4331292.fls.doubleclick.net Open in urlscan Pro
172.217.23.102 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://4331292.fls.doubleclick.net/activityi;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344
Effective URL:
https://4331292.fls.doubleclick.net/activityi;dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=787378446...
Submission Tags: falconsandbox
Submission: On September 07 via api (September 7th 2021, 4:26:24 am UTC) from US

Summary HTTP 26 Redirects Behaviour Indicators

Summary

This website contacted 14 IPs in 3 countries across 12 domains to perform 26 HTTP transactions. The main IP is 172.217.23.102, located in United States and belongs to GOOGLE, US. The main domain is 4331292.fls.doubleclick.net.
TLS certificate: Issued by GTS CA 1C3 on August 16th 2021. Valid for: 3 months.

This is the only time 4331292.fls.doubleclick.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 3	172.217.23.102 172.217.23.102	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
6	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	37.252.172.38 37.252.172.38	29990 (ASN-APPNEX) (ASN-APPNEX)
1	212.82.100.181 212.82.100.181	34010 (YAHOO-IRD) (YAHOO-IRD)
1 2	209.54.178.82 209.54.178.82	16509 (AMAZON-02) (AMAZON-02)
1 2	52.3.98.112 52.3.98.112	14618 (AMAZON-AES) (AMAZON-AES)
1	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
5	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	52.14.63.121 52.14.63.121	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
26	14

3 172.217.23.102 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f6.1e100.net

4331292.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.172.38 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.181 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spdc.pbp.vip.ir2.yahoo.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.54.178.82 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.3.98.112 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-3-98-112.compute-1.amazonaws.com

trkn.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.14.63.121 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-14-63-121.us-east-2.compute.amazonaws.com

collector-11737.tvsquared.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	mathtag.com pixel.mathtag.com	5 KB
5	facebook.com www.facebook.com	587 B
4	doubleclick.net 1 redirects 4331292.fls.doubleclick.net googleads.g.doubleclick.net	4 KB
3	facebook.net connect.facebook.net	123 KB
2	trkn.us 1 redirects trkn.us	1 KB
2	amazon-adsystem.com 1 redirects s.amazon-adsystem.com	2 KB
2	adnxs.com 1 redirects secure.adnxs.com	2 KB
2	google.de 1 redirects adservice.google.de www.google.de	285 B
2	google.com adservice.google.com www.google.com	503 B
1	tvsquared.com collector-11737.tvsquared.com	276 B
1	googleadservices.com www.googleadservices.com	18 KB
1	yahoo.com sp.analytics.yahoo.com	962 B
26	12

	Domain	Requested by
6	pixel.mathtag.com	4331292.fls.doubleclick.net pixel.mathtag.com
5	www.facebook.com	4331292.fls.doubleclick.net
3	connect.facebook.net	4331292.fls.doubleclick.net connect.facebook.net
3	4331292.fls.doubleclick.net	1 redirects adservice.google.com
2	trkn.us	1 redirects 4331292.fls.doubleclick.net
2	s.amazon-adsystem.com	1 redirects 4331292.fls.doubleclick.net
2	secure.adnxs.com	1 redirects 4331292.fls.doubleclick.net
1	www.google.de	4331292.fls.doubleclick.net
1	www.google.com	4331292.fls.doubleclick.net
1	collector-11737.tvsquared.com	4331292.fls.doubleclick.net
1	googleads.g.doubleclick.net	www.googleadservices.com
1	www.googleadservices.com	4331292.fls.doubleclick.net
1	sp.analytics.yahoo.com	4331292.fls.doubleclick.net
1	adservice.google.de	1 redirects
1	adservice.google.com	4331292.fls.doubleclick.net
26	15

This site contains no links.

