shells.red-pill.eu Open in urlscan Pro
77.38.124.140 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://shells.red-pill.eu/
Effective URL:
https://shells.red-pill.eu/
Submission: On February 16 via manual (February 16th 2023, 4:32:48 pm UTC) from CZ — Scanned from DE

Summary HTTP 104 Redirects Links 22 Behaviour Indicators

Summary

This website contacted 22 IPs in 6 countries across 22 domains to perform 104 HTTP transactions. The main IP is 77.38.124.140, located in Celje, Slovenia and belongs to TELEMACH Broadband Access & Carrier Services, SI. The main domain is shells.red-pill.eu.
TLS certificate: Issued by R3 on February 5th 2023. Valid for: 3 months.

This is the only time shells.red-pill.eu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 13	77.38.124.140 77.38.124.140	3212 (TELEMACH ...) (TELEMACH Broadband Access & Carrier Services)
1	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
1	2a01:4f8:c0c:... 2a01:4f8:c0c:b93a::1	24940 (HETZNER-AS) (HETZNER-AS)
1	2001:41d0:305... 2001:41d0:305:2100::4e16	16276 (OVH) (OVH)
1	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3037::6815:3139	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:400d:808::2008	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400d:803::2002	15169 (GOOGLE) (GOOGLE)
32	2a00:1450:400... 2a00:1450:4001:806::2001	15169 (GOOGLE) (GOOGLE)
3 7	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
1 2	2606:4700::68... 2606:4700::6812:18ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
6	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
1 1	35.204.74.118 35.204.74.118	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
1 1	2600:9000:20e... 2600:9000:20eb:5000:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
104	22

13 77.38.124.140 (Celje, Slovenia) 1 redirects

ASN3212 (TELEMACH Broadband Access & Carrier Services, SI)
PTR: 77-38-124-140.dynamic.telemach.net

shells.red-pill.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a01:4f8:c0c:b93a::1 (Gunzenhausen, Germany)

ASN24940 (HETZNER-AS, DE)

blinkenshell.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:41d0:305:2100::4e16 (France)

ASN16276 (OVH, FR)

www.insomnia247.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

www.openshells.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::6815:3139 (United States)

ASN13335 (CLOUDFLARENET, US)

www.xshellz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:808::2008 (Ireland)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:803::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2a00:1450:4001:806::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:18ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.74.118 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 118.74.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.33.220.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:5000:1b:5138:8a40:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
45	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 101 tpc.googlesyndication.com — Cisco Umbrella Rank: 137	453 KB
21	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 41 cm.g.doubleclick.net — Cisco Umbrella Rank: 205	118 KB
13	red-pill.eu 1 redirects shells.red-pill.eu	94 KB
8	google.com 3 redirects adservice.google.com — Cisco Umbrella Rank: 72 www.google.com — Cisco Umbrella Rank: 2	1 KB
4	gstatic.com www.gstatic.com fonts.gstatic.com	58 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 183	144 KB
3	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 298 fonts.googleapis.com — Cisco Umbrella Rank: 43	35 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 734 s.tribalfusion.com — Cisco Umbrella Rank: 1800	1 KB
2	google-analytics.com ssl.google-analytics.com — Cisco Umbrella Rank: 362	17 KB
1	smaato.net 1 redirects s.ad.smaato.net — Cisco Umbrella Rank: 709	473 B
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 4534	591 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 32171	645 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 295	265 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 726	749 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 586	579 B
1	google.de adservice.google.de — Cisco Umbrella Rank: 9006	531 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 863	601 B
1	xshellz.com www.xshellz.com	16 KB
1	openshells.net www.openshells.net	9 KB
1	insomnia247.nl www.insomnia247.nl	48 KB
1	blinkenshell.org blinkenshell.org	11 KB
0	polarhome.com Failed www.polarhome.com Failed
104	22

	Domain	Requested by
32	tpc.googlesyndication.com	shells.red-pill.eu googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
15	googleads.g.doubleclick.net	pagead2.googlesyndication.com shells.red-pill.eu googleads.g.doubleclick.net
13	pagead2.googlesyndication.com	shells.red-pill.eu pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
13	shells.red-pill.eu	1 redirects shells.red-pill.eu
7	www.google.com	3 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
6	cm.g.doubleclick.net	shells.red-pill.eu googleads.g.doubleclick.net
3	fonts.gstatic.com	fonts.googleapis.com
3	www.googletagservices.com	googleads.g.doubleclick.net
2	fonts.googleapis.com	googleads.g.doubleclick.net tpc.googlesyndication.com
2	ssl.google-analytics.com	shells.red-pill.eu
1	s.ad.smaato.net	1 redirects
1	ads.travelaudience.com	1 redirects
1	gcm.ctnsnet.com	1 redirects
1	match.adsrvr.org	googleads.g.doubleclick.net
1	um.simpli.fi	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	s.tribalfusion.com	shells.red-pill.eu
1	a.tribalfusion.com	1 redirects
1	www.gstatic.com	googleads.g.doubleclick.net
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.xshellz.com	shells.red-pill.eu
1	www.openshells.net	shells.red-pill.eu
1	www.insomnia247.nl	shells.red-pill.eu
1	blinkenshell.org	shells.red-pill.eu
1	ajax.googleapis.com	shells.red-pill.eu
0	www.polarhome.com Failed	shells.red-pill.eu
104	28

This site contains links to these domains. Also see Links.

