023 15:46:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame C684 0
11 B 39ms
39ms Image
text/plain 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?DdXpjQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:46:02 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 03CB 624 B
245 B 84ms
82ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYxo39xAEwAQ&v=APEucNXfuqxNP_i8kdD82M7dLYjLueTxYvl8FyMJbt41M4CcdCf3TPTR9Mq4B_MRWpCfsr3LsKSOLbc1kDdVDmsIT085l4nEN5_IGztvUFZB3kapKPe3p9VYl-px7zvSvmPosL5IxYlQ9kSMVkoVVjFfNp5zG1zlAdM3PPENX4tqaWsvciwWc8w

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7507174334378103&output=html&h=90&adk=3070604948&adf=871259380&pi=t.aa~a.2191923801~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1679931961&rafmt=1&to=qs&pwprc=5353064814&format=1200x90&url=https%3A%2F%2Fmypaylogin.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679931961870&bpp=1&bdt=3726&idt=1&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6d0e545c959a423d-22873c7f70dd006b%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_MatgFuSzkmw3WLN4t40liIBx6NVmA&gpic=UID%3D00000bccd2f6c6ae%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_Mbkhwy2NP86M-hFLgja46tZGDb4RA&prev_fmts=0x0%2C270x600&nras=2&correlator=891286276420&frm=20&pv=1&ga_vid=993446239.1679931960&ga_sid=1679931960&ga_hid=2084813799&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1706&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44777876%2C44759837%2C31073263&oid=2&psts=AHQMDFcoAsE9E146kDwWY-GVzVR9LY5COu38D4-t_XpkBrPdL6doLETmfUfO6qIPMJ_7ADEjkvB144CX9WT139_RLCfaZfJz&pvsid=4092948971483189&tmod=106170907&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=RZ0SfOnRAO&p=https%3A//mypaylogin.com&dtd=14

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7507174334378103&output=html&h=90&adk=3070604948&adf=871259380&pi=t.aa~a.2191923801~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1679931961&rafmt=1&to=qs&pwprc=5353064814&format=1200x90&url=https%3A%2F%2Fmypaylogin.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679931961870&bpp=1&bdt=3726&idt=1&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6d0e545c959a423d-22873c7f70dd006b%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_MatgFuSzkmw3WLN4t40liIBx6NVmA&gpic=UID%3D00000bccd2f6c6ae%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_Mbkhwy2NP86M-hFLgja46tZGDb4RA&prev_fmts=0x0%2C270x600&nras=2&correlator=891286276420&frm=20&pv=1&ga_vid=993446239.1679931960&ga_sid=1679931960&ga_hid=2084813799&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1706&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44777876%2C44759837%2C31073263&oid=2&psts=AHQMDFcoAsE9E146kDwWY-GVzVR9LY5COu38D4-t_XpkBrPdL6doLETmfUfO6qIPMJ_7ADEjkvB144CX9WT139_RLCfaZfJz&pvsid=4092948971483189&tmod=106170907&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=RZ0SfOnRAO&p=https%3A//mypaylogin.com&dtd=14
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Mar 2023 15:46:02 GMT
expires: Mon, 27 Mar 2023 15:46:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 96CF 78 KB
27 KB 119ms
118ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:46:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28043
x-xss-protection: 0
server: cafe
etag: 15270303690107644053
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 27 Mar 2023 15:46:02 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame 96CF 3 KB
1 KB 42ms
40ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 13:41:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7468
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 10 Apr 2023 13:41:34 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/ Frame 96CF 20 KB
8 KB 45ms
43ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230322/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 16:22:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84211
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8627
x-xss-protection: 0
server: cafe
etag: 8620137988422272387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 09 Apr 2023 16:22:31 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 96CF 0
0 51ms
49ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQgCX1Ze2HZi4F6m-WuBak_XNK__L6vGFWfsZZUJJRz9Qh8knGW4eXIEidVEyx-B7h4WeND1EPWqsIkeUQBGVneS2FZ-A
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7507174334378103&output=html&h=90&adk=3070604948&adf=871259380&pi=t.aa~a.2191923801~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1679931961&rafmt=1&to=qs&pwprc=5353064814&format=1200x90&url=https%3A%2F%2Fmypaylogin.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679931961870&bpp=1&bdt=3726&idt=1&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6d0e545c959a423d-22873c7f70dd006b%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_MatgFuSzkmw3WLN4t40liIBx6NVmA&gpic=UID%3D00000bccd2f6c6ae%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_Mbkhwy2NP86M-hFLgja46tZGDb4RA&prev_fmts=0x0%2C270x600&nras=2&correlator=891286276420&frm=20&pv=1&ga_vid=993446239.1679931960&ga_sid=1679931960&ga_hid=2084813799&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1706&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44777876%2C44759837%2C31073263&oid=2&psts=AHQMDFcoAsE9E146kDwWY-GVzVR9LY5COu38D4-t_XpkBrPdL6doLETmfUfO6qIPMJ_7ADEjkvB144CX9WT139_RLCfaZfJz&pvsid=4092948971483189&tmod=106170907&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=RZ0SfOnRAO&p=https%3A//mypaylogin.com&dtd=14
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 96CF 158 KB
48 KB 61ms
59ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:46:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49540
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1679493709445325"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Mar 2023 15:46:02 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 96CF 42 B
63 B 76ms
74ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Cdz6iAD8_ozOA1k5TPpa70BSQyMzXeFW34otzU32yM-xLCHaMCl6H6Gky1UMs9SkNN5WBroh4LoU3r1Anb0v2tOJUJDCP-x1KSW7favNYSNFrVs0o

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 96CF 0
20 B 76ms
74ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=10494817366352849302&x=1&ct=76

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 03CB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOS-awmG1_CHAudKEip431s&google_cver=1

43 B
632 B

118ms
40ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOS-awmG1_CHAudKEip431s&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYxo39xAEwAQ&v=APEucNXfuqxNP_i8kdD82M7dLYjLueTxYvl8FyMJbt41M4CcdCf3TPTR9Mq4B_MRWpCfsr3LsKSOLbc1kDdVDmsIT085l4nEN5_IGztvUFZB3kapKPe3p9VYl-px7zvSvmPosL5IxYlQ9kSMVkoVVjFfNp5zG1zlAdM3PPENX4tqaWsvciwWc8w
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 27 Mar 2023 15:46:02 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOS-awmG1_CHAudKEip431s&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 03CB
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZCG6OLAjfDhas.U3qTtOKQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOS-awmG1_CHAudKEip431s&google_cver=1&google_hm=2

43 B
632 B

41ms
41ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOS-awmG1_CHAudKEip431s&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYxo39xAEwAQ&v=APEucNXfuqxNP_i8kdD82M7dLYjLueTxYvl8FyMJbt41M4CcdCf3TPTR9Mq4B_MRWpCfsr3LsKSOLbc1kDdVDmsIT085l4nEN5_IGztvUFZB3kapKPe3p9VYl-px7zvSvmPosL5IxYlQ9kSMVkoVVjFfNp5zG1zlAdM3PPENX4tqaWsvciwWc8w
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 27 Mar 2023 15:46:03 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOS-awmG1_CHAudKEip431s&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 03CB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOFOUbDYjGC-LtNhvFfDfwI&google_cver=1

43 B
1 KB

195ms
106ms

Image
image/gif

185.89.210.180
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEOFOUbDYjGC-LtNhvFfDfwI&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYxo39xAEwAQ&v=APEucNXfuqxNP_i8kdD82M7dLYjLueTxYvl8FyMJbt41M4CcdCf3TPTR9Mq4B_MRWpCfsr3LsKSOLbc1kDdVDmsIT085l4nEN5_IGztvUFZB3kapKPe3p9VYl-px7zvSvmPosL5IxYlQ9kSMVkoVVjFfNp5zG1zlAdM3PPENX4tqaWsvciwWc8w

Protocol

HTTP/1.1

Server

185.89.210.180 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 27 Mar 2023 15:46:03 GMT
AN-X-Request-Uuid: c68ef2ea-83c1-4018-9224-ab0768eae42f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.7.106; 80.255.7.106; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:02 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEOFOUbDYjGC-LtNhvFfDfwI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 03CB
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQzODk5OTA2NDUyNDc4MDQ1NQ%3D%3D

170 B
188 B

53ms
52ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQzODk5OTA2NDUyNDc4MDQ1NQ%3D%3D