Subject Issuer	Validity	Valid
*.doubleclick.net GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
pixel.mathtag.com DigiCert SHA2 Secure Server CA	`2021-06-29` - `2022-07-07`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-05-24` - `2021-11-17`	6 months	crt.sh
s.amazon-adsystem.com Amazon	`2021-07-14` - `2022-06-27`	a year	crt.sh
trkn.us Go Daddy Secure Certificate Authority - G2	`2021-01-19` - `2022-02-20`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-07-20` - `2021-10-18`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.tvsquared.com Amazon	`2020-10-16` - `2021-11-14`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://4331292.fls.doubleclick.net/activityi;dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344
Frame ID: C8B6D47613E0B5F24CF0030DBBE12419
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344
Frame ID: 1E858AB490F51E33AC7F8775B6F800A3
Requests: 1 HTTP requests in this frame

Frame: https://4331292.fls.doubleclick.net/ddm/fls/r/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344
Frame ID: 902FF0B2731710193B325BC02F87750E
Requests: 21 HTTP requests in this frame

Frame: https://pixel.mathtag.com/sync/iframe?mt_uuid=05ff6136-e9df-4100-9364-7eb4ce0993b5&no_iframe=1&mt_adid=157428&source=mathtag
Frame ID: A7D7A170658AB99B39FA6EA596FE208D
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://4331292.fls.doubleclick.net/activityi;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344 HTTP 302
https://4331292.fls.doubleclick.net/activityi;dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=st... Page URL

Page Statistics

26
Requests

100 %
HTTPS

47 %
IPv6

12
Domains

15
Subdomains

14
IPs

3
Countries

154 kB
Transfer

497 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://4331292.fls.doubleclick.net/activityi;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344 HTTP 302
https://4331292.fls.doubleclick.net/activityi;dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://adservice.google.de/ddm/fls/i/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344 HTTP 302
https://4331292.fls.doubleclick.net/ddm/fls/r/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344

Request Chain 3

https://secure.adnxs.com/px?id=1234332&seg=21632410&t=2 HTTP 307
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1234332%26seg%3D21632410%26t%3D2

Request Chain 5

https://s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3Dad5d52c7-32d4-67be-234f-eef40134bf79%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.statefarm.com/&ex-hargs=v%3D1.0%3Bc%3D7841869800301%3Bp%3DAD5D52C7-32D4-67BE-234F-EEF40134BF79 HTTP 302
https://s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3Dad5d52c7-32d4-67be-234f-eef40134bf79%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.statefarm.com/&ex-hargs=v%3D1.0%3Bc%3D7841869800301%3Bp%3DAD5D52C7-32D4-67BE-234F-EEF40134BF79&dcc=t

Request Chain 6

https://trkn.us/pixel/conv/ppt=3127;g=landing_page;gid=15375;ord=[uniqueid] HTTP 302
https://trkn.us/pixel/conv/ppt=3127;g=landing_page;gid=15375;ord=[uniqueid];ip=89.249.64.171;cuidchk=1

26 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3-29

200

Primary Request activityi;dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344 Show response
4331292.fls.doubleclick.net/
Redirect Chain

https://4331292.fls.doubleclick.net/activityi;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344?
https://4331292.fls.doubleclick.net/activityi;dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344?

409 B
352 B

34ms
19ms

Document
text/html

172.217.23.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4331292.fls.doubleclick.net/activityi;dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344?

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f6.1e100.net

Software

cafe /

Resource Hash

3440bcd4705045552467116f55f07e1497e5fc600c43d4ccab52520f85382a04

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 4331292.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 07 Sep 2021 04:26:07 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 327
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 07-Sep-2021 04:41:07 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 07 Sep 2021 04:26:07 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://4331292.fls.doubleclick.net/activityi;dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344 Show response
adservice.google.com/ddm/fls/i/ Frame 1E85 408 B
394 B 18ms
18ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344

Requested by

Host: 4331292.fls.doubleclick.net
URL: https://4331292.fls.doubleclick.net/activityi;dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

35a725e15ebfc98e4176de19cf6f90a341c1903466d6f5922ba30839a726e994

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: adservice.google.com
:scheme: https
:path: /ddm/fls/i/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://4331292.fls.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://4331292.fls.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 07 Sep 2021 04:26:07 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 324
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344 Show response
4331292.fls.doubleclick.net/ddm/fls/r/ Frame 902F
Redirect Chain

https://adservice.google.de/ddm/fls/i/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344
https://4331292.fls.doubleclick.net/ddm/fls/r/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344

3 KB
2 KB

20ms
20ms

Document
text/html

172.217.23.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4331292.fls.doubleclick.net/ddm/fls/r/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f6.1e100.net