Domain
blinkenshell.org
signup.insomnia247.nl
www.openshells.net
www.xshellz.com
www.polarhome.com
www.systemshells.net
unixssh.com
www.shellmix.com
simpleshell.com
darklinux.uk
picrofo.com
www.shellium.org
www.bshellz.net
rhost.eu
devilshell.tk
fromhell.ee
www.weedbox.net
yenn.ulegend.net
www.tortibshells.com
xn--d-poa.pl
red-pill.eu
www.aardvarktopsitesphp.com

Subject Issuer	Validity	Valid
red-pill.eu R3	`2023-02-05` - `2023-05-06`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
blinkenshell.org R3	`2023-01-23` - `2023-04-23`	3 months	crt.sh
*.insomnia247.nl GoGetSSL RSA DV CA	`2022-11-12` - `2023-10-26`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-06` - `2023-06-05`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh

This page contains 17 frames:

Primary Page: https://shells.red-pill.eu/
Frame ID: 74A54AB858B4D722E59AA0140AA00799
Requests: 29 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230213/r20190131/zrt_lookup.html
Frame ID: 68A57897C9FB3D3F39C7C7C6A02326BF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=16&slotname=6474157215&adk=739252027&adf=2035319604&pi=t.ma~as.6474157215&w=468&lmt=1676565163&url=https%3A%2F%2Fshells.red-pill.eu%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163119&bpp=13&bdt=149&idt=185&shv=r20230213&mjsv=m202302140101&ptt=5&saldr=sa&abxe=1&correlator=3043022299960&frm=20&pv=2&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=567&ady=3441&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaEebr%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=5pgUAwPe7F&p=https%3A//shells.red-pill.eu&dtd=210
Frame ID: 54DEC58155B1537AB0AEFEEF568CCB9E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&adk=1812271804&adf=3025194257&lmt=1676565163&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fshells.red-pill.eu%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163155&bpp=4&bdt=186&idt=180&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=191
Frame ID: DB9B33C83CD6CC6E07730AD4709F46D2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=1720655930&adf=1228456142&pi=t.ma~as.9148949735&w=700&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=700x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163159&bpp=2&bdt=190&idt=195&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=451&ady=134&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pxU28KOE8N&p=https%3A//shells.red-pill.eu&dtd=200
Frame ID: 07B859BA6C65C2C4F3353D75FD95CB7A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3425153661&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163161&bpp=1&bdt=192&idt=202&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=1505&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=TXBlB4odYp&p=https%3A//shells.red-pill.eu&dtd=207
Frame ID: F1B14560799C12B8005B6F66378C35D7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3731767089&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163162&bpp=1&bdt=193&idt=214&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280%2C620x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=2931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IXiHbOnFHH&p=https%3A//shells.red-pill.eu&dtd=217
Frame ID: 2A782B89D7FE579EEBBA31912C362EBF
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/index.html
Frame ID: E08FCF89399180BBA2F6063656AD2D42
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CyVR5q1ruY_zfF7PEmLAPkpe_6Ar_nNnxburxzefWD6rbv6DUARABIIW_uhVglZqGgpgHoAGl4IzcA8gBCakC2eCOHq7qsT6oAwHIA0iqBNMBT9DCKUa-q09mC9CpnWVR44Ap1383qUaxo5YIW5UH8k5Z7yKqJLdyCYMLwY-7lGbxSedwhJSqYlZqTkAe6XFZzXAopt11ftZGSd7_KS0qp0CJfUdpuUjFeIO70KAlldnVwm5wz7xnzcNtZhqXnDctjykLulQHbMPiII_HvUeJTGY1htSOVAXd6yhY8oJuBCpQFlkK3Tp3hnoaE0u-kmdNT_k45Zr73n8mZ_6Rzx7JhA6ZF4ra1oFwiEBhZPlxmhXHoNay_XIVVTR6xY4Gey1r1GjV1sAE6rPY2I0EkgUECAQYAZIFBAgFGASgBi6AB7ORqyioB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBDvxRDSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTAtAVAYAXAbIXHAoaCAASFHB1Yi02MDk4NDk2MTI0NzUxNzEyGAA&sigh=XSihV4rLIEI&uach_m=[UACH]&cid=CAQSKQDUE5ymeEsYJkhzJ-8wHysLQOqwhbJNW3BCEioswyqb3bwU3mY3rRpWGAE&template_id=419
Frame ID: 4D6CD71EA8218EED6055D7F9DB105C25
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 059F109726793C1D8F82EF9EC14FC3CE
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 31C54E4C47F187B1FE2E6C4B3D34123B
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: B8EDA86FAFA7DB145D8FA7BF6BBE53F2
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7133738465686760745/index.html
Frame ID: 1B18F9AF0072F6C6A704C98FF6EB92AC
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CPpFlq1ruY7uvF4PI1wacwLfwCL_MxJpt-KPW-L4Q4ffC3aAwEAEghb-6FWCVmoaCmAegAYr1ntoDyAEJqAMByANIqgTUAU_QUJgMMeALyorCGhpijBC5paIwvMXOFV8NhInrm1yKKj5nfNzrkkEnBQit8ao2__KZB7GPFvrMocSd1hQENdZlBciQ9JdK3RWuhFR_H6nvcOC-gT65G3nli9x3Pm4MRFwyirq-KeGKJ9ycoKtPEIoyytkmISarLQD8yD5JAtW8m2j-Ki47Ocu4E8-0Oo0Kn-QmPytilL6JdjApdi46GaV-a-1_iqJjnubWvW4M0dEKrZmbg8q8tKeCTOm66IggK0sJVJIJjnoUpQOockVJElepv4fCwATQ1omplgSSBQQIBBgBkgUECAUYBKAGLoAH3orhJagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcFEPfn6wHSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDYgUAtAVAZgWAYAXAbIXHAoaCAASFHB1Yi02MDk4NDk2MTI0NzUxNzEyGAA&sigh=X39VxLa7z4U&uach_m=[UACH]&cid=CAQSKQDUE5ymuKlMP2l_srGeguk5Ycdl81mMGPx4_XT1CpOIRyz8z1qRdBw4GAE&template_id=419
Frame ID: BD52931D071E12E11EFE90924C5469F2
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 7313589E30DC69482ED4BCBFF2CA436A
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 9AE5815137EA7A08E65A0788EE7AB868
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 4F7DA559F3504791F99376E142390674
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Free Shell Accounts :: the biggest list on the net - Rankings - All Sites