Requested by

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 27 Mar 2023 15:46:02 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.7.106; 80.255.7.106; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: d3567d22-0b7b-470e-9ab3-5b3698a0fe80
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQzODk5OTA2NDUyNDc4MDQ1NQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 96CF 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=614791136613&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 96CF 0
20 B 74ms
74ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=614791136613&version=m202301230201&ct=76&x=1&cor=10494817366352849000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 96CF 95 KB
38 KB 81ms
80ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DXjNCpyIuBdr4Arl1_59Yq1wm58Vt2FQ5HvlibQJfQ8D9ZcRjJzrM8p5ronbfX_XRcd_lF3rOf2AbUcJPi2ahNk-NvG5S9_rt5HkP5ujLYpoWeO0gBvZf5hoEz8r0jNgK8BUUJkE2654yWbRH1wfgi8kij8L4sk3TkuHVZKt44pk6obVU&dbm_d=AKAmf-AiBEZi9IPraPLlYUYjDLr0VtCWFo0o35g_gkkwu6q0zOZpxcwhh9UcT5nsSHe7ecgJOVnVag8EShMQm4nxz9L2cl0PBM1cX2Fw6PfQcRdLLZJg_1EOrPZNanQj-xWw7VCQH9mHMtSpLCxb_qhuhgjmmpjTOGBzFOQ-2WJqj5Dx6dXIy-Cb4w2WX_btparPSFVJxR-bAdn7Uh97-abGzbcMjx0K6DJhcjSmnULDkFTjs5PvE08nd_cVMpQ6cgxXxSIfDShp2xuXfxl3YUtxu5ln3FYC8HMAr3Wp3QH7RFHjs7dsXkrTqSip00ngj5MKB2vkw73mXqgA7KmWCuiinj5SDxVQ-cwN8CkZiPgWGFzPAUMkwnGaOvn1IxPJolE0crtvHE35asvVPMYpvkVdToMF2R0SR70-MQjFOk_YKQcAhtAXjEw6xxhkW1UxIaxYeEy3x4CGZcMGU70sPJ3OcKYN2XtjBO3vaOsYEVTmU7hu1XJ73tse70nYwi9vamI9tLicPynNlkf3c-Lq7MUbm5SE2OERr3ttKErixZtt9tHxGcpBQXyKxPvPjzW0x8No045U6k6V4mYUwUYyd9saEDCSvtP8evO9XgwjaxuEv1p-m-j2qUdZ2t5kEL-FRoSFiAQaVov235tvcISTkQuEwt5LUMrfB4_WdYhraj2pQjkJ9S0Qkif4StuP3yYKivDq-3X5du2L2bHxgqU-GZuZXP5PrCTu7jcvLQox10wuLVWKuj_CDjzsijtNEUs71Ke4BfRjHrSzjhsDoCK5apZuDg2uhpAr6hLzgAEmEHiSyPPHURTPgKTqs-HQUbtUaCmcSrkfRZ6f46V6Ye8njGaYkA5_rXLaz0z9hHgOwGmgifNT_rN9QLJCAs4KgB3Eq9u4jfY18BkJCcuV_HO8b1IdD1JZ3b41mQl0iimGA2lqYlZkRzLpO6LdMIJr3QHAGo2gq7iq1DGM2G01ONgxhOBaLpFp-PL2mt7-fo132tnmJgbPqLHNb0eO6RRb0YhGK9krXk849u3Ys3apfNIIILwQi4qFaN3glwNO-8odw_GAwrucTRK9A2yhaJukiRIwqSLFHZBVts6LBUyk1oCygluBl_ekH_l5exknssqV9XkSBSnWo1WsYgDcHb_S_qI9iHf0ss9VfSuoCY77o8WPsAeZUcX65AFzPP1W1ObfvQ2aDBHnfAR6Txa9Z0ESzwqg7IV5TUiuLm1kbiIa3nVW0EW_z6ZuNlMLhLZhd1jHoJwYcDr9q-U_V7LBdHVudP1qVHjsDlfPX9uADawLCFtkR8U31SZ52pWWwOTOnG9lLKO_IK4N7kG3IAR_4wMQJmdf6vgU-FUbxszzVTiHm3M7b2MgVlRZwMZfbg8QfJmMHrULEoxc8XD_GYRkTz14IEIHdjpA221AdgAIfA_LARiEwPfE9RaMmOCMWAzl68D-tP3ScPE5xqVZnzc03-SomZm2Jab5VUEvj8CfNGFYxPJMR2dMX3V9i-7oQM8JEeYl2ruRP6pZXDM0ROpYCQLCxBO3QUh3K7CMAluMqQ85f7DsLdR_ql4X1_J7_TPBo-OmeZGZvLCzsi0vAyNO-PRL68Q306eSyuH0-Nv3jIUg3Snbkx1eS9zoTfsJWXm3YBg3r1MwBDhnehjr3a62j-QkTewmh8lWe7PZl_vaDThNXuyd3OmCI3lERDhubwkbosy2V0W8n8tIhMtAf_h-wg8cRoGFdZ8HnVSwRYhyDo1m8QUq0qybBCDcrHAT1Jb3eGOWhKWWJpn8dtKT22R9WFw3llWFcAuGlYmSN059t7zD0M2CTYq42tx2hvEVo7oPqNjjMbHnZbjzZnR7F0eG0C2YA4-7oqLqAU7BVtHG_h6RpEXL2e2oYmPvpmUYcXiScwwfFXqCq4JtjVwQwpiRdPDxz6CQWAFI4Whn-Pr_R0VuB50u5G6aNfN2OQ6UrxR5ZHjInV3EMtkBSlz4pVXH5uR2Mj1bN-2ZXTzfXoq6j3M-eFbvzrUd3FAG9N6ETt8W7VlO8RdpXXC3_rTXgkFF0sgVru7uaNAYcbNReZkLR4hVtMpqQ-rMD-GfuYB58fKy72uCXix-QSkwKUxYPfKGfSLBUcCR4lDGg-ecOaFauAPYCeVrvu7RT7BJvAb_x-uOODcFvS-Vw4JzdqOA_xN8PqrdlaOgzEpnEzikeiJe6i-bsLi0yRra_WXNRm8SkhaxoN5_PqXt_LPB7MknBMt0FR8HnbYG4MAoZINMkdIa7BnKa_iofb_3b2jgVftxCN9vPDanUlOZRGbrC0RNOlNd1xXbvTynUb445wVwYyxhIUiaqDM2hgXV0JBLddMB9f1vO1YdKfqlmNaHU2j4gSgVmUrCR-ed-9bpOKi_SWXpixUkgcHYvbSqq4SllYrKRiB5TJoAZY2SBrKgY1D8DFdUyZhAIXExaaUlNv4iqEXosHP-72HlDM9GHsEYdrug1FXerlwzuoIrBtu1Czov3MIFpq-mmGYvp0bx_vAW5VnQpZztR_3W3N_5Cp1pAeowfZ4j80Lg0NOXlL9Yhgf1ndbo6qe8uxyfIKVCy1TlByxZL2WBHlkGr1ZBG0hVGFZHyMQFeA8NyLc9a4AXpM8sKIKRM3505gUK4SdVdr4HM3WwQtksmJr5KQz7kIUv_jrXnr8EHr67nweUzRPHkcbpbH6rqWD_rbx9_Z1x_P-Iyh2MapoLWT-jrPzHnFPc_6xV4UNuxMH0Be7CfnM_bHhWdiUARe0xiuEHNxdkY0GJyOCDHPu2OUGUBqFKIjugh92txlSUenKSmuG2497gY2o9jwkEcPf10dGiqMCOh53ytcTIiRzPrno5OpMQlnpQLuORXyzB00aakUxhANjECzgPQbZSHjHJethxH0LRViGJSOOZPgvwJDbgHfsZfEq47OvHa72ltMQ3Y2nmrDqQ15qOA9YIVekvvvZ8hCXpKgfurSkbbSggUHctDD0rNULogmg_e7t1qZ8BvEhg_v816b2r3fGbMoWSreg-Pjqucf-NQseunTuC_tVoQf1NupEVG7bB3wYxjEVFsiTwNSzXPpW4T-KiBuZrJFomUVOM9LvXSekpj2Gn9tsXfetzSfTzQ60ZKZGeef1qL7WAPpKJGIiToCxpXzNukOJEPPUw4v3dFt399EDZV_4VNrdGJ1xB4BMsUr0trJeOR-nXwKA783KDBykiIxHljSfNbpc-aQoaI3XK2R0HW630fhFVyRq0KjePP9uufftVOpzFp55DV22LWEaZnFnxaBniy16W_1V7cFcYTDCD6u9KgYx6O0iA_zlqRaTdzEnjq1VEUmc8l1NqtmVzIyjpEE_9uHqOyi0JtbFT8j-vfw27Tuz1DhPS6awWzk3alWDt3VAHr4vIiSEa0FV4I5S9DaZzvX7plLJxa-9xlkYkq2qnFnAbB0cuZZddExJhkk0Ru9a9IO7bwGwQ0iUBMQjHR92eWXQH_i1Tka68hfM1kUXX1KA6u6mE-eJvXg&cid=CAQSOwDUE5ymMgL3SyAG77EttRdV5qEjuxnWsgXONrZzUoizNp-FAjV68c4xgtfqNtyiqup4X4p9n0FpecL6GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fmypaylogin.com%2F&ds=l&xdt=1&iif=1&cor=10494817366352849000&adk=497053795&idt=126&cac=0&dtd=7