Software

cafe /

Resource Hash

f64bd12dc2acb078cfb45a6fe33c0215ffba83cab8a95eb1ba5ebf91621acc49

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 4331292.fls.doubleclick.net
:scheme: https
:path: /ddm/fls/r/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://adservice.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://adservice.google.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 07 Sep 2021 04:26:07 GMT
expires: Tue, 07 Sep 2021 04:26:07 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 1704
x-xss-protection: 0
set-cookie: IDE=AHWqTUltNrV3YQaLPcqfOEKU1JTNDLAW5Z3zQaJ01qaHlvw9Maae_ioF0jmyArRgsGc; expires=Sun, 02-Oct-2022 04:26:07 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 07 Sep 2021 04:26:07 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://4331292.fls.doubleclick.net/ddm/fls/r/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK js Show response
pixel.mathtag.com/event/ Frame 902F 2 KB
2 KB 73ms
31ms Script
text/javascript 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.mathtag.com/event/js?mt_id=1495346&mt_adid=157428&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=
Requested by: Host: 4331292.fls.doubleclick.net
URL: https://4331292.fls.doubleclick.net/ddm/fls/r/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3905 f19d76c master cdg-pixel-x28 /
Resource Hash: 7a585a6cac4057232baadc296289f08fdf634bb8a1f9fb5d75ed9f8447fa5cc3

Request headers

Referer: https://4331292.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 07 Sep 2021 04:26:07 GMT
Server: MT3 3905 f19d76c master cdg-pixel-x28
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 2042
Expires: Tue, 07 Sep 2021 04:26:06 GMT

GET
H/1.1

200
OK

bounce
secure.adnxs.com/ Frame 902F
Redirect Chain

https://secure.adnxs.com/px?id=1234332&seg=21632410&t=2
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1234332%26seg%3D21632410%26t%3D2

43 B
1021 B

19ms
19ms

Image
image/gif

37.252.172.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1234332%26seg%3D21632410%26t%3D2

Requested by

Host: 4331292.fls.doubleclick.net
URL: https://4331292.fls.doubleclick.net/ddm/fls/r/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://4331292.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 04:26:07 GMT
X-Proxy-Origin: 89.249.64.171; 89.249.64.171; 690.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: dbfdcc56-bcac-4157-901f-a49393bbb146
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 04:26:07 GMT
X-Proxy-Origin: 89.249.64.171; 89.249.64.171; 690.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 24e40fee-4e86-43b6-9e5a-077ecf4cfe2f
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1234332%26seg%3D21632410%26t%3D2
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK spp.pl
sp.analytics.yahoo.com/ Frame 902F 43 B
962 B 417ms
347ms Image
image/gif 212.82.100.181
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/spp.pl?a=10000&.yp=10047821&ec=1529127

Requested by

Host: 4331292.fls.doubleclick.net
URL: https://4331292.fls.doubleclick.net/ddm/fls/r/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.181 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

spdc.pbp.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://4331292.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 07 Sep 2021 04:26:08 GMT
X-Content-Type-Options: nosniff
Age: 0
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Server: ATS
X-Frame-Options: DENY
Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Strict-Transport-Security: max-age=31536000
Content-Type: image/gif
Cache-Control: no-cache, private, must-revalidate
Accept-Ranges: bytes
Expires: Tue, 07 Sep 2021 04:26:08 GMT

GET
H/1.1

200
OK

iui3
s.amazon-adsystem.com/ Frame 902F
Redirect Chain

https://s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3Dad5d52c7-32d4-67be-234f-eef40134bf79%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.statefarm.com/&ex-hargs=v%3D1.0%3Bc%3D78...
https://s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3Dad5d52c7-32d4-67be-234f-eef40134bf79%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.statefarm.com/&ex-hargs=v%3D1.0%3Bc%3D78...

43 B
932 B

118ms
118ms

Image
image/gif

209.54.178.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3Dad5d52c7-32d4-67be-234f-eef40134bf79%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.statefarm.com/&ex-hargs=v%3D1.0%3Bc%3D7841869800301%3Bp%3DAD5D52C7-32D4-67BE-234F-EEF40134BF79&dcc=t