Page URL History Show full URLs

http://shells.red-pill.eu/ HTTP 302
https://shells.red-pill.eu/ Page URL

Detected technologies

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

104
Requests

93 %
HTTPS

73 %
IPv6

22
Domains

28
Subdomains

22
IPs

6
Countries

1005 kB
Transfer

2539 kB
Size

16
Cookies

22 Outgoing links

These are links going to different origins than the main page.

URL: http://blinkenshell.org/wiki/Start
Title: Blinkenshell - Free UNIX shell accounts

Search URL Search Domain Scan URL

URL: https://signup.insomnia247.nl/
Title: Insomnia 24/7

Search URL Search Domain Scan URL

URL: http://www.openshells.net/
Title: Open Shells - Free Linux Shells, IRC, Bouncer

Search URL Search Domain Scan URL

URL: https://www.xshellz.com/
Title: xShellz.com - Free Shell Account Provider

Search URL Search Domain Scan URL

URL: http://www.polarhome.com/
Title: Polarhome

Search URL Search Domain Scan URL

URL: http://www.systemshells.net/
Title: SystemShells Free Shell Service

Search URL Search Domain Scan URL

URL: http://unixssh.com/
Title: UnixSSH - Multi Free shell server. FreeBSD/OpenBSD/NetBSD/Solaris

Search URL Search Domain Scan URL

URL: http://www.shellmix.com/
Title: ShellMix | Free Shell Accounts

Search URL Search Domain Scan URL

URL: http://simpleshell.com/
Title: one-click shell access

Search URL Search Domain Scan URL

URL: https://darklinux.uk/
Title: DarkLinux

Search URL Search Domain Scan URL

URL: http://picrofo.com/clinux
Title: Picrofo's Linux Shell

Search URL Search Domain Scan URL

URL: http://www.shellium.org/
Title: Shellium free shell accounts

Search URL Search Domain Scan URL

URL: http://www.bshellz.net/
Title: Bshellz.net

Search URL Search Domain Scan URL

URL: http://rhost.eu/
Title: Rhost.eu provides UNIX shells accounts

Search URL Search Domain Scan URL

URL: http://devilshell.tk/
Title: DevilShell.Tk

Search URL Search Domain Scan URL

URL: https://fromhell.ee/
Title: Estonia Free Linux Shell Service

Search URL Search Domain Scan URL

URL: http://www.weedbox.net/
Title: weedbox.net - ˈt͡ɬ

Search URL Search Domain Scan URL

URL: https://yenn.ulegend.net/
Title: The Underlegend Networks' Shells

Search URL Search Domain Scan URL

URL: https://www.tortibshells.com/
Title: Linux Shell and Web Hosting

Search URL Search Domain Scan URL

URL: http://xn--d-poa.pl/
Title: dż.pl - free shell accounts server

Search URL Search Domain Scan URL

URL: https://red-pill.eu/contact/
Title: an email

Search URL Search Domain Scan URL

URL: http://www.aardvarktopsitesphp.com/
Title: Aardvark Topsites

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://shells.red-pill.eu/ HTTP 302
https://shells.red-pill.eu/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 53