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e6b4a9a6b3e079556c8bdf74e202171b678dc2918a82ba85aa1963fefe9270c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7507174334378103&output=html&h=90&adk=3070604948&adf=871259380&pi=t.aa~a.2191923801~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1679931961&rafmt=1&to=qs&pwprc=5353064814&format=1200x90&url=https%3A%2F%2Fmypaylogin.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679931961870&bpp=1&bdt=3726&idt=1&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6d0e545c959a423d-22873c7f70dd006b%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_MatgFuSzkmw3WLN4t40liIBx6NVmA&gpic=UID%3D00000bccd2f6c6ae%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_Mbkhwy2NP86M-hFLgja46tZGDb4RA&prev_fmts=0x0%2C270x600&nras=2&correlator=891286276420&frm=20&pv=1&ga_vid=993446239.1679931960&ga_sid=1679931960&ga_hid=2084813799&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1706&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44777876%2C44759837%2C31073263&oid=2&psts=AHQMDFcoAsE9E146kDwWY-GVzVR9LY5COu38D4-t_XpkBrPdL6doLETmfUfO6qIPMJ_7ADEjkvB144CX9WT139_RLCfaZfJz&pvsid=4092948971483189&tmod=106170907&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=RZ0SfOnRAO&p=https%3A//mypaylogin.com&dtd=14
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38434
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/987057/61527017/ Frame 96CF 243 KB
73 KB 222ms
58ms Script
application/javascript 34.246.96.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/987057/61527017/skeleton.js?ias_dspID=3&ias_campId=1010147415&ias_pubId=pub-7507174334378103&ias_chanId=1&ias_placementId=19422216621&bidurl=https://mypaylogin.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0gSQZ6aWch2Kn1aDBth-9Ku
Requested by: Host: mypaylogin.com
URL: https://mypaylogin.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.246.96.48 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-246-96-48.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: b11ec8adfcedb47bccc531a804083f5959eab0c4db3f093eca2637d41e59f15e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:03 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 96CF 106 KB
37 KB 128ms
40ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: mypaylogin.com
URL: https://mypaylogin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 18:05:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 78052
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Mar 2023 18:05:11 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230322/r20110914/elements/html/ Frame 96CF 11 KB
4 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230322/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DXjNCpyIuBdr4Arl1_59Yq1wm58Vt2FQ5HvlibQJfQ8D9ZcRjJzrM8p5ronbfX_XRcd_lF3rOf2AbUcJPi2ahNk-NvG5S9_rt5HkP5ujLYpoWeO0gBvZf5hoEz8r0jNgK8BUUJkE2654yWbRH1wfgi8kij8L4sk3TkuHVZKt44pk6obVU&dbm_d=AKAmf-AiBEZi9IPraPLlYUYjDLr0VtCWFo0o35g_gkkwu6q0zOZpxcwhh9UcT5nsSHe7ecgJOVnVag8EShMQm4nxz9L2cl0PBM1cX2Fw6PfQcRdLLZJg_1EOrPZNanQj-xWw7VCQH9mHMtSpLCxb_qhuhgjmmpjTOGBzFOQ-2WJqj5Dx6dXIy-Cb4w2WX_btparPSFVJxR-bAdn7Uh97-abGzbcMjx0K6DJhcjSmnULDkFTjs5PvE08nd_cVMpQ6cgxXxSIfDShp2xuXfxl3YUtxu5ln3FYC8HMAr3Wp3QH7RFHjs7dsXkrTqSip00ngj5MKB2vkw73mXqgA7KmWCuiinj5SDxVQ-cwN8CkZiPgWGFzPAUMkwnGaOvn1IxPJolE0crtvHE35asvVPMYpvkVdToMF2R0SR70-MQjFOk_YKQcAhtAXjEw6xxhkW1UxIaxYeEy3x4CGZcMGU70sPJ3OcKYN2XtjBO3vaOsYEVTmU7hu1XJ73tse70nYwi9vamI9tLicPynNlkf3c-Lq7MUbm5SE2OERr3ttKErixZtt9tHxGcpBQXyKxPvPjzW0x8No045U6k6V4mYUwUYyd9saEDCSvtP8evO9XgwjaxuEv1p-m-j2qUdZ2t5kEL-FRoSFiAQaVov235tvcISTkQuEwt5LUMrfB4_WdYhraj2pQjkJ9S0Qkif4StuP3yYKivDq-3X5du2L2bHxgqU-GZuZXP5PrCTu7jcvLQox10wuLVWKuj_CDjzsijtNEUs71Ke4BfRjHrSzjhsDoCK5apZuDg2uhpAr6hLzgAEmEHiSyPPHURTPgKTqs-HQUbtUaCmcSrkfRZ6f46V6Ye8njGaYkA5_rXLaz0z9hHgOwGmgifNT_rN9QLJCAs4KgB3Eq9u4jfY18BkJCcuV_HO8b1IdD1JZ3b41mQl0iimGA2lqYlZkRzLpO6LdMIJr3QHAGo2gq7iq1DGM2G01ONgxhOBaLpFp-PL2mt7-fo132tnmJgbPqLHNb0eO6RRb0YhGK9krXk849u3Ys3apfNIIILwQi4qFaN3glwNO-8odw_GAwrucTRK9A2yhaJukiRIwqSLFHZBVts6LBUyk1oCygluBl_ekH_l5exknssqV9XkSBSnWo1WsYgDcHb_S_qI9iHf0ss9VfSuoCY77o8WPsAeZUcX65AFzPP1W1ObfvQ2aDBHnfAR6Txa9Z0ESzwqg7IV5TUiuLm1kbiIa3nVW0EW_z6ZuNlMLhLZhd1jHoJwYcDr9q-U_V7LBdHVudP1qVHjsDlfPX9uADawLCFtkR8U31SZ52pWWwOTOnG9lLKO_IK4N7kG3IAR_4wMQJmdf6vgU-FUbxszzVTiHm3M7b2MgVlRZwMZfbg8QfJmMHrULEoxc8XD_GYRkTz14IEIHdjpA221AdgAIfA_LARiEwPfE9RaMmOCMWAzl68D-tP3ScPE5xqVZnzc03-SomZm2Jab5VUEvj8CfNGFYxPJMR2dMX3V9i-7oQM8JEeYl2ruRP6pZXDM0ROpYCQLCxBO3QUh3K7CMAluMqQ85f7DsLdR_ql4X1_J7_TPBo-OmeZGZvLCzsi0vAyNO-PRL68Q306eSyuH0-Nv3jIUg3Snbkx1eS9zoTfsJWXm3YBg3r1MwBDhnehjr3a62j-QkTewmh8lWe7PZl_vaDThNXuyd3OmCI3lERDhubwkbosy2V0W8n8tIhMtAf_h-wg8cRoGFdZ8HnVSwRYhyDo1m8QUq0qybBCDcrHAT1Jb3eGOWhKWWJpn8dtKT22R9WFw3llWFcAuGlYmSN059t7zD0M2CTYq42tx2hvEVo7oPqNjjMbHnZbjzZnR7F0eG0C2YA4-7oqLqAU7BVtHG_h6RpEXL2e2oYmPvpmUYcXiScwwfFXqCq4JtjVwQwpiRdPDxz6CQWAFI4Whn-Pr_R0VuB50u5G6aNfN2OQ6UrxR5ZHjInV3EMtkBSlz4pVXH5uR2Mj1bN-2ZXTzfXoq6j3M-eFbvzrUd3FAG9N6ETt8W7VlO8RdpXXC3_rTXgkFF0sgVru7uaNAYcbNReZkLR4hVtMpqQ-rMD-GfuYB58fKy72uCXix-QSkwKUxYPfKGfSLBUcCR4lDGg-ecOaFauAPYCeVrvu7RT7BJvAb_x-uOODcFvS-Vw4JzdqOA_xN8PqrdlaOgzEpnEzikeiJe6i-bsLi0yRra_WXNRm8SkhaxoN5_PqXt_LPB7MknBMt0FR8HnbYG4MAoZINMkdIa7BnKa_iofb_3b2jgVftxCN9vPDanUlOZRGbrC0RNOlNd1xXbvTynUb445wVwYyxhIUiaqDM2hgXV0JBLddMB9f1vO1YdKfqlmNaHU2j4gSgVmUrCR-ed-9bpOKi_SWXpixUkgcHYvbSqq4SllYrKRiB5TJoAZY2SBrKgY1D8DFdUyZhAIXExaaUlNv4iqEXosHP-72HlDM9GHsEYdrug1FXerlwzuoIrBtu1Czov3MIFpq-mmGYvp0bx_vAW5VnQpZztR_3W3N_5Cp1pAeowfZ4j80Lg0NOXlL9Yhgf1ndbo6qe8uxyfIKVCy1TlByxZL2WBHlkGr1ZBG0hVGFZHyMQFeA8NyLc9a4AXpM8sKIKRM3505gUK4SdVdr4HM3WwQtksmJr5KQz7kIUv_jrXnr8EHr67nweUzRPHkcbpbH6rqWD_rbx9_Z1x_P-Iyh2MapoLWT-jrPzHnFPc_6xV4UNuxMH0Be7CfnM_bHhWdiUARe0xiuEHNxdkY0GJyOCDHPu2OUGUBqFKIjugh92txlSUenKSmuG2497gY2o9jwkEcPf10dGiqMCOh53ytcTIiRzPrno5OpMQlnpQLuORXyzB00aakUxhANjECzgPQbZSHjHJethxH0LRViGJSOOZPgvwJDbgHfsZfEq47OvHa72ltMQ3Y2nmrDqQ15qOA9YIVekvvvZ8hCXpKgfurSkbbSggUHctDD0rNULogmg_e7t1qZ8BvEhg_v816b2r3fGbMoWSreg-Pjqucf-NQseunTuC_tVoQf1NupEVG7bB3wYxjEVFsiTwNSzXPpW4T-KiBuZrJFomUVOM9LvXSekpj2Gn9tsXfetzSfTzQ60ZKZGeef1qL7WAPpKJGIiToCxpXzNukOJEPPUw4v3dFt399EDZV_4VNrdGJ1xB4BMsUr0trJeOR-nXwKA783KDBykiIxHljSfNbpc-aQoaI3XK2R0HW630fhFVyRq0KjePP9uufftVOpzFp55DV22LWEaZnFnxaBniy16W_1V7cFcYTDCD6u9KgYx6O0iA_zlqRaTdzEnjq1VEUmc8l1NqtmVzIyjpEE_9uHqOyi0JtbFT8j-vfw27Tuz1DhPS6awWzk3alWDt3VAHr4vIiSEa0FV4I5S9DaZzvX7plLJxa-9xlkYkq2qnFnAbB0cuZZddExJhkk0Ru9a9IO7bwGwQ0iUBMQjHR92eWXQH_i1Tka68hfM1kUXX1KA6u6mE-eJvXg&cid=CAQSOwDUE5ymMgL3SyAG77EttRdV5qEjuxnWsgXONrZzUoizNp-FAjV68c4xgtfqNtyiqup4X4p9n0FpecL6GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fmypaylogin.com%2F&ds=l&xdt=1&iif=1&cor=10494817366352849000&adk=497053795&idt=126&cac=0&dtd=7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a3501a3f0a7b6bc47f9f81c7be85b3603816fe2d3026ab4b396127ed9eb8895c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 16:18:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84478
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4115
x-xss-protection: 0
server: cafe
etag: 1914039858798321668
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 09 Apr 2023 16:18:04 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230322/r20110914/ Frame 96CF 28 KB
11 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230322/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11f1414c6342d8a5a5124286921298b09b1e776f0aae7bbc4c83b96685166019

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 16:33:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 83531
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10980
x-xss-protection: 0
server: cafe
etag: 17255800071175307161
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 09 Apr 2023 16:33:51 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 96CF 41 KB
15 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 09:39:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108402
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 25 Mar 2024 09:39:21 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E2CB 1 KB
643 B 40ms
39ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 79165
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Mar 2023 17:46:38 GMT
etag: 48472445140208031
expires: Mon, 27 Mar 2023 17:46:38 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 96CF 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1ee2618430f8b4e416953db3c781337223aa3f9328faa51744da1e7ac973a68a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D832 22 KB
8 KB 40ms
40ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 168739
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 25 Mar 2023 16:53:44 GMT
expires: Sun, 24 Mar 2024 16:53:44 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame E2CB 0
104 B 243ms
82ms Image
text/plain 2a02:fa8:8806:20::2010
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEK-nx9n29NG0R9PsaPKisXY&google_cver=1&google_push=Aer7DvJgdtjJcxxGD8mpA3-ezs2ORCfaURNgJB__fCgpYCEMSQzra_XylYuIioQOzWKEiOfbdK8btQIWwF-RdlhKloMO2ZnxkvD5Mw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7507174334378103&output=html&h=90&adk=3070604948&adf=871259380&pi=t.aa~a.2191923801~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1679931961&rafmt=1&to=qs&pwprc=5353064814&format=1200x90&url=https%3A%2F%2Fmypaylogin.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679931961870&bpp=1&bdt=3726&idt=1&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6d0e545c959a423d-22873c7f70dd006b%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_MatgFuSzkmw3WLN4t40liIBx6NVmA&gpic=UID%3D00000bccd2f6c6ae%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_Mbkhwy2NP86M-hFLgja46tZGDb4RA&prev_fmts=0x0%2C270x600&nras=2&correlator=891286276420&frm=20&pv=1&ga_vid=993446239.1679931960&ga_sid=1679931960&ga_hid=2084813799&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1706&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44777876%2C44759837%2C31073263&oid=2&psts=AHQMDFcoAsE9E146kDwWY-GVzVR9LY5COu38D4-t_XpkBrPdL6doLETmfUfO6qIPMJ_7ADEjkvB144CX9WT139_RLCfaZfJz&pvsid=4092948971483189&tmod=106170907&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=RZ0SfOnRAO&p=https%3A//mypaylogin.com&dtd=14
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:20::2010 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:03 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E2CB
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESENiQyKipZPE2N81Mz4MyQK0&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESENiQyKipZPE2N81Mz4MyQK0&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=TlFySUZMTnkxUEdQMlA1&google_gid=CAESENiQyKipZPE2N81Mz4MyQK0&google_cver=1&google_push=Aer7DvLczcWkwA8aiv2gI72tKgZ7uNQcEnCZotnprWvTCPG...

170 B
188 B

57ms
56ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=TlFySUZMTnkxUEdQMlA1&google_gid=CAESENiQyKipZPE2N81Mz4MyQK0&google_cver=1&google_push=Aer7DvLczcWkwA8aiv2gI72tKgZ7uNQcEnCZotnprWvTCPG7mvg7XXYKppLMXvsMd2SGckUTpvOLPB2q0W0oYufrysFKrzENNyoWBA

Requested by

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 27 Mar 2023 15:46:02 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-771-ga8baae6#rel-ec2-master i-09a32cc2c473a3db5@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=TlFySUZMTnkxUEdQMlA1&google_gid=CAESENiQyKipZPE2N81Mz4MyQK0&google_cver=1&google_push=Aer7DvLczcWkwA8aiv2gI72tKgZ7uNQcEnCZotnprWvTCPG7mvg7XXYKppLMXvsMd2SGckUTpvOLPB2q0W0oYufrysFKrzENNyoWBA
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E2CB
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEAR62HvxgmLWHrAqYt89Uds&google_cver=1&google_push=Aer7DvJBWyrhTy_ChMCceVmoX-ZmxmFm7VYHmbcG5QfHvXCMeGD2x4-hyPSXde1UJH5q1iDxwTA5IkDdbMd...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aer7DvJBWyrhTy_ChMCceVmoX-ZmxmFm7VYHmbcG5QfHvXCMeGD2x4-hyPSXde1UJH5q1iDxwTA5IkDdbMdsoVWL3AVuMe79ZwrlrA&google_hm=t4JODHCHRtOe4mRWtz...