Requested by

Host: 4331292.fls.doubleclick.net
URL: https://4331292.fls.doubleclick.net/ddm/fls/r/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.178.82 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://4331292.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 04:26:08 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: J171KJZ80DJR66NFG4A9
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 04:26:08 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 5H3BYEPWZ35WDFZ9W469
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3Dad5d52c7-32d4-67be-234f-eef40134bf79%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.statefarm.com/&ex-hargs=v%3D1.0%3Bc%3D7841869800301%3Bp%3DAD5D52C7-32D4-67BE-234F-EEF40134BF79&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

ppt=3127;g=landing_page;gid=15375;ord=[uniqueid];ip=89.249.64.171;cuidchk=1
trkn.us/pixel/conv/ Frame 902F
Redirect Chain

https://trkn.us/pixel/conv/ppt=3127;g=landing_page;gid=15375;ord=[uniqueid]
https://trkn.us/pixel/conv/ppt=3127;g=landing_page;gid=15375;ord=[uniqueid];ip=89.249.64.171;cuidchk=1

42 B
780 B

608ms
608ms

Image
image/gif

52.3.98.112
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trkn.us/pixel/conv/ppt=3127;g=landing_page;gid=15375;ord=[uniqueid];ip=89.249.64.171;cuidchk=1

Requested by

Host: 4331292.fls.doubleclick.net
URL: https://4331292.fls.doubleclick.net/ddm/fls/r/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.3.98.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-3-98-112.compute-1.amazonaws.com

Software

Apache /

Resource Hash

b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://4331292.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Sep 2021 04:26:08 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 9 Nov 1980 12:59:00 GMT
Server: Apache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Sun, 9 Nov 1980 12:58:00 GMT

Redirect headers

Date: Tue, 07 Sep 2021 04:26:08 GMT
X-Content-Type-Options: nosniff
Server: Apache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: /pixel/conv/ppt=3127;g=landing_page;gid=15375;ord=[uniqueid];ip=89.249.64.171;cuidchk=1
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 0

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ Frame 902F 44 KB
18 KB 47ms
20ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: 4331292.fls.doubleclick.net
URL: https://4331292.fls.doubleclick.net/ddm/fls/r/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

bdf3562817726890d330b91f0cca76fea16e175ef6cd7b8af03c63cad117e496

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4331292.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 04:26:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17402
x-xss-protection: 0
server: cafe
etag: 3801058464599150809
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 07 Sep 2021 04:26:07 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 902F 99 KB
26 KB 7ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: 4331292.fls.doubleclick.net
URL: https://4331292.fls.doubleclick.net/ddm/fls/r/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

335b59e615135313a66319e641cdad6ac3489a600e04d4181c859699bed4babe

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://4331292.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 25999
x-xss-protection: 0
pragma: public
x-fb-debug: 8TMvcJ2UPPRLaEPuXCSJwsiu20EfwJSXDNN5dYCA/V+cjvlIHKu859eQrXLXAHBYzqG7OAiJ7b0Xh9DOF/8CWw==
x-fb-trip-id: 917726464
x-frame-options: DENY
date: Tue, 07 Sep 2021 04:26:07 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29 200 301471450893880 Show response
connect.facebook.net/signals/config/ Frame 902F 306 KB
87 KB 7ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/301471450893880?v=2.9.45&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4d22c74f308b65ba57a633924c78115fbf5e1a4472c50fd3d3ed66123f6d22db

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://4331292.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 89195
x-xss-protection: 0
pragma: public
x-fb-debug: AIiluwCFkmyZYRQ9tafEYEjT9lv/nC34iIPtacNn0QqROaiReGH5qH5URocXMeubhMxeEeRwCGyt9GFoEZ1Bog==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 07 Sep 2021 04:26:07 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29 200 1673276772914128 Show response
connect.facebook.net/signals/config/ Frame 902F 39 KB
10 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1673276772914128?v=2.9.45&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7b7288d4fe4165a52be5e46e3af28f75d16300e4e5626466fbd1955037b27b8a

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://4331292.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 10597
x-xss-protection: 0
pragma: public
x-fb-debug: j6RweMFcAh4a63EZFYmkvae+7unI7LleuzR6YvAXrCZvTLTrXpEgnHRXt9dy0dee4cFAjUTwitMHrIJ+oJNF3g==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 07 Sep 2021 04:26:07 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ Frame 902F 44 B
147 B 11ms
10ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=301471450893880&ev=PageView&dl=https%3A%2F%2F4331292.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCIOHjNGC7PICFUrhGwoda7MMvw%3Bsrc%3D4331292%3Btype%3Dquoti942%3Bcat%3Dstate977%3Bord%3D7873784469312.344&rl=https%3A%2F%2Fadservice.google.com%2F&if=true&ts=1630988767976&sw=1600&sh=1200&v=2.9.45&r=stable&ec=0&o=30&it=1630988767945&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET