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 71

https://a.tribalfusion.com/i.match?p=b6&u=CAESEFDZL6LBlpzpJuCUqu-vHjg&google_cver=1&google_push=Aa02lx-yP5Aqe5DMeu-A80EpFn3vFNlbPKd89S3yZne3gjdpk4CAdDundYcTpbDiBdAJYgZkIZKx67Qrkd-CIEtcg13GXY8unhyQZ3bLz8aGQcEYZof3Rf7O3bbbUFPWlMf2dV8UQ6tNOi3UjQ&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx-yP5Aqe5DMeu-A80EpFn3vFNlbPKd89S3yZne3gjdpk4CAdDundYcTpbDiBdAJYgZkIZKx67Qrkd-CIEtcg13GXY8unhyQZ3bLz8aGQcEYZof3Rf7O3bbbUFPWlMf2dV8UQ6tNOi3UjQ%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEFDZL6LBlpzpJuCUqu-vHjg&google_cver=1&google_push=Aa02lx-yP5Aqe5DMeu-A80EpFn3vFNlbPKd89S3yZne3gjdpk4CAdDundYcTpbDiBdAJYgZkIZKx67Qrkd-CIEtcg13GXY8unhyQZ3bLz8aGQcEYZof3Rf7O3bbbUFPWlMf2dV8UQ6tNOi3UjQ&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx-yP5Aqe5DMeu-A80EpFn3vFNlbPKd89S3yZne3gjdpk4CAdDundYcTpbDiBdAJYgZkIZKx67Qrkd-CIEtcg13GXY8unhyQZ3bLz8aGQcEYZof3Rf7O3bbbUFPWlMf2dV8UQ6tNOi3UjQ%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 72

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEFsyIDjYW_ty7J6u5GjXOgE&google_cver=1&google_push=Aa02lx9_eypOiwGjEr5LnOl8V1HrbAjyQCWi2SLNWV_SfvDDoy2UdzsYjOS7BiKOyDsc-Ld9dFGkwdcXvUJcmk7XLjCnUKmcLRjoJwlbTxnUFw3tcvOd_z1si_jsFm0ZW06SG0lhEBgNb4HIa-g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFsyIDjYW_ty7J6u5GjXOgE&google_push=Aa02lx9_eypOiwGjEr5LnOl8V1HrbAjyQCWi2SLNWV_SfvDDoy2UdzsYjOS7BiKOyDsc-Ld9dFGkwdcXvUJcmk7XLjCnUKmcLRjoJwlbTxnUFw3tcvOd_z1si_jsFm0ZW06SG0lhEBgNb4HIa-g

Request Chain 73

https://um.simpli.fi/gp_match?google_gid=CAESEJFCpj0CwTCinKGSb9gCSCU&google_cver=1&google_push=Aa02lx9PEdYHcyt1KYyxXydvteacY8imTUBtpWEz9jmu-VDZ97Sdw4WASr6_LkwyveppUwLuXd4O0fGCOdhbGCwf2ALucLdGBZ_P1y4bz196VsWMRhVQnHhdHIaRsYIC7yiXS8PDr_raJn-RVkw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=288C23C716F9488187B122CC9E4057D0&google_push=Aa02lx9PEdYHcyt1KYyxXydvteacY8imTUBtpWEz9jmu-VDZ97Sdw4WASr6_LkwyveppUwLuXd4O0fGCOdhbGCwf2ALucLdGBZ_P1y4bz196VsWMRhVQnHhdHIaRsYIC7yiXS8PDr_raJn-RVkw

Request Chain 75

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEGfuYmuk5DvES4Roky3nLj4&google_cver=1&google_push=Aa02lx-5dio7xMjjmnk2PrHSS1C-jCtMzt906K1Fot5on84tdCOU8ndm17XNGsGddGzSy2SWhygswhVeShi8cI7OqiGfQWHEBiOmRrevjiOd-DBgqsXlJUGHXQSiepoDWhKmGkkDVViEbPu7Tzg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aa02lx-5dio7xMjjmnk2PrHSS1C-jCtMzt906K1Fot5on84tdCOU8ndm17XNGsGddGzSy2SWhygswhVeShi8cI7OqiGfQWHEBiOmRrevjiOd-DBgqsXlJUGHXQSiepoDWhKmGkkDVViEbPu7Tzg&google_hm=1CqtWnyhSru6dNPZj7Oe6IY

Request Chain 76

https://ads.travelaudience.com/google_pixel?google_gid=CAESEPX7mmoO2hzgew0HGEFLkAM&google_cver=1&google_push=Aa02lx94z4mCP4wP878QvfB1zDcfvKA5aQ_21a-qUZDElWnbIX0-ADQTcIlKOJtVcgZWlgXrz3t-egIO-5_4B6ISUTEOuIk51vMN_vRfvT-pqBBlnDOLykUx3qcX3jQnRGmAQKKAzcxcvlY9vw HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=XyArZZUMT7SotvlsSNoxFg2&google_push=Aa02lx94z4mCP4wP878QvfB1zDcfvKA5aQ_21a-qUZDElWnbIX0-ADQTcIlKOJtVcgZWlgXrz3t-egIO-5_4B6ISUTEOuIk51vMN_vRfvT-pqBBlnDOLykUx3qcX3jQnRGmAQKKAzcxcvlY9vw