170 B
188 B

64ms
62ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aer7DvJBWyrhTy_ChMCceVmoX-ZmxmFm7VYHmbcG5QfHvXCMeGD2x4-hyPSXde1UJH5q1iDxwTA5IkDdbMdsoVWL3AVuMe79ZwrlrA&google_hm=t4JODHCHRtOe4mRWtzk6bmo

Requested by

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:02 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aer7DvJBWyrhTy_ChMCceVmoX-ZmxmFm7VYHmbcG5QfHvXCMeGD2x4-hyPSXde1UJH5q1iDxwTA5IkDdbMdsoVWL3AVuMe79ZwrlrA&google_hm=t4JODHCHRtOe4mRWtzk6bmo
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame E2CB 0
173 B 139ms
47ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEIkJ1O-uQFjJ0FHryc64Vig&google_cver=1&google_push=Aer7DvLS7Xz0CbcVTC57489MF6cI6zgKdvpCqD8sE-anE46OBp7UCdKX_TnkStpBEjlAv2IXgRWvWciN7UNM_iA1sIWg5Ei_UfOsUA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7507174334378103&output=html&h=90&adk=3070604948&adf=871259380&pi=t.aa~a.2191923801~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1679931961&rafmt=1&to=qs&pwprc=5353064814&format=1200x90&url=https%3A%2F%2Fmypaylogin.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679931961870&bpp=1&bdt=3726&idt=1&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6d0e545c959a423d-22873c7f70dd006b%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_MatgFuSzkmw3WLN4t40liIBx6NVmA&gpic=UID%3D00000bccd2f6c6ae%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_Mbkhwy2NP86M-hFLgja46tZGDb4RA&prev_fmts=0x0%2C270x600&nras=2&correlator=891286276420&frm=20&pv=1&ga_vid=993446239.1679931960&ga_sid=1679931960&ga_hid=2084813799&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1706&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44777876%2C44759837%2C31073263&oid=2&psts=AHQMDFcoAsE9E146kDwWY-GVzVR9LY5COu38D4-t_XpkBrPdL6doLETmfUfO6qIPMJ_7ADEjkvB144CX9WT139_RLCfaZfJz&pvsid=4092948971483189&tmod=106170907&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=RZ0SfOnRAO&p=https%3A//mypaylogin.com&dtd=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:46:03 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E2CB
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEPvrgqAt-X7VJUU3Mhulxyg&google_cver=1&google_push=Aer7DvJJjjDu9tWdgqzPLHCNbHv7EtekUXxuVoCYOK1UFbwzCeF7_xlZ48OvHuPpX8Ly9f4r-8FxEloQqbqgK8T7...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=7fP4vIWhSF2MRCH2-o74jw2&google_push=Aer7DvJJjjDu9tWdgqzPLHCNbHv7EtekUXxuVoCYOK1UFbwzCeF7_xlZ48OvHuPpX8Ly9f4r-8FxEloQqbqgK8T7qscsavgZVCsAJw

170 B
188 B

50ms
49ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=7fP4vIWhSF2MRCH2-o74jw2&google_push=Aer7DvJJjjDu9tWdgqzPLHCNbHv7EtekUXxuVoCYOK1UFbwzCeF7_xlZ48OvHuPpX8Ly9f4r-8FxEloQqbqgK8T7qscsavgZVCsAJw

Requested by

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 27 Mar 2023 15:46:03 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=7fP4vIWhSF2MRCH2-o74jw2&google_push=Aer7DvJJjjDu9tWdgqzPLHCNbHv7EtekUXxuVoCYOK1UFbwzCeF7_xlZ48OvHuPpX8Ly9f4r-8FxEloQqbqgK8T7qscsavgZVCsAJw
x-host: tde-deliveryengine-production-86c874c4d8-v4pqh
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E2CB
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEPv6uH88VpKJzO4prKq2CFo&google_cver=1&google_push=Aer7DvIPDpXzW-QCjr4z__9fkocPSdTaNzpjp7Aazl-BCTHgcj_VEM0YDM72M3XbPUMegj67LxXhd0LP...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEPv6uH88VpKJzO4prKq2CFo&google_cver=1&google_push=Aer7DvIPDpXzW-QCjr4z__9fkocPSdTaNzpjp7Aazl-BCTHgcj_VEM0YDM72M3XbPUMegj67LxX...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjA4NzcwODY4ODEzNjc4ODQ2OA&google_push=Aer7DvIPDpXzW-QCjr4z__9fkocPSdTaNzpjp7Aazl-BCTHgcj_VEM0YDM72M3XbPUMegj67LxXhd0...

170 B
188 B

54ms
54ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjA4NzcwODY4ODEzNjc4ODQ2OA&google_push=Aer7DvIPDpXzW-QCjr4z__9fkocPSdTaNzpjp7Aazl-BCTHgcj_VEM0YDM72M3XbPUMegj67LxXhd0LPXlF10Zuv0HPuUL2QMgIVEQ

Requested by

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjA4NzcwODY4ODEzNjc4ODQ2OA&google_push=Aer7DvIPDpXzW-QCjr4z__9fkocPSdTaNzpjp7Aazl-BCTHgcj_VEM0YDM72M3XbPUMegj67LxXhd0LPXlF10Zuv0HPuUL2QMgIVEQ
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E2CB
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=u0qTLdcpRSW_1tWAJqapfw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

53ms
51ms

Image
image/png

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=u0qTLdcpRSW_1tWAJqapfw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aer7DvJqJzB6rXMyK5IBh8g4s5y4yNKyWqWtcIeOJhOX7eJWOFWccxFYvRzfIbMVQw7EQsU3h2sccAPDzqBQK2_Vbd_oyowPtXWjgw

Requested by

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=u0qTLdcpRSW_1tWAJqapfw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=Aer7DvJqJzB6rXMyK5IBh8g4s5y4yNKyWqWtcIeOJhOX7eJWOFWccxFYvRzfIbMVQw7EQsU3h2sccAPDzqBQK2_Vbd_oyowPtXWjgw
date: Mon, 27 Mar 2023 15:46:02 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame E2CB 0
12 B 50ms
49ms Image
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Ll27-M6SL5pDaDnc2rR41UoypwFz5AopAgZKeVodg2NUULZQWamyTv0dMPmTL4Z82Ar5RN

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:46:03 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/12784067222800087067/ Frame DABE 141 KB
22 KB 138ms
47ms Document
text/html 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12784067222800087067/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4f828bd932e3d2cfc41828f719a08047655f9572c4cc79828fc336c23a6f2ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 423651
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 22859
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 22 Mar 2023 18:05:12 GMT
expires: Thu, 21 Mar 2024 18:05:12 GMT
last-modified: Wed, 09 Feb 2022 10:31:32 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 96CF 0
0 236ms
106ms Fetch
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvygQmFpXIbFWS5kGrUejsFdgVxp1wrm9quWYiTZc9ArRIPl7z7sruJ_xqlypgbglArIVcSHef0MWbN_3Sir6Pz1IGyXNovOdf2Ky2m7HyCR--ZwJKptd1mXZDFmHbLcDLZ4owa_X5g2BakNs4wOY-4vF4oZHumrTEBEJhJfL_zR6c0Bp1cUvo5Ld5esMnf2QZrTkasNzvWEl8iIOrUnOB8w69OB3jQiyB2DE7EtsZrvsLAe5c2Y2HEs5E690EhBZtBVhIImR9jARD2ym7aIfOtVXOvJqq-hJ0FAWAAi8g6jWmPtJyzcRXa3Wk2aU-nx3wZi24gk0YiSLaOk0aQ8UN4EUCgiTCVximQcGBMOFR568CB39AyAJgyscH8kOaBNTZYqKe0zZ0Fqr2nMaysUcgzhp1GyeYwBmb1ToFrKHbzvcFbpG8tDBTCSWNG1hBzejkxTHI-M__BppcHrmBHJJuAhz0az9sstXcgOdnlgrUF_6LoCA2DOC0Nd9BSYjWI8fWJsyZjLU2U21UnXBNf6hziXd0B4WrJAKhV0IudiEO4PueKpgBS5ufgXkaJeiEIxf6RqH1OQyflDvV8EjuYMzhr6bhs8o7tKTqUzakDnZCJdNw-Bsedu2O8X-v0CHYzo3OFA26HZ_nkifBoU3T9IR-kZgU-F1ggCed4ZO6DWGou1iIl_z7ngSDh8A7XqqY_F9-z5Mc_yN-LTEJiI-Pm64cXP84XNtrAqlq3zWVK5ztogJ6M7KdPqr73Pf9LYJwx1_6CEg7dVncEkAd9wrKbZda-KHz02qaGbErZxPOGY1GZ2JlDSD4nm1CtTXrXqEfObFHMnHJTPagFfyyaQ5_7VMDwOVDFlfKokkFJyaMq2HwDJND47ZMY2QwNCWAPu3gz0gIw-BoZo-7barsr-MbDh0qx47578uUfpPnZhPFdN4RMFGiIj4LKlmAfDZAuFkmRCaxzpnTk2rJrDP6Cre2QCTc6XMkM5nfJGa1pUtm-47q_2C7fVnDp6JXc1YZmS0d-1-rVfUsBiFh2XBLhS9N0Q1BztkhJQNgyDFxO1i3t5EOOVebrpGX3jeqOnK2FLiIXFqK0kxBMd_Z3czYLR1zP7GhuC3b9yvZPKsU6g4_9iOPRB4wNN4vjo9iJXPxJEbTmNVUvzyL-zyP82XwiHVD2VLGSnd_r-5h3il7i-wLOUVoaeKejBPuPWdZ7mqBMfoFCYn_EUds7BxXYouB16AyfHuQeCu0STqj_9BuzDq0Bike-1FdPMHXwKSaLv8QQ9CYv_YE1r2OY7yTWFfdzlbIER4XJ7evA4n5KCOGq51WyxdX3RVfgM6756ziBSsY&sai=AMfl-YQRVvPpvtR1OLZqSDxadY-bWWV9_Wq5s_SUbIBqWrb1FFw5eBzB2djurRnFhPsegtjDAI0QbOSVe21Qd8CBom387DTT1HvYOEbJU6FaG1UPFEBvG9p-tzfOdYq_ezU529PXxlg7HBsjry4BN-JC1YfseOA0aUzA4_hyh2kvH_Onbk9OtnKSkCa2_KiRkUfsDSpsnCJOz0uzGScIQzREsige8nWsGuJAt_VVYFRtnQF9KkkjT4G5EpaRewT-YlO_aDUM&sig=Cg0ArKJSzLY9CybKJICWEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=211&cbvp=1&cstd=196&cisv=r20230322.01807&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: mypaylogin.com
URL: https://mypaylogin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 27 Mar 2023 15:46:03 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Mon, 27 Mar 2023 15:46:03 GMT

GET
H3 200 3b1Q3-2ktxseIVt-HK-LDpEKRyl8KDIxhU6os0UJEUg.js Show response
pagead2.googlesyndication.com/bg/ Frame D832 36 KB
14 KB 48ms
39ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/3b1Q3-2ktxseIVt-HK-LDpEKRyl8KDIxhU6os0UJEUg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ddbd50dfeda4b71b1e215b7e1caf8b0e910a47297c283231854ea8b345091148