Requested by

Host: 4331292.fls.doubleclick.net
URL: https://4331292.fls.doubleclick.net/ddm/fls/r/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://4331292.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 04:26:07 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 07 Sep 2021 04:26:07 GMT

GET
H2 200 /
www.facebook.com/tr/ Frame 902F 44 B
101 B 12ms
11ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=301471450893880&ev=InitiateCheckout&dl=https%3A%2F%2F4331292.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCIOHjNGC7PICFUrhGwoda7MMvw%3Bsrc%3D4331292%3Btype%3Dquoti942%3Bcat%3Dstate977%3Bord%3D7873784469312.344&rl=https%3A%2F%2Fadservice.google.com%2F&if=true&ts=1630988767980&sw=1600&sh=1200&v=2.9.45&r=stable&ec=1&o=30&it=1630988767945&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET

Requested by

Host: 4331292.fls.doubleclick.net
URL: https://4331292.fls.doubleclick.net/ddm/fls/r/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://4331292.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 04:26:07 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 07 Sep 2021 04:26:07 GMT

GET
H2 200 /
www.facebook.com/tr/ Frame 902F 44 B
101 B 12ms
11ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=301471450893880&ev=Homepage&dl=https%3A%2F%2F4331292.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCIOHjNGC7PICFUrhGwoda7MMvw%3Bsrc%3D4331292%3Btype%3Dquoti942%3Bcat%3Dstate977%3Bord%3D7873784469312.344&rl=https%3A%2F%2Fadservice.google.com%2F&if=true&ts=1630988767981&sw=1600&sh=1200&v=2.9.45&r=stable&ec=2&o=30&it=1630988767945&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET

Requested by

Host: 4331292.fls.doubleclick.net
URL: https://4331292.fls.doubleclick.net/ddm/fls/r/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://4331292.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 04:26:07 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 07 Sep 2021 04:26:07 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1015944286/ Frame 902F 2 KB
1 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1015944286/?random=1630988767985&cv=9&fst=1630988767985&num=1&label=oGiQCIjvkVkQ3qi45AM&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=1&url=https%3A%2F%2F4331292.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCIOHjNGC7PICFUrhGwoda7MMvw%3Bsrc%3D4331292%3Btype%3Dquoti942%3Bcat%3Dstate977%3Bord%3D7873784469312.344%3F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05c42fc68b4774aa08f202dfdcbb5f7ff4ed4cbaf4565331e6948368a35aeeda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4331292.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 04:26:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1141
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.facebook.com/tr/ Frame 902F 44 B
91 B 9ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1673276772914128&ev=PageView&dl=https%3A%2F%2F4331292.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCIOHjNGC7PICFUrhGwoda7MMvw%3Bsrc%3D4331292%3Btype%3Dquoti942%3Bcat%3Dstate977%3Bord%3D7873784469312.344&rl=https%3A%2F%2Fadservice.google.com%2F&if=true&ts=1630988767996&sw=1600&sh=1200&v=2.9.45&r=stable&ec=0&o=28&it=1630988767945&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET

Requested by

Host: 4331292.fls.doubleclick.net
URL: https://4331292.fls.doubleclick.net/ddm/fls/r/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://4331292.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 04:26:07 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Tue, 07 Sep 2021 04:26:07 GMT

GET
H/1.1 200
OK iframe Show response
pixel.mathtag.com/sync/ Frame A7D7 631 B
949 B 66ms
32ms Document
text/html 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.mathtag.com/sync/iframe?mt_uuid=05ff6136-e9df-4100-9364-7eb4ce0993b5&no_iframe=1&mt_adid=157428&source=mathtag
Requested by: Host: pixel.mathtag.com
URL: https://pixel.mathtag.com/event/js?mt_id=1495346&mt_adid=157428&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3905 f19d76c master cdg-pixel-x25 /
Resource Hash: 304a0259406001319e10acd097537e33bbc0157670417a48fdd527a889951f65

Request headers

Host: pixel.mathtag.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://4331292.fls.doubleclick.net/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: uuid=05ff6136-e9df-4100-9364-7eb4ce0993b5
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://4331292.fls.doubleclick.net/