Request Chain 77

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEKois-EVHPUG-Gzj-9wWICc&google_cver=1&google_push=Aa02lx9zc9LwgVTXv9z88SEMrJWZZLtmlQLbiXNRFX_0sLSDDwtzWxG4k1yDb1pBdFX9WfRHmgg2Go-7ZGSSYOaCS8-2JdQMulrE1-oD4opwqtGcx1kMCCzPk6QfGU0jxruYpEmIvvsQltYo4w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=Aa02lx9zc9LwgVTXv9z88SEMrJWZZLtmlQLbiXNRFX_0sLSDDwtzWxG4k1yDb1pBdFX9WfRHmgg2Go-7ZGSSYOaCS8-2JdQMulrE1-oD4opwqtGcx1kMCCzPk6QfGU0jxruYpEmIvvsQltYo4w

Request Chain 79

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 94

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

104 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
shells.red-pill.eu/
Redirect Chain

http://shells.red-pill.eu/
https://shells.red-pill.eu/

32 KB
32 KB

94ms
42ms

Document
text/html

77.38.124.140
TELEMACH Broadban...

General

Check archive.org

Show headers Download Go to

Full URL: https://shells.red-pill.eu/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 77.38.124.140 Celje, Slovenia, ASN3212 (TELEMACH Broadband Access & Carrier Services, SI),
Reverse DNS: 77-38-124-140.dynamic.telemach.net
Software: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k mod_fcgid/2.3.9 / PHP/7.4.30
Resource Hash: 7fe2bafdeb9c561d3d0ac4f93da4d4d3de27c0cee9a938f3d5484a55d189e3c0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-type: text/html; charset=UTF-8
date: Thu, 16 Feb 2023 16:32:42 GMT
server: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k mod_fcgid/2.3.9
x-powered-by: PHP/7.4.30

Redirect headers

Connection: Keep-Alive
Content-Length: 211
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 16 Feb 2023 16:32:42 GMT
Keep-Alive: timeout=5, max=100
Location: https://shells.red-pill.eu/
Server: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k mod_fcgid/2.3.9

GET
H2 200 screen.css
shells.red-pill.eu/skins/fusion/ 3 KB
4 KB 26ms
26ms Stylesheet
text/css 77.38.124.140
TELEMACH Broadban...

General

Check archive.org

Show headers Download Go to

Full URL: https://shells.red-pill.eu/skins/fusion/screen.css
Requested by: Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 77.38.124.140 Celje, Slovenia, ASN3212 (TELEMACH Broadband Access & Carrier Services, SI),
Reverse DNS: 77-38-124-140.dynamic.telemach.net
Software: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k mod_fcgid/2.3.9 /
Resource Hash: c9634d0e4698e2f2f45ea005722ad4fd57b98845dbcf25fc2d1bed4163034d7e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:42 GMT
last-modified: Sun, 04 Sep 2011 15:41:57 GMT
server: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k mod_fcgid/2.3.9
accept-ranges: bytes
etag: "db9-4ac1f6f3bdb40"
content-length: 3513
content-type: text/css

GET
H2 200 jquery.cookiebar.css
shells.red-pill.eu/eucookie/ 686 B
756 B 27ms
26ms Stylesheet
text/css 77.38.124.140
TELEMACH Broadban...

General

Check archive.org

Show headers Download Go to

Full URL: https://shells.red-pill.eu/eucookie/jquery.cookiebar.css
Requested by: Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 77.38.124.140 Celje, Slovenia, ASN3212 (TELEMACH Broadband Access & Carrier Services, SI),
Reverse DNS: 77-38-124-140.dynamic.telemach.net
Software: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k mod_fcgid/2.3.9 /
Resource Hash: e664acc7bbabe41ea64e8517e2af2e0d426f719f32c72b911402f0ab40c35546

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:42 GMT
last-modified: Mon, 08 Jun 2015 10:12:42 GMT
server: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k mod_fcgid/2.3.9
accept-ranges: bytes
etag: "2ae-517fee1dc5a80"
content-length: 686
content-type: text/css

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.8.3/ 91 KB
33 KB 31ms
8ms Script
text/javascript 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js

Requested by

Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 15:20:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 90714
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33593
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Feb 2024 15:20:49 GMT

GET
H2 200 jquery.cookiebar.js Show response
shells.red-pill.eu/eucookie/ 8 KB
8 KB 27ms
26ms Script
application/javascript 77.38.124.140
TELEMACH Broadban...

General

Check archive.org

Show headers Download Go to

Full URL: https://shells.red-pill.eu/eucookie/jquery.cookiebar.js
Requested by: Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 77.38.124.140 Celje, Slovenia, ASN3212 (TELEMACH Broadband Access & Carrier Services, SI),
Reverse DNS: 77-38-124-140.dynamic.telemach.net
Software: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k mod_fcgid/2.3.9 /
Resource Hash: f16e8128eca1d20ddb6e1f2d5e93d552679880773674779357afc9afa6253866

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:42 GMT
last-modified: Fri, 23 Oct 2015 11:48:20 GMT
server: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k mod_fcgid/2.3.9
accept-ranges: bytes
etag: "2131-522c43021a900"
content-length: 8497
content-type: application/javascript