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 14:06:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5981
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14404
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 26 Mar 2024 14:06:22 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame DABE 29 KB
10 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12784067222800087067/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12784067222800087067/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Sun, 26 Mar 2023 18:05:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 78052
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Mar 2023 18:05:11 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 82ms
81ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230322&jk=4092948971483189&bg=!5uWl5bHNAAbO2UOH7tk7ADkAdvg8WqEXdKWG5VoxVNRYPKkJDHkDyvTn-_D707Lq2SlzVVK4_-oHSeVZ3ZPSOeGce7sRoCuxXzMCAAABH1IAAAADaAEHCgATswAiH9ksAK2OfNaYj3a-Cctyy5kCnK7It7IWHIbtYUSC4llHwEIJgz4aJIdqbrOYI6hDjgFImSyp5OTiUATv9ljI3ypM1niD9kYHlz7_f_wl01RtTNR1QCoH3S-GZ9OS_rBgJDR7VLplzmlYG459TvJ38-Vm_PWbABa_vFu2fO96tuCzhCGR7Q6_FwLz4b7ONYz0weCWBeYp0utlFC-D8c39yExOjEnlvqquXTGVChjw5YATso5kO174Gn6N7obMfb0wYIugRP3JONcfudMae7wT0p1sNaNCOSqvsONzqYHLmq9nTpx0DLxjOls6CAIwU-zmFwfWCvnosv4k7eaUo2mOCKbco58UmS_bFKGe7_lRt8whs5buwKVvZApIbV23vbk1Z2SMOoDx4QdI-aUX4-VxsUGdRADN6FRMDktRexgfphXrdptKhn2S7C1LMERPjDsbu2BXnQsXy5VgUtZPWPsqVJWXCZfjZpaK1xnSNnl3Q7krEdH5NGbRCGZNqrCFVv7zrWg-cf56ysganRVDFcGe0s9mMiPS5PPFz8ygdhbVpTEpzRJyAu4pGd2gHVuDqtFsdI6ZUt6gRL8jU6yVuvLRrmSXfIT-oDNk32JNIg_GSzTegqBlekNmv7U6DLapAd4oS_P7_yPMn8EcssxYjJYQisFXGwLey8muNWzyl1ti4d1UgwMKaYrcpDfvttE01y0tDWbFH8W2Wf1xGsTqrx8XfncuXKc5o7mHscRMPB2LL-oMLiVn0LPtAzbcKgN93L_-V1Y_qAS7HJYB3hUNuRym0VklXzctEvrTeg80xkckG3cmoiVyz1OeVUg4hfNZBkTx5LB0v-wPMlM0dmRGY0c_pAYEX44pkbnteAZ3sNr2j3D9gZvt-1WMVXLvsbYhz3_ehlSZAeZFj3bPVc2rGVJ3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mypaylogin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D1BC 42 B
64 B 80ms
79ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvtLeZmwveyMU-1C5MyPJVguWPK-5YCiJSwSa-8jKmGgVQg6TigWpGrMeN3nI7o83Z9UedYGelyojm3sVQluBAQsVmisqah27bCMRceDMl5_6FrvJRmO2RwWB5NsvbaVOuQF2ed2g&sai=AMfl-YQKPtUeA1mTbJLAUP2hCau2R33ZNuanNPkcZdL9rbLbo7zcAR8rqtdL3wgWV6FdQa4UF4_dgNhbthe8&sig=Cg0ArKJSzFXDsCBYc1MREAE&cid=CAQSGwDUE5ymwdSpjvxS7l3z2myrBGisA3pH5JFZZxgB&id=lidar2&mcvt=1003&p=0,0,500,180&mtos=1003,1003,1003,1003,1003&tos=1003,0,0,0,0&v=20230322&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679931961982&rpt=275&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 96CF 0
0 86ms
78ms Fetch
image/gif 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvygQmFpXIbFWS5kGrUejsFdgVxp1wrm9quWYiTZc9ArRIPl7z7sruJ_xqlypgbglArIVcSHef0MWbN_3Sir6Pz1IGyXNovOdf2Ky2m7HyCR--ZwJKptd1mXZDFmHbLcDLZ4owa_X5g2BakNs4wOY-4vF4oZHumrTEBEJhJfL_zR6c0Bp1cUvo5Ld5esMnf2QZrTkasNzvWEl8iIOrUnOB8w69OB3jQiyB2DE7EtsZrvsLAe5c2Y2HEs5E690EhBZtBVhIImR9jARD2ym7aIfOtVXOvJqq-hJ0FAWAAi8g6jWmPtJyzcRXa3Wk2aU-nx3wZi24gk0YiSLaOk0aQ8UN4EUCgiTCVximQcGBMOFR568CB39AyAJgyscH8kOaBNTZYqKe0zZ0Fqr2nMaysUcgzhp1GyeYwBmb1ToFrKHbzvcFbpG8tDBTCSWNG1hBzejkxTHI-M__BppcHrmBHJJuAhz0az9sstXcgOdnlgrUF_6LoCA2DOC0Nd9BSYjWI8fWJsyZjLU2U21UnXBNf6hziXd0B4WrJAKhV0IudiEO4PueKpgBS5ufgXkaJeiEIxf6RqH1OQyflDvV8EjuYMzhr6bhs8o7tKTqUzakDnZCJdNw-Bsedu2O8X-v0CHYzo3OFA26HZ_nkifBoU3T9IR-kZgU-F1ggCed4ZO6DWGou1iIl_z7ngSDh8A7XqqY_F9-z5Mc_yN-LTEJiI-Pm64cXP84XNtrAqlq3zWVK5ztogJ6M7KdPqr73Pf9LYJwx1_6CEg7dVncEkAd9wrKbZda-KHz02qaGbErZxPOGY1GZ2JlDSD4nm1CtTXrXqEfObFHMnHJTPagFfyyaQ5_7VMDwOVDFlfKokkFJyaMq2HwDJND47ZMY2QwNCWAPu3gz0gIw-BoZo-7barsr-MbDh0qx47578uUfpPnZhPFdN4RMFGiIj4LKlmAfDZAuFkmRCaxzpnTk2rJrDP6Cre2QCTc6XMkM5nfJGa1pUtm-47q_2C7fVnDp6JXc1YZmS0d-1-rVfUsBiFh2XBLhS9N0Q1BztkhJQNgyDFxO1i3t5EOOVebrpGX3jeqOnK2FLiIXFqK0kxBMd_Z3czYLR1zP7GhuC3b9yvZPKsU6g4_9iOPRB4wNN4vjo9iJXPxJEbTmNVUvzyL-zyP82XwiHVD2VLGSnd_r-5h3il7i-wLOUVoaeKejBPuPWdZ7mqBMfoFCYn_EUds7BxXYouB16AyfHuQeCu0STqj_9BuzDq0Bike-1FdPMHXwKSaLv8QQ9CYv_YE1r2OY7yTWFfdzlbIER4XJ7evA4n5KCOGq51WyxdX3RVfgM6756ziBSsY&sai=AMfl-YQRVvPpvtR1OLZqSDxadY-bWWV9_Wq5s_SUbIBqWrb1FFw5eBzB2djurRnFhPsegtjDAI0QbOSVe21Qd8CBom387DTT1HvYOEbJU6FaG1UPFEBvG9p-tzfOdYq_ezU529PXxlg7HBsjry4BN-JC1YfseOA0aUzA4_hyh2kvH_Onbk9OtnKSkCa2_KiRkUfsDSpsnCJOz0uzGScIQzREsige8nWsGuJAt_VVYFRtnQF9KkkjT4G5EpaRewT-YlO_aDUM&sig=Cg0ArKJSzLY9CybKJICWEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=445&vt=11&dtpt=234&dett=3&cstd=196&cisv=r20230322.01807&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: mypaylogin.com
URL: https://mypaylogin.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:46:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 27 Mar 2023 15:46:03 GMT

GET
H3 200 cta_jetzt_buchen.svg
s0.2mdn.net/creatives/assets/4331440/ Frame DABE 2 KB
1 KB 47ms
44ms Image
image/svg+xml 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4331440/cta_jetzt_buchen.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b9b2b33d50320446996a318fbd7129b3b365e760c44e8acc28031438bb3f8d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12784067222800087067/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:36:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 558
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1056
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 09:19:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Mar 2023 15:51:45 GMT

GET
H3 200 logo_flextarif.svg
s0.2mdn.net/creatives/assets/4331440/ Frame DABE 3 KB
1 KB 62ms
59ms Image
image/svg+xml 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4331440/logo_flextarif.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82df0096488e87333aaa0b7cad6ec583baee19c0d1cf7638e48fb609ed060a79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12784067222800087067/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:38:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 467
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1288
x-xss-protection: 0
last-modified: Thu, 21 Oct 2021 13:24:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Mar 2023 15:53:16 GMT

GET
H3 200 tui_logo_live_happy.svg
s0.2mdn.net/creatives/assets/4364511/ Frame DABE 6 KB
2 KB 62ms
59ms Image
image/svg+xml 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4364511/tui_logo_live_happy.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

854a1cb3bf2ef67e6a303c0ca22cbf1616a6683a1415997646bb2129047a7e1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12784067222800087067/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:34:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 708
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2072
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 07:44:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Mar 2023 15:49:15 GMT

GET
H3 200 head2_2line_family.svg
s0.2mdn.net/creatives/assets/4453672/ Frame DABE 12 KB
3 KB 65ms
62ms Image
image/svg+xml 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4453672/head2_2line_family.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1bd4b6c45e7bc6a8d91d052fd971d32dae0282cdc0a8513ff8dc60f4b3f2a274

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12784067222800087067/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:34:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 719
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3442
x-xss-protection: 0
last-modified: Wed, 09 Feb 2022 08:21:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Mar 2023 15:49:04 GMT

GET
H3 200 head1_1line_family.svg
s0.2mdn.net/creatives/assets/4453672/ Frame DABE 7 KB
2 KB 63ms
60ms Image
image/svg+xml 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4453672/head1_1line_family.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3192c9a7e98a6d2874cde7e3a27c4f6149d4b1034ac6acd81a7d2d6ef1393761

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12784067222800087067/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:32:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 786
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2321
x-xss-protection: 0
last-modified: Wed, 09 Feb 2022 08:21:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Mar 2023 15:47:57 GMT

GET
H3 200 728x90_kv_family.jpg
s0.2mdn.net/creatives/assets/4453672/ Frame DABE 38 KB
38 KB 47ms
44ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4453672/728x90_kv_family.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3cdafa331554b9a58e4406b653270c0b44945e431761cfeb3876229f001f8af6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12784067222800087067/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 15:34:16 GMT
x-content-type-options: nosniff
age: 707
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39260
x-xss-protection: 0
last-modified: Wed, 09 Feb 2022 08:21:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Mar 2023 15:49:16 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D832 0
20 B 80ms
77ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BWVAOOrohZK-wN-a59u8P_IOMuA0AAAAAOAHgBAI&bg=!srGlseXNAAbO2UOH7tk7ADkAdvg8Wtla9H6C6Yc-N79poGvyqDUHZB6A1Gs4kbM23_B9IFghZEyE0bPDfusv-GhMhPCyzmDPwaQCAAAAnFIAAAACaAEHmQLmgBMXzGS2pU1TODFO_cAXF1nnTg9jYXlSTDmuwVI681fX2-tVtvU6BDzpvYfNbbIZtboe-OAn2QMKmatYQJwrcQg7tPbB2A8Z4GXwA-TkX_KfY5VjL6qnTFkniUGLHnRwL2LvycdP57Qee1zm6oCot8Zc0Nqs6CjUNKcCQLB5470ijSvlHkMXsBHe22yzQedl-68peUJm1a3fVSv1DU22OkIG6s0XlVeyzM1e64VdJ9QQgCuy3s5KmYMCUW6N4rjkoFJX29jxAqAMap4mnAwf0Ua8e9qSoDQvz379q_C2xVfuV6hun_-T9H0lG3GU0yoH7KWMUbwhu8_17Yx8jfBxGRYDS9b-kJCy1_hdIqKXH2UQPRzz3Q4cAitiRmkwUDMHT-8TSIl4pnVxOnvp4hIlKk2g9A5-YGVwSa4IJ8pWm-NmSIJzbcRJto67kfEQPLet1a_3G8Bb3DnOpiWXCBHqkfGWqA3ywofJ2U-QPNAtT9vth4A2LfjGsEsQtRZU8hi_QYek_p0vGKayY0qvdDpKnWIbPIx6WL3HFOeCZ_r_9AsaWCWSkZqr69aDhoqHPI96qbEse41_3t22kvrV50QiZW-A6FeYS69Dajv9hNCDuUPYrfOXHnfxBjXnJjH3n__gIDYE9W2XqXhUb81x3iuBi56Sx3b6DymevnW-CCPqrT5pnfc7845i7dQLnokjnHrInxRg8T0FrOpbMU2kT_tM8jOIr31kXmdlFEhxbW4-EpCAn3Lc0-t5jTGEeH-4d4hDDr__7RMrZqO3CvvtTwgSfO2bvHvOB5SvCrTGfm1KZL9PF_5Q228INWHU2eddAeIk-_LWu5pKyKoTZipACf2TnlVFzadNLU0p7muuW0d5XEOij7CtpfPJTtbd_xr5kC0nyhpQSc-J92I2URi4pnsd2st-jiVco41vmANVMUyrYCmoeBTmYEHMVZUmJf5_RP7nLAVXEe7h0UNBq3qTtdBQZuO_mtLbSw