Response headers

Content-Type: text/html
Content-Length: 631
Server: MT3 3905 f19d76c master cdg-pixel-x25
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Expires: Tue, 07 Sep 2021 04:26:06 GMT
Date: Tue, 07 Sep 2021 04:26:08 GMT
Connection: keep-alive

GET
H/1.1 200
OK tv2track.php
collector-11737.tvsquared.com/ Frame 902F 42 B
276 B 446ms
109ms Image
image/gif 52.14.63.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://collector-11737.tvsquared.com/tv2track.php?idsite=TV-8181276327-1&rec=1&rand=1555247727
Requested by: Host: 4331292.fls.doubleclick.net
URL: https://4331292.fls.doubleclick.net/ddm/fls/r/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.14.63.121 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-14-63-121.us-east-2.compute.amazonaws.com
Software: nginx /
Resource Hash: f0c71e3da5b3fcab3c66af1cf0cdbf262c97b9330b7b37116f1ae2ab18bdc660

Request headers

Referer: https://4331292.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 07 Sep 2021 04:26:08 GMT
Server: nginx
Connection: keep-alive
Request-Id: b4ad7149-37e6-4e4b-9e5f-05f0b9db8dac
P3p: CP='OTI DSP COR NID STP UNI OTPa OUR'
Content-Length: 42
Content-Type: image/gif

GET
H/1.1 200
OK img
pixel.mathtag.com/misc/ Frame 902F 43 B
480 B 30ms
30ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/misc/img?mm_bnc&bcdv=0
Requested by: Host: 4331292.fls.doubleclick.net
URL: https://4331292.fls.doubleclick.net/ddm/fls/r/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3905 f19d76c master cdg-pixel-x27 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://4331292.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 07 Sep 2021 04:26:08 GMT
Server: MT3 3905 f19d76c master cdg-pixel-x27
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 07 Sep 2021 04:26:06 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1015944286/ Frame 902F 42 B
109 B 18ms
18ms Image
image/gif 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1015944286/?random=1630988767985&cv=9&fst=1630987200000&num=1&label=oGiQCIjvkVkQ3qi45AM&guid=ON&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=1&url=https%3A%2F%2F4331292.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCIOHjNGC7PICFUrhGwoda7MMvw%3Bsrc%3D4331292%3Btype%3Dquoti942%3Bcat%3Dstate977%3Bord%3D7873784469312.344%3F&ref=https%3A%2F%2Fadservice.google.com%2F&fmt=3&is_vtc=1&random=2116887739&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: 4331292.fls.doubleclick.net
URL: https://4331292.fls.doubleclick.net/ddm/fls/r/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4331292.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 04:26:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1015944286/ Frame 902F 42 B
108 B 17ms
17ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1015944286/?random=1630988767985&cv=9&fst=1630987200000&num=1&label=oGiQCIjvkVkQ3qi45AM&guid=ON&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=1&url=https%3A%2F%2F4331292.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCIOHjNGC7PICFUrhGwoda7MMvw%3Bsrc%3D4331292%3Btype%3Dquoti942%3Bcat%3Dstate977%3Bord%3D7873784469312.344%3F&ref=https%3A%2F%2Fadservice.google.com%2F&fmt=3&is_vtc=1&random=2116887739&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: 4331292.fls.doubleclick.net
URL: https://4331292.fls.doubleclick.net/ddm/fls/r/dc_pre=CIOHjNGC7PICFUrhGwoda7MMvw;src=4331292;type=quoti942;cat=state977;ord=7873784469312.344

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4331292.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Sep 2021 04:26:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/misc/ Frame A7D7 43 B
480 B 30ms
30ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/misc/img?mm_bnc&bcdv=0
Requested by: Host: pixel.mathtag.com
URL: https://pixel.mathtag.com/sync/iframe?mt_uuid=05ff6136-e9df-4100-9364-7eb4ce0993b5&no_iframe=1&mt_adid=157428&source=mathtag
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3905 f19d76c master cdg-pixel-x26 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://pixel.mathtag.com/sync/iframe?mt_uuid=05ff6136-e9df-4100-9364-7eb4ce0993b5&no_iframe=1&mt_adid=157428&source=mathtag
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 07 Sep 2021 04:26:08 GMT
Server: MT3 3905 f19d76c master cdg-pixel-x26
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 07 Sep 2021 04:26:07 GMT