GET
H2 200 header.jpg
shells.red-pill.eu/skins/fusion/ 44 KB
45 KB 25ms
25ms Image
image/jpeg 77.38.124.140
TELEMACH Broadban...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://shells.red-pill.eu/skins/fusion/header.jpg
Requested by: Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 77.38.124.140 Celje, Slovenia, ASN3212 (TELEMACH Broadband Access & Carrier Services, SI),
Reverse DNS: 77-38-124-140.dynamic.telemach.net
Software: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k mod_fcgid/2.3.9 /
Resource Hash: 3f132006efbbe99ecee57b78c8987716800533afca00d8011350560040fc3e00

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:43 GMT
last-modified: Mon, 14 Jan 2013 11:39:00 GMT
server: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k mod_fcgid/2.3.9
accept-ranges: bytes
etag: "b0d0-4d33e17593d00"
content-length: 45264
content-type: image/jpeg

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 146 KB
49 KB 78ms
57ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6098496124751712

Requested by

Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

543de6d7b5b2f5b58043d559fd630f64499a48cd741c9dc2b72dbd33cc9c2050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://shells.red-pill.eu/
Origin: https://shells.red-pill.eu
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:43 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49738
x-xss-protection: 0
server: cafe
etag: 9928025443515518886
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 16 Feb 2023 16:32:43 GMT

GET
H2 200 bs_logo_20091209-01.png
blinkenshell.org/static/ 11 KB
11 KB 174ms
20ms Image
image/png 2a01:4f8:c0c:b93a::1
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blinkenshell.org/static/bs_logo_20091209-01.png

Requested by

Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:4f8:c0c:b93a::1 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx /

Resource Hash

02e82b0c6573f49da9969ec1d9076059957b9ad313aea5ed0335d910bb930d22

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:43 GMT
strict-transport-security: max-age=3600
last-modified: Sat, 27 Feb 2021 17:00:18 GMT
server: nginx
age: 84764
etag: "2b7e-5bc5451c40c0b"
content-type: image/png
x-varnish: 2851279 333702
cache-control: max-age=86400
accept-ranges: bytes
content-length: 11134
expires: Thu, 16 Feb 2023 16:59:59 GMT

GET
H2 200 neutral.png
shells.red-pill.eu/skins/fusion/ 92 B
161 B 39ms
35ms Image
image/png 77.38.124.140
TELEMACH Broadban...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://shells.red-pill.eu/skins/fusion/neutral.png
Requested by: Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 77.38.124.140 Celje, Slovenia, ASN3212 (TELEMACH Broadband Access & Carrier Services, SI),
Reverse DNS: 77-38-124-140.dynamic.telemach.net
Software: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k mod_fcgid/2.3.9 /
Resource Hash: c5fcbbed83baac508ee6ba358593a03a385fa46b7887af2450b9502d8a633980

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:43 GMT
last-modified: Sat, 10 Sep 2005 15:01:52 GMT
server: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k mod_fcgid/2.3.9
accept-ranges: bytes
etag: "5c-4006c2ca01800"
content-length: 92
content-type: image/png

GET
H2 200 rate_3.png
shells.red-pill.eu/skins/fusion/ 1 KB
1 KB 29ms
25ms Image
image/png 77.38.124.140
TELEMACH Broadban...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://shells.red-pill.eu/skins/fusion/rate_3.png
Requested by: Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 77.38.124.140 Celje, Slovenia, ASN3212 (TELEMACH Broadband Access & Carrier Services, SI),
Reverse DNS: 77-38-124-140.dynamic.telemach.net
Software: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k mod_fcgid/2.3.9 /
Resource Hash: a01c07907aef447d1dc58a508f416ce9c1ae3a695e4961ae6512e159660934b8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:43 GMT
last-modified: Sun, 28 Feb 2010 00:22:32 GMT
server: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k mod_fcgid/2.3.9
accept-ranges: bytes
etag: "53a-4809e20e66200"
content-length: 1338
content-type: image/png

GET
H/1.1 200
OK resized.php
www.insomnia247.nl/images/ 47 KB
48 KB 274ms
45ms Image
image/png 2001:41d0:305:2100::4e16
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.insomnia247.nl/images/resized.php

Requested by

Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2001:41d0:305:2100::4e16 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Apache/2.4 / Phusion Passenger 5.0.30

Resource Hash

9006b0c56dd36c035dfeeeb01b314af0556c565f5486880913f76e6bab035dde

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 16:32:43 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Server: Apache/2.4
X-Powered-By: Phusion Passenger 5.0.30
Upgrade: h2,h2c
Status: 200 OK
Content-Type: image/png
Cache-Control: public, max-age=3600
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 48253
Expires: Thu, 16 Feb 2023 17:32:43 GMT

GET
H2 200 rate_5.png
shells.red-pill.eu/skins/fusion/ 791 B
862 B 37ms
34ms Image
image/png 77.38.124.140
TELEMACH Broadban...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://shells.red-pill.eu/skins/fusion/rate_5.png
Requested by: Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 77.38.124.140 Celje, Slovenia, ASN3212 (TELEMACH Broadband Access & Carrier Services, SI),
Reverse DNS: 77-38-124-140.dynamic.telemach.net
Software: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k mod_fcgid/2.3.9 /
Resource Hash: af26eb6093f6b16b8d0d2fe29bcd0eaa5fe68e8cd369e603ff6fc8cffdf0b78d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:43 GMT
last-modified: Sun, 28 Feb 2010 00:22:42 GMT
server: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k mod_fcgid/2.3.9
accept-ranges: bytes
etag: "317-4809e217ef880"
content-length: 791
content-type: image/png