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D218 42 B
64 B 78ms
77ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsurFG45QIQ72ehx6l3QaegsHg2KnPlderLCJ0Zw-lyXD7Rv8RPON4NfBb6qpeu29LFCt5ZfyELc2BqqpHbiGO8mxHsFipXYtCtQZLketeBLx5o2B0py7jkQE50UCrKIDO1__OV-Jg&sai=AMfl-YRo3357kHlY8NTKmUEJPvBOWJ2PXAt0x4F-iM2YsY1_FiyoWu5YXoe12ytt8HsqQwCwyrAeSuHCi91Q&sig=Cg0ArKJSzN0EXsaEpn1hEAE&cid=CAQSGwDUE5ymwdSpjvxS7l3z2myrBGisA3pH5JFZZxgB&id=lidar2&mcvt=1000&p=0,0,124,1005&mtos=156,820,1000,1151,1151&tos=156,664,180,151,0&v=20230322&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679931961990&rpt=292&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0AE3 42 B
64 B 81ms
76ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstpGMWISM1d6Jejr0w1yzjuZu5mmn9zyBIvupwzDdx5eXvBsszvVf3XcJS-jCh_xRTPc6O1UVJ0UYr0ktethDSs_LxAFgnT3mHj09TyuF30bSbm8sOBAuR22iEFg3mjs4oNrruyFw&sai=AMfl-YSgCFBZjEg7iyAg8TFFS7mgNB9vwvMXPpGnpQdBAOjgH7ddhDxXO3jxg6O-U9CTyRKoSPFKgnaJMc_b&sig=Cg0ArKJSzKPkn-dld2FAEAE&cid=CAQSGwDUE5ymwdSpjvxS7l3z2myrBGisA3pH5JFZZxgB&id=lidar2&mcvt=1000&p=0,0,500,180&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230322&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1679931961986&rpt=405&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame 96CF
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/987057/61527017/4.js?ias_dspID=3&ias_campId=1010147415&ias_pubId=pub-7507174334378103&ias_chanId=1&ias_placementId=19422216621&bidurl=https://mypaylogin.com/&i...
https://static.adsafeprotected.com/4.js

1 KB
1 KB

108ms
53ms

Script
application/javascript

2600:9000:223f:c800:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7507174334378103&output=html&h=90&adk=3070604948&adf=871259380&pi=t.aa~a.2191923801~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1679931961&rafmt=1&to=qs&pwprc=5353064814&format=1200x90&url=https%3A%2F%2Fmypaylogin.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679931961870&bpp=1&bdt=3726&idt=1&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6d0e545c959a423d-22873c7f70dd006b%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_MatgFuSzkmw3WLN4t40liIBx6NVmA&gpic=UID%3D00000bccd2f6c6ae%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_Mbkhwy2NP86M-hFLgja46tZGDb4RA&prev_fmts=0x0%2C270x600&nras=2&correlator=891286276420&frm=20&pv=1&ga_vid=993446239.1679931960&ga_sid=1679931960&ga_hid=2084813799&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1706&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44777876%2C44759837%2C31073263&oid=2&psts=AHQMDFcoAsE9E146kDwWY-GVzVR9LY5COu38D4-t_XpkBrPdL6doLETmfUfO6qIPMJ_7ADEjkvB144CX9WT139_RLCfaZfJz&pvsid=4092948971483189&tmod=106170907&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=RZ0SfOnRAO&p=https%3A//mypaylogin.com&dtd=14
Protocol: H2
Server: 2600:9000:223f:c800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 18:43:35 GMT
x-amz-version-id: ml8sLXd95uD59cm.BnrTx99uclgxfFZ2
content-encoding: gzip
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 507749
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Tue, 21 Mar 2023 18:43:33 GMT
server: AmazonS3
etag: W/"33dffa7df253125904b2f354b5bb5e8d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: 07Nc03bzqdcPRolS4DQ7G_vd-dbP83fP7dYd9xRnP26j5jvG1mjjjQ==

Redirect headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:03 GMT
server: nginx
x-server-name: app09.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 6DB0 91 KB
23 KB 147ms
47ms Script
application/javascript 2600:9000:223f:c800:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7507174334378103&output=html&h=90&adk=3070604948&adf=871259380&pi=t.aa~a.2191923801~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1679931961&rafmt=1&to=qs&pwprc=5353064814&format=1200x90&url=https%3A%2F%2Fmypaylogin.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679931961870&bpp=1&bdt=3726&idt=1&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6d0e545c959a423d-22873c7f70dd006b%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_MatgFuSzkmw3WLN4t40liIBx6NVmA&gpic=UID%3D00000bccd2f6c6ae%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_Mbkhwy2NP86M-hFLgja46tZGDb4RA&prev_fmts=0x0%2C270x600&nras=2&correlator=891286276420&frm=20&pv=1&ga_vid=993446239.1679931960&ga_sid=1679931960&ga_hid=2084813799&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1706&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44777876%2C44759837%2C31073263&oid=2&psts=AHQMDFcoAsE9E146kDwWY-GVzVR9LY5COu38D4-t_XpkBrPdL6doLETmfUfO6qIPMJ_7ADEjkvB144CX9WT139_RLCfaZfJz&pvsid=4092948971483189&tmod=106170907&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=RZ0SfOnRAO&p=https%3A//mypaylogin.com&dtd=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:c800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 16157387
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: e37fNt5Ke7Jow7-fNsd0GPoJE-PLWUe76beKpNqQ7GNgGHipl4v0QA==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 96CF 43 B
215 B 617ms
201ms Image
image/gif 2600:1f13:800:7781:597a:4662:4114:69b9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=987057&asId=86d0530d-b0d6-4fef-173e-3747c4623cbd&tv=%7Bc:84QQHE,pingTime:-3,time:57,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:23%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:57,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:23,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B48~0%5D,as:%5B48~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tzIHjGa+11%7C12%7C131%7C141*.987057-61527017%7C1411%7C1412%7C1413%7C1414%7C1511%7C161%7C171%7C181%7C182%7C19,idMap:141*,rmeas:1,rend:0,renddet:na,siq:24%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7507174334378103&output=html&h=90&adk=3070604948&adf=871259380&pi=t.aa~a.2191923801~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1679931961&rafmt=1&to=qs&pwprc=5353064814&format=1200x90&url=https%3A%2F%2Fmypaylogin.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679931961870&bpp=1&bdt=3726&idt=1&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6d0e545c959a423d-22873c7f70dd006b%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_MatgFuSzkmw3WLN4t40liIBx6NVmA&gpic=UID%3D00000bccd2f6c6ae%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_Mbkhwy2NP86M-hFLgja46tZGDb4RA&prev_fmts=0x0%2C270x600&nras=2&correlator=891286276420&frm=20&pv=1&ga_vid=993446239.1679931960&ga_sid=1679931960&ga_hid=2084813799&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1706&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44777876%2C44759837%2C31073263&oid=2&psts=AHQMDFcoAsE9E146kDwWY-GVzVR9LY5COu38D4-t_XpkBrPdL6doLETmfUfO6qIPMJ_7ADEjkvB144CX9WT139_RLCfaZfJz&pvsid=4092948971483189&tmod=106170907&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=RZ0SfOnRAO&p=https%3A//mypaylogin.com&dtd=14
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:597a:4662:4114:69b9 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:04 GMT
server: nginx
x-server-name: dt22.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 96CF 43 B
215 B 614ms
201ms Image
image/gif 2600:1f13:800:7781:597a:4662:4114:69b9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=987057&asId=86d0530d-b0d6-4fef-173e-3747c4623cbd&tv=%7Bc:84QQHH,pingTime:-6,time:59,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:59,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:23,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B50~0%5D,as:%5B50~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tzIHjGa+11%7C12%7C131%7C141*.987057-61527017%7C1411%7C1412%7C1413%7C1414%7C1511%7C161%7C171%7C181%7C182%7C19,idMap:141*,rmeas:1,rend:0,renddet:na,siq:24%7D&tpiLookup=ao:mypaylogin.com*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7507174334378103&output=html&h=90&adk=3070604948&adf=871259380&pi=t.aa~a.2191923801~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1679931961&rafmt=1&to=qs&pwprc=5353064814&format=1200x90&url=https%3A%2F%2Fmypaylogin.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679931961870&bpp=1&bdt=3726&idt=1&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6d0e545c959a423d-22873c7f70dd006b%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_MatgFuSzkmw3WLN4t40liIBx6NVmA&gpic=UID%3D00000bccd2f6c6ae%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_Mbkhwy2NP86M-hFLgja46tZGDb4RA&prev_fmts=0x0%2C270x600&nras=2&correlator=891286276420&frm=20&pv=1&ga_vid=993446239.1679931960&ga_sid=1679931960&ga_hid=2084813799&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1706&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44777876%2C44759837%2C31073263&oid=2&psts=AHQMDFcoAsE9E146kDwWY-GVzVR9LY5COu38D4-t_XpkBrPdL6doLETmfUfO6qIPMJ_7ADEjkvB144CX9WT139_RLCfaZfJz&pvsid=4092948971483189&tmod=106170907&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=RZ0SfOnRAO&p=https%3A//mypaylogin.com&dtd=14
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:597a:4662:4114:69b9 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:04 GMT
server: nginx
x-server-name: dt23.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 96CF 43 B
216 B 608ms
200ms Image
image/gif 2600:1f13:800:7781:597a:4662:4114:69b9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=987057&asId=86d0530d-b0d6-4fef-173e-3747c4623cbd&tv=%7Bc:84QQHN,pingTime:-2,time:65,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:962,beZ:964,mfA:967,cmA:969,inA:969,inZ:974,prA:974,prZ:980,si:986,poA:987,poZ:1014,cmZ:1014,mfZ:1014,loA:1020,loZ:1022,ltA:1025,ltZ:1025%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:23%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:65,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:23,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B56~0%5D,as:%5B56~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tzIHjGa+11%7C12%7C131%7C141*.987057-61527017%7C1411%7C1412%7C1413%7C1414%7C1511%7C161%7C171%7C181%7C182%7C19,idMap:141*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:na,siq:24,sinceFw:38,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7507174334378103&output=html&h=90&adk=3070604948&adf=871259380&pi=t.aa~a.2191923801~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1679931961&rafmt=1&to=qs&pwprc=5353064814&format=1200x90&url=https%3A%2F%2Fmypaylogin.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679931961870&bpp=1&bdt=3726&idt=1&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6d0e545c959a423d-22873c7f70dd006b%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_MatgFuSzkmw3WLN4t40liIBx6NVmA&gpic=UID%3D00000bccd2f6c6ae%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_Mbkhwy2NP86M-hFLgja46tZGDb4RA&prev_fmts=0x0%2C270x600&nras=2&correlator=891286276420&frm=20&pv=1&ga_vid=993446239.1679931960&ga_sid=1679931960&ga_hid=2084813799&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1706&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44777876%2C44759837%2C31073263&oid=2&psts=AHQMDFcoAsE9E146kDwWY-GVzVR9LY5COu38D4-t_XpkBrPdL6doLETmfUfO6qIPMJ_7ADEjkvB144CX9WT139_RLCfaZfJz&pvsid=4092948971483189&tmod=106170907&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=RZ0SfOnRAO&p=https%3A//mypaylogin.com&dtd=14
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:597a:4662:4114:69b9 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:04 GMT
server: nginx
x-server-name: dt24.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 96CF 43 B
215 B 191ms
191ms Image
image/gif 2600:1f13:800:7781:597a:4662:4114:69b9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=987057&asId=86d0530d-b0d6-4fef-173e-3747c4623cbd&tv=%7Bc:84QQOQ,pingTime:-10,time:502,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTExLjAuNTU2My4xMTAgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1679931964095%7C%7Cb5ff757713cefdbd538b8d0547a6988b%7C%7Cddbcd9d17a9a064530ac6d0fa988f97e%7C%7Ce1c1d81ba41b34162a4c01778996ae32%7C%7Cb7c44b90077794c5d9b2418f200138a2%7C%7C75495fbe6351af9e1a79ecc5065934ef%7C%7Cc3f8bbaf23f9f1a4648ea4854bd45f53%7C%7C268e6fc623d76eb31dfe91435af7e36f%7C%7C1663701684%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7507174334378103&output=html&h=90&adk=3070604948&adf=871259380&pi=t.aa~a.2191923801~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1679931961&rafmt=1&to=qs&pwprc=5353064814&format=1200x90&url=https%3A%2F%2Fmypaylogin.com%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679931961870&bpp=1&bdt=3726&idt=1&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6d0e545c959a423d-22873c7f70dd006b%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_MatgFuSzkmw3WLN4t40liIBx6NVmA&gpic=UID%3D00000bccd2f6c6ae%3AT%3D1679931960%3ART%3D1679931960%3AS%3DALNI_Mbkhwy2NP86M-hFLgja46tZGDb4RA&prev_fmts=0x0%2C270x600&nras=2&correlator=891286276420&frm=20&pv=1&ga_vid=993446239.1679931960&ga_sid=1679931960&ga_hid=2084813799&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1706&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759876%2C44777876%2C44759837%2C31073263&oid=2&psts=AHQMDFcoAsE9E146kDwWY-GVzVR9LY5COu38D4-t_XpkBrPdL6doLETmfUfO6qIPMJ_7ADEjkvB144CX9WT139_RLCfaZfJz&pvsid=4092948971483189&tmod=106170907&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=RZ0SfOnRAO&p=https%3A//mypaylogin.com&dtd=14
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:597a:4662:4114:69b9 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:04 GMT
server: nginx
x-server-name: dt06.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 96CF 43 B
215 B 190ms
189ms Image
image/gif 2600:1f13:800:7781:597a:4662:4114:69b9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=987057&asId=86d0530d-b0d6-4fef-173e-3747c4623cbd&tv=%7Bc:84QQSp,time:723,type:e,im:%7Bpci:%7Btdr:679%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:723,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:23,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B714~0%5D,as:%5B714~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:194,fm:tzIHjGa+11%7C12%7C131%7C141*.987057-61527017%7C1411%7C1412%7C1413%7C1414%7C1511%7C161%7C171%7C181%7C182%7C19,idMap:141*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:24,sis:216%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:597a:4662:4114:69b9 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:04 GMT
server: nginx
x-server-name: dt23.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 96CF 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=614791136613&version=m202301230201&ct=76&x=1&cor=10494817366352849000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Mar 2023 15:46:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