GET
H2 200 /
www.facebook.com/tr/ Frame 902F 44 B
147 B 8ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=301471450893880&ev=Microdata&dl=https%3A%2F%2F4331292.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCIOHjNGC7PICFUrhGwoda7MMvw%3Bsrc%3D4331292%3Btype%3Dquoti942%3Bcat%3Dstate977%3Bord%3D7873784469312.344&rl=https%3A%2F%2Fadservice.google.com%2F&if=true&ts=1630988769517&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.45&r=stable&ec=3&o=30&it=1630988767945&coo=false&dpo=LDU&dpoco=0&dpost=0&es=automatic&tm=3&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://4331292.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 04:26:09 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 07 Sep 2021 04:26:09 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/misc/ Frame 902F 43 B
635 B 29ms
28ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/misc/img?mm_bnc&bcdv=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3905 f19d76c master cdg-pixel-x30 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://4331292.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 07 Sep 2021 04:26:18 GMT
Server: MT3 3905 f19d76c master cdg-pixel-x30
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 07 Sep 2021 04:26:16 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/misc/ Frame A7D7 43 B
488 B 30ms
29ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/misc/img?mm_bnc&bcdv=1
Requested by: Host: pixel.mathtag.com
URL: https://pixel.mathtag.com/sync/iframe?mt_uuid=05ff6136-e9df-4100-9364-7eb4ce0993b5&no_iframe=1&mt_adid=157428&source=mathtag
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3905 f19d76c master cdg-pixel-x5 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://pixel.mathtag.com/sync/iframe?mt_uuid=05ff6136-e9df-4100-9364-7eb4ce0993b5&no_iframe=1&mt_adid=157428&source=mathtag
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Tue, 07 Sep 2021 04:26:18 GMT
Server: MT3 3905 f19d76c master cdg-pixel-x5
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 07 Sep 2021 04:26:17 GMT

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4331292.fls.doubleclick.net
adservice.google.com
adservice.google.de
collector-11737.tvsquared.com
connect.facebook.net
googleads.g.doubleclick.net
pixel.mathtag.com
s.amazon-adsystem.com
secure.adnxs.com
sp.analytics.yahoo.com
trkn.us
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
142.250.186.34
172.217.23.102
2.18.233.201
209.54.178.82
212.82.100.181
2a00:1450:4001:802::2004
2a00:1450:4001:809::2003
2a00:1450:4001:810::2002
2a00:1450:4001:827::2002
2a00:1450:4001:829::2002
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
37.252.172.38
52.14.63.121
52.3.98.112
05c42fc68b4774aa08f202dfdcbb5f7ff4ed4cbaf4565331e6948368a35aeeda
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
304a0259406001319e10acd097537e33bbc0157670417a48fdd527a889951f65
335b59e615135313a66319e641cdad6ac3489a600e04d4181c859699bed4babe
3440bcd4705045552467116f55f07e1497e5fc600c43d4ccab52520f85382a04
35a725e15ebfc98e4176de19cf6f90a341c1903466d6f5922ba30839a726e994
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d22c74f308b65ba57a633924c78115fbf5e1a4472c50fd3d3ed66123f6d22db
7a585a6cac4057232baadc296289f08fdf634bb8a1f9fb5d75ed9f8447fa5cc3
7b7288d4fe4165a52be5e46e3af28f75d16300e4e5626466fbd1955037b27b8a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d
bdf3562817726890d330b91f0cca76fea16e175ef6cd7b8af03c63cad117e496
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c71e3da5b3fcab3c66af1cf0cdbf262c97b9330b7b37116f1ae2ab18bdc660
f64bd12dc2acb078cfb45a6fe33c0215ffba83cab8a95eb1ba5ebf91621acc49

4331292.fls.doubleclick.net Open in urlscan Pro 172.217.23.102 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

26 Requests

100 %HTTPS

47 %IPv6

12 Domains

15 Subdomains

14 IPs

3 Countries

154 kBTransfer

497 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

26 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

4331292.fls.doubleclick.net Open in urlscan Pro
172.217.23.102 Public Scan

Screenshot
Live screenshot

Full Image

26
Requests

100 %
HTTPS

47 %
IPv6

12
Domains

15
Subdomains

14
IPs

3
Countries

154 kB
Transfer

497 kB
Size

0
Cookies

26 HTTP transactions
0 data transactions