GET
H2 200 logo2.png
www.openshells.net/ 9 KB
9 KB 342ms
268ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.openshells.net/logo2.png
Requested by: Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4603202b757955aca0728987b6448e592603087ead05b65f89f509ce62a2c2aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:43 GMT
cf-cache-status: MISS
last-modified: Sat, 09 Apr 2016 18:07:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "2268-530112de81f02"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B1B7BdjPXNgN10JPamf3j%2FoUTpOZrIhAHPm4tf9C6ehxL9Kz5I68g6s0eCOXXA8FK7GvmQEP9h%2FzdWHxrbSENCMVpbaJma9bLCVKkSrbNlUmamMHivBpRAG73svqbg%2FVSDi6UOy%2B3WtSns4bl%2FCDJzQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 79a7ae4d7da239d6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8808

GET
H2 200 logo.png
www.xshellz.com/img/ 15 KB
16 KB 344ms
132ms Image
image/png 2606:4700:3037::6815:3139
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xshellz.com/img/logo.png
Requested by: Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:3139 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e16f7579677fa60f9f16f525fe622fd6fcdb65368fc2c2357129f0bc176d93d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:43 GMT
cf-cache-status: HIT
last-modified: Sun, 30 Apr 2017 10:05:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "5905b6d9-3c8b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NLmRloy%2BBK9CT%2FOFFZS2TN2wjaRyP%2B8379trxDx%2BrvS4XmYezl1Uc%2BBMXp%2FjZz%2BBCaR5TV5%2BgPuZqyujnXkwc7Jk2hYneZx%2FOze4VWsC0PEO%2B3cEZjV2jl%2FSEdYbnHnBxa5eSkeswxu%2BAOJdwsU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 79a7ae4e5e8b2c1b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15499

GET polarhome.gif
www.polarhome.com/images/ 0
0

GET
H2 200 stats.png
shells.red-pill.eu/skins/fusion/ 444 B
514 B 40ms
38ms Image
image/png 77.38.124.140
TELEMACH Broadban...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://shells.red-pill.eu/skins/fusion/stats.png
Requested by: Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 77.38.124.140 Celje, Slovenia, ASN3212 (TELEMACH Broadband Access & Carrier Services, SI),
Reverse DNS: 77-38-124-140.dynamic.telemach.net
Software: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k mod_fcgid/2.3.9 /
Resource Hash: 4ca532668f4a9157dde5a5a8c00ff50c11b32c97e48e05b84ca86c316b9ec583

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:43 GMT
last-modified: Mon, 12 Sep 2005 21:47:18 GMT
server: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k mod_fcgid/2.3.9
accept-ranges: bytes
etag: "1bc-4009a12402580"
content-length: 444
content-type: image/png

GET
H2 200 up.png
shells.red-pill.eu/skins/fusion/ 130 B
199 B 39ms
37ms Image
image/png 77.38.124.140
TELEMACH Broadban...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://shells.red-pill.eu/skins/fusion/up.png
Requested by: Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 77.38.124.140 Celje, Slovenia, ASN3212 (TELEMACH Broadband Access & Carrier Services, SI),
Reverse DNS: 77-38-124-140.dynamic.telemach.net
Software: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k mod_fcgid/2.3.9 /
Resource Hash: 8c6adb6f3c13fac8af2ed01d387d59e0d3cc0d63ca7d7584c995728abc1dd780

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:43 GMT
last-modified: Sat, 10 Sep 2005 15:01:56 GMT
server: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k mod_fcgid/2.3.9
accept-ranges: bytes
etag: "82-4006c2cdd2100"
content-length: 130
content-type: image/png

GET
H2 200 down.png
shells.red-pill.eu/skins/fusion/ 129 B
175 B 38ms
36ms Image
image/png 77.38.124.140
TELEMACH Broadban...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://shells.red-pill.eu/skins/fusion/down.png
Requested by: Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 77.38.124.140 Celje, Slovenia, ASN3212 (TELEMACH Broadband Access & Carrier Services, SI),
Reverse DNS: 77-38-124-140.dynamic.telemach.net
Software: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k mod_fcgid/2.3.9 /
Resource Hash: 8f3ec5897cadb82af9e2f1b9195c0e279f0482fef2b456774862ace8ced40dc0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:43 GMT
last-modified: Sat, 10 Sep 2005 15:01:52 GMT
server: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k mod_fcgid/2.3.9
accept-ranges: bytes
etag: "81-4006c2ca01800"
content-length: 129
content-type: image/png

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ 98 KB
34 KB 92ms
66ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9cde0422a8cba5c14a3d06b584730049c9df9f47d721180a162e866dd8566907

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:43 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33875
x-xss-protection: 0
server: cafe
etag: 15009555043083835327
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 16 Feb 2023 16:32:43 GMT