165 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

43 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.ebayadservices.com/marketingtracking/v1	1970-01-20 12:48:27	Name: adguid Value: cb8d803073d2417c969bc2f91e9d2363
.mypaylogin.com/	1970-01-20 10:40:18	Name: _gid Value: GA1.2.861325565.1679931960
.mypaylogin.com/	1970-01-20 10:38:52	Name: _gat Value: 1
.mypaylogin.com/	1970-01-20 20:14:51	Name: _ga_1B7F7WKTNY Value: GS1.1.1679931960.1.0.1679931960.0.0.0
.mypaylogin.com/	1970-01-20 20:14:51	Name: _ga Value: GA1.1.993446239.1679931960
.mypaylogin.com/	1970-01-20 20:00:27	Name: __gads Value: ID=6d0e545c959a423d-22873c7f70dd006b:T=1679931960:RT=1679931960:S=ALNI_MatgFuSzkmw3WLN4t40liIBx6NVmA
.mypaylogin.com/	1970-01-20 20:00:27	Name: __gpi Value: UID=00000bccd2f6c6ae:T=1679931960:RT=1679931960:S=ALNI_Mbkhwy2NP86M-hFLgja46tZGDb4RA
.udmserve.net/	1970-01-20 19:24:27	Name: dt Value: 59319706-FF3C-32AD-9835-4B894F98F3E1
.yahoo.com/	1970-01-20 19:24:49	Name: A3 Value: d=AQABBDi6IWQCEHy-LB_2ND3lNLYt-xQTuJ4FEgEBAQELI2QrZAAAAAAA_eMAAA&S=AQAAAl9HX8c8Yrvg7AXBhoKbl3E
.adnxs.com/	1970-01-20 12:48:27	Name: uuid2 Value: 6438999064524780455
.pubmatic.com/	1970-01-20 10:40:18	Name: KTPCACOOKIE Value: YES
.casalemedia.com/	1970-01-20 19:24:27	Name: CMID Value: ZCG6OLAjfDhas.U3qTtOKQAA
.casalemedia.com/	1970-01-20 12:48:27	Name: CMPS Value: 3240
.casalemedia.com/	1970-01-20 12:48:27	Name: CMPRO Value: 3240
.analytics.yahoo.com/	1970-01-20 19:24:27	Name: IDSYNC Value: 19b4~2ar3
.pubmatic.com/	1970-01-20 12:48:27	Name: SyncRTB3 Value: 1681084800%3A220
.pubmatic.com/	1970-01-20 19:24:27	Name: KADUSERCOOKIE Value: BB4A932D-D729-4525-BFD6-D58026A6A97F
.360yield.com/	1970-01-20 12:48:27	Name: tuuid Value: d01d93c2-10be-4695-bec2-122650c06ad5
.360yield.com/	1970-01-20 12:48:27	Name: tuuid_lu Value: 1679931960
mypaylogin.com/	1970-01-20 11:22:03	Name: udmsrc Value: %7B%7D
mypaylogin.com/	1970-01-20 11:22:03	Name: _pbjs_userid_consent_data Value: 3524755945110770
.udmserve.net/	1970-01-20 12:48:27	Name: yahoo Value: y-VABRNNlE2uEJiQ5P0FpqcWw00Gdc5JzdL2U5FA8-~A
.quantserve.com/	1970-01-20 20:09:06	Name: mc Value: 6421ba38-eae02-71a11-6c3c0
.mypaylogin.com/	1970-01-20 20:03:20	Name: __qca Value: P0-1197053966-1679931960674
.doubleclick.net/	1970-01-20 20:00:27	Name: IDE Value: AHWqTUmQptAhmBFg_VlkYt7jyGpWAQmqU6RmhK_vfJdE_Eb0YfeG5DumQLfJ9DYA4SI
.udmserve.net/	1970-01-20 12:48:27	Name: apnid Value: 6438999064524780455
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB8S Value: s85103\|ZCG6P
.pubmatic.com/	1970-01-20 10:40:18	Name: pi Value: 156505:3
.pubmatic.com/	1970-01-20 12:48:27	Name: chkChromeAb67Sec Value: 2
.udmserve.net/	1970-01-20 19:24:27	Name: udmts Value: 1679931961.0
.udmserve.net/	1970-01-20 12:48:27	Name: idid Value: d01d93c2-10be-4695-bec2-122650c06ad5
.udmserve.net/	1970-01-20 12:48:27	Name: indx Value: ZCG6OLAjfDhas-U3qTtOKQAADKgAAAAB
.doubleclick.net/	1970-01-20 10:38:55	Name: DSID Value: NO_DATA
.udmserve.net/	1970-01-20 12:48:27	Name: pmid Value: BB4A932D-D729-4525-BFD6-D58026A6A97F
.adnxs.com/	1970-01-20 12:48:27	Name: anj Value: dTM7k!M41.D>6NRF']wIg2In?:MQFD!@wnfH8K6pQK`!5=E<L5?%M>gx.(//w6`#ApFVn3?LeGguFPM?ikCi`^<R4%nugO%v4VB%noHb='=9
.blismedia.com/	1970-01-20 19:24:31	Name: b Value: 6421BA3B23D3424BB944E3EEBLIS
.travelaudience.com/	1970-01-20 20:10:32	Name: _tracker Value: %7B%22UUID%22%3A%22EDF3F8BC-85A1-485D-8C44-21F6FA8EF88F%22%7D
.adform.net/	1970-01-20 11:23:30	Name: C Value: 1
.ctnsnet.com/	1970-01-20 19:24:27	Name: gid_CAESEAR62HvxgmLWHrAqYt89Uds Value: 1
.ctnsnet.com/	1970-01-20 19:24:27	Name: cid_b7824e0c708746d39ee26456b7393a6e Value: 1
.w55c.net/	1970-01-20 20:10:32	Name: wfivefivec Value: NQrIFLNy1PGP2P5
.adform.net/	1970-01-20 12:05:15	Name: uid Value: 6087708688136788468
.w55c.net/	1970-01-20 11:22:03	Name: matchgoogle Value: 5

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	error	Message: Failed to set referrer policy: The value '' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'origin', 'origin-when-cross-origin', 'same-origin', 'strict-origin', 'strict-origin-when-cross-origin', or 'unsafe-url'. The referrer policy has been left unchanged.
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1#RS-1-&adk=1812271803&client=ca-pub-7507174334378103&fa=3&ifi=5&uci=a!5&btvi=3&xpc=ezzk7XCWkB&p=https%3A//mypaylogin.com Message: The resource https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20110914/zrt_lookup.html?fsb=1#RS-2-&adk=1812271804&client=ca-pub-7507174334378103&fa=4&ifi=6&uci=a!6&btvi=4&xpc=PBd4pxfPC6&p=https%3A//mypaylogin.com Message: The resource https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.360yield.com
ads.travelaudience.com
adservice.google.com
adservice.google.de
bid.underdog.media
buttons-config.sharethis.com
c1.adform.net
cm.g.doubleclick.net
dclk-match.dotomi.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
encrypted-tbn1.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
gcm.ctnsnet.com
google-analytics.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
image8.pubmatic.com
l.sharethis.com
mypaylogin.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.quantserve.com
platform-api.sharethis.com
pm.w55c.net
region1.google-analytics.com
rules.quantcount.com
s0.2mdn.net
secure.adnxs.com
secure.quantserve.com
secureir.ebaystatic.com
ssum-sec.casalemedia.com
static.adsafeprotected.com
sync.go.sonobi.com
tpc.googlesyndication.com
tr.blismedia.com
udmserve.net
ups.analytics.yahoo.com
www.ebayadservices.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
13.32.99.51
172.217.18.2
18.197.15.234
18.197.187.90
185.64.189.110
185.64.189.115
185.64.190.81
185.80.39.216
185.89.210.153
185.89.210.180
198.47.127.18
199.192.23.231
2001:4860:4802:32::36
2001:4860:4802:36::178
209.140.136.209
216.58.212.130
23.206.209.4
2600:1f13:800:7781:597a:4662:4114:69b9
2600:9000:21a1:f200:5:c4ab:c3c0:93a1
2600:9000:223c:7a00:6:44e3:f8c0:93a1
2600:9000:223c:ca00:c:abe:f440:93a1
2600:9000:223f:c800:8:48e:53c0:93a1
2620:116:800d:21:c5a4:625:6563:a5bb
2a00:1450:4001:80f::2004
2a00:1450:4001:810::2002
2a00:1450:4001:811::2002
2a00:1450:4001:812::200a
2a00:1450:4001:813::2002
2a00:1450:4001:828::2002
2a00:1450:4001:828::200e
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2008
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2004
2a00:1450:4001:82b::2006
2a00:1450:4001:831::2001
2a00:1450:4001:831::2003
2a02:fa8:8806:20::2010
3.75.62.37
34.246.96.48
34.96.105.8
35.186.193.173
35.190.0.66
37.157.2.234
54.78.191.40
68.71.249.118
69.166.1.12
0102fdfbd0b06f4718e32f6586659557a6234c0111940c1fa3d697c42b067c1c
01b9a2d299df898e338e1c76c626386595a2ed0cfb5f20d209d00f137ca31fb1
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
06d6e10886ed7de5561acab1935bce1c46174baa9cbd0bcb319aa3b69594131f
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0b9f4185fe4e69a4411aaa177edfd8ad3aae9c5887bc309b1d88bfdf7317fabb
0cf228bfa7cd9d4c526703d7eabee1e278a77943ad402b82bf34678b873d3b4f
0fe6a4357505cb0d3ca8ba0671ad57df6b7410ca02cb8065eed58e2c0381e640
1060091178cbd6c843b802f516f230f1a3a1e85f1afbd6ef84d80e5430ba457e
11b2088deff6ac044087d2ef9e23453bc600e5e505f5cca9bd62a4cfe6d11a74
11f1414c6342d8a5a5124286921298b09b1e776f0aae7bbc4c83b96685166019
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13dfe4c5762ec7bfb4d41934c0f2b78cd73e86c38896e36b6431c1e2403ea7b8
15eaeb49112cb71de08a452c992fed4d87476508ede572843ab40ef34d254ebf
169129c84912473c3eea8cb0783089f986648c26f879f25caf12b9933feedebe
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1bd4b6c45e7bc6a8d91d052fd971d32dae0282cdc0a8513ff8dc60f4b3f2a274
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1dab49c7e7f030b2673f47a20ce13a30211a6c8c3699456d233453fe94e751a0
1e0a52e09f6a82103811fb05011f1487605df55d406ecaad89c68999d67f8ae0
1e8b67794d91a8c62f80771d5cdf29398752ded3315cffd050b90cdec2834b58
1ee2618430f8b4e416953db3c781337223aa3f9328faa51744da1e7ac973a68a
21b91880a6490f798cb5c43c7957d633e6bc82cf164bd2224efbae715d08d0cf
261df23b8d9a3f12b2c8b2ac7f3515b29ca4b3beb546db4e7cddb13658aabe7f
270be58b040d0b59d87a4deea0ca09e1b49916b84858005cd3e3e1f2d302ba32
27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4
293cc52fc9963a474270b819a804eb688b5d38497c2321ff6aa407edb5d46ca8
29756d1e9926e455608bf53d668030ae9a1b0240f4a3374fe4a5af788bc71c83
297c8d4b044ed3cf15cf7708e5ef8e171c5154ac3282f84237e14bde6a471028
2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
2ffac4300a08fe98e9ec7fbcdf0088a4289ffa784f63a4b751a7de477459935b
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3192c9a7e98a6d2874cde7e3a27c4f6149d4b1034ac6acd81a7d2d6ef1393761
3228192a6ddce5b0d6ad2ef149a07d539a7a7fba51f70505e02481c4ebbcd8bf
368daab67b1a5b2b2802edbbac79a2aa4ba992a2ebf9c67b98ad784d8004018c
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
3a663467e111fd2237a1bc5255e8d702b099f29cb553ecab24efe98cbf898b5d
3cdafa331554b9a58e4406b653270c0b44945e431761cfeb3876229f001f8af6
3d2c706c6c0d79356ebb6152ae1e607d31cccff9895043e31ca7f6d34cd79ae1
3dd3db2741c2b611c7b73fdccd23b73a837290292c1fda9c6118d5f315e5360a
3e19021518a433408f42cdfc65e3e2b4df2ceaa4dfbbc942cda575fe23cbd3b4
3ff67729bda9324ecd6c4722edc54ab8e90875696114aff68f733dd5e3b5941e
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
46b3e081067e631f9a1049fbfa37844da854f741b7f9a45900dc02a19a4ef143
4812d4e2fbfa080ea51ec6755f24dd8728c9c428cf89ffd34648e7b321801a71
48ea29f1197c91fa6ae6707b59b411b7b4ba78a8c7d00f76c6a669ee12a00e2f
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50a9333a7ff0d660714662cb1ab49ec81e1ed716eba78c729600166f7338da95
50acee13b4d29f658d9d10ceaf7b5a139924516d42d1e1b79fb1c73083193744
5206017966892905a24b1f83f98d168755785eb431f4bb66a7c7dabfadc5d8a0
52db930f81d97113dde679cac624cb5435b56d4ac486e91a0b6692d2cb615a84
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57c96fd4294617fb0bf3842d1f77ec2365ff0d0d00b6817508b6192df0e8c169
582c2586c49819d9dfe5cb88653679a40bf930ca86f1dc01a4afd821a9eab97e
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
632ef1e58ee645d5dbdc02c943c931dfcc2371b1552214297a0e3f911c4ed61f
6a42392f744cf34cdc9eef0942861c7a4e1eba86a20c40dabe35b83f99808262
6b9b2b33d50320446996a318fbd7129b3b365e760c44e8acc28031438bb3f8d3
734b9c920ca443dbf993e22a56264e64a738ec99fb2908a5e3f30fdf2480dc5f
74017d97a0876e72ef09a14ea0b3ad49a744811c726e7b05e305d4a6e3e07612
78a0b7266f642f96b673c4065063dba46a80f651ff12352eb82aa877c23b9186
78dfac590a35c773bb440d7f8de51c99e70c96c49a80be701bc565960e6fa864
78fc260a16dbbd76ec3b4da56ccdc7a076d21d31c501e0a17a4175c4a25d95ea
82df0096488e87333aaa0b7cad6ec583baee19c0d1cf7638e48fb609ed060a79
83dd1a8208a83ec90a9a2d7774ab28e4b93b3eba53fb6a3fd444eb7e389ecbff
84569c21aafc5b59c74756c75648de4c4564f7733bc1128b0f259ca4191edf77
854a1cb3bf2ef67e6a303c0ca22cbf1616a6683a1415997646bb2129047a7e1d
85e74cf367fdd70c3bdbb603df85574f4f7e9a99b6f77c3e0b4cee1c9fe5105c
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
8ab1c76ab8274b4157c52806e2d528a2ebf947fbec10f83b3a3b28911ebadc9b
8eb9154545d4038cd2f57124f50ae7374070301eb77021c71d28523bd0296398
930caf678f76ec9641fe6230eaf554950de623fedf1655a7d26d38906ba01a7b
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9da8be2e5def63c77f53ed660306098debe21d622c79756180a4a626ba21c6af
9fbb78d831f4409c5d513b230b46466af266b896851f86a80c51acdc664bb135
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a3501a3f0a7b6bc47f9f81c7be85b3603816fe2d3026ab4b396127ed9eb8895c
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
ab21762c3f447aa08cbefd5ea3866165f925bd5058a9ae19e23721462de6fb60
b10675bf296441c176229747bcbd5e76204633a2952c0778ccd75bc163a17733
b11ec8adfcedb47bccc531a804083f5959eab0c4db3f093eca2637d41e59f15e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b742b5939794635c6f4ec1939ebb50e65199da40c766fbfc11da2319601fcea7
bd132cec40dfd4f31611d972baefccab71ad9c618ac47fe1cbb39afea497f5c6
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a
ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93
cafd152a359f2852ba26ac3075a4fc8266a7109b836df360779ddd506f978e4c
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
d2a5d145294313d7daea99d2575b46b3441a1cd8fe31223164aee0373e7d8853
d7a1bdec6b5209de5be156a573409f2f9e30488cca22fb380d2234057c7973f1
ddbd50dfeda4b71b1e215b7e1caf8b0e910a47297c283231854ea8b345091148
debb712196d5cadeea88c64b0c3364265abdee5035a71c65ac9172ccdd8250b8
dfb251ab625fc65ba9da3b27cc16fc25459480c929e6e8ff1efb2fa87fd72659
e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e6b4a9a6b3e079556c8bdf74e202171b678dc2918a82ba85aa1963fefe9270c2
e8cd4bf2f547eb60b69a54a5340d5feed5905e1e5ea0ef3d3aefe6a6c1523fe7
e8d139ee2ae1d25c8d2b6dad4d3618a213d0b0179eb29ae29434e2fd5653f73a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4110d145ad25681a3ef677782ec9a807407fe09b028c2ea15648833ed9cac60
f42181a1111c720eaf1321eaad9ce063f6e397304aac01e511c2bffee43739f4
f4f828bd932e3d2cfc41828f719a08047655f9572c4cc79828fc336c23a6f2ff
f5028e642669082c7ef64151825c01dbbae8649947fec407bfd6521d9371536d
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
fbc076b6349a619fe8e0d988e644b3b0b62766d90fe3c81cd7c1e0376e29bad7
fc5e5e5fcb0512d00c16a63f06157a3d039a2810e184226ffede0b5f2f223293

mypaylogin.com Open in urlscan Pro 199.192.23.231 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

195 Requests

91 %HTTPS

49 %IPv6

32 Domains

50 Subdomains

36 IPs

7 Countries

2414 kBTransfer

7064 kBSize

43 Cookies

1 Outgoing links

Page URL History

Redirected requests

195 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

mypaylogin.com Open in urlscan Pro
199.192.23.231 Public Scan

Screenshot
Live screenshot

Full Image

195
Requests

91 %
HTTPS

49 %
IPv6

32
Domains

50
Subdomains

36
IPs

7
Countries

2414 kB
Transfer

7064 kB
Size

43
Cookies

195 HTTP transactions
7 data transactions