GET
H2 200 title.png
shells.red-pill.eu/skins/fusion/ 231 B
277 B 40ms
39ms Image
image/png 77.38.124.140
TELEMACH Broadban...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://shells.red-pill.eu/skins/fusion/title.png
Requested by: Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/skins/fusion/screen.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 77.38.124.140 Celje, Slovenia, ASN3212 (TELEMACH Broadband Access & Carrier Services, SI),
Reverse DNS: 77-38-124-140.dynamic.telemach.net
Software: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k mod_fcgid/2.3.9 /
Resource Hash: 418655ed8adf3d9b6767395ede2509b31756f5cd672e0e203e5d30cf80fd326a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/skins/fusion/screen.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:43 GMT
last-modified: Sat, 10 Sep 2005 15:01:56 GMT
server: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k mod_fcgid/2.3.9
accept-ranges: bytes
etag: "e7-4006c2cdd2100"
content-length: 231
content-type: image/png

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302140101/ 366 KB
121 KB 74ms
73ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302140101/show_ads_impl_with_ama_fy2021.js?client=pub-6098496124751712&plah=shells.red-pill.eu&bust=31072440

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18f3fdfc1e129a0817a87b8f2dd14b82e03d1557dee8db43e14e464c1e43dd90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:43 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123265
x-xss-protection: 0
server: cafe
etag: 16068773653324086524
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 16 Feb 2023 16:32:43 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 93ms
22ms Script
text/javascript 2a00:1450:400d:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Feb 2023 16:30:17 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 146
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17168
expires: Thu, 16 Feb 2023 18:30:17 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230213/r20190131/ Frame 68A5 10 KB
5 KB 38ms
8ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230213/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6098496124751712

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://shells.red-pill.eu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 31834
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 07:42:09 GMT
etag: 10353107486223812946
expires: Thu, 02 Mar 2023 07:42:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
197 B 44ms
43ms Image
image/gif 2a00:1450:400d:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=2136558373&utmhn=shells.red-pill.eu&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Free%20Shell%20Accounts%20%3A%3A%20the%20biggest%20list%20on%20the%20net%20-%20Rankings%20-%20All%20Sites&utmhid=192793894&utmr=-&utmp=%2F&utmht=1676565163259&utmac=UA-36817813-1&utmcc=__utma%3D132252620.1480027111.1676565163.1676565163.1676565163.1%3B%2B__utmz%3D132252620.1676565163.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1728397437&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~

Requested by

Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 16:32:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 389 B
601 B 88ms
19ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=shells.red-pill.eu&callback=_gfp_s_&client=ca-pub-6098496124751712

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302140101/show_ads_impl_with_ama_fy2021.js?client=pub-6098496124751712&plah=shells.red-pill.eu&bust=31072440

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c6d48af74ed45c47032cecb58d33222630130aecf9ebb7847df84c3ba4d6e7bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 250
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 39ms
15ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=shells.red-pill.eu

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 122ms
49ms Script
application/javascript 2a00:1450:400d:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=shells.red-pill.eu

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 54DE 603 B
245 B 29ms
28ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=16&slotname=6474157215&adk=739252027&adf=2035319604&pi=t.ma~as.6474157215&w=468&lmt=1676565163&url=https%3A%2F%2Fshells.red-pill.eu%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163119&bpp=13&bdt=149&idt=185&shv=r20230213&mjsv=m202302140101&ptt=5&saldr=sa&abxe=1&correlator=3043022299960&frm=20&pv=2&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=567&ady=3441&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaEebr%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=5pgUAwPe7F&p=https%3A//shells.red-pill.eu&dtd=210

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://shells.red-pill.eu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 16:32:43 GMT
expires: Thu, 16 Feb 2023 16:32:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DB9B 0
150 B 231ms
229ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&adk=1812271804&adf=3025194257&lmt=1676565163&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fshells.red-pill.eu%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163155&bpp=4&bdt=186&idt=180&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=191

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://shells.red-pill.eu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 16:32:43 GMT
expires: Thu, 16 Feb 2023 16:32:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 07B8 135 KB
44 KB 1419ms
1416ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=1720655930&adf=1228456142&pi=t.ma~as.9148949735&w=700&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=700x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163159&bpp=2&bdt=190&idt=195&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=451&ady=134&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pxU28KOE8N&p=https%3A//shells.red-pill.eu&dtd=200

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1f0577dd577c9554727f467983027ef63ab9e19cd533e5d589a8937ae0360fe8

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7133738465686760745/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7133738465686760745/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPuwhvi7mv0CFQPk1QodHOANjg&gqi=q1ruY5DZFvS3mLAPjuCwmAg&layout=/sadbundle/%24csp%253Der3%24/7133738465686760745/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://shells.red-pill.eu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 45350
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7133738465686760745/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7133738465686760745/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPuwhvi7mv0CFQPk1QodHOANjg&gqi=q1ruY5DZFvS3mLAPjuCwmAg&layout=/sadbundle/%24csp%253Der3%24/7133738465686760745/index.html
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 16:32:44 GMT
expires: Thu, 16 Feb 2023 16:32:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F1B1 133 KB
44 KB 853ms
852ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3425153661&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163161&bpp=1&bdt=192&idt=202&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=1505&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=TXBlB4odYp&p=https%3A//shells.red-pill.eu&dtd=207

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

82dab744c3c5429be7ee6062813395265a1fbedb29a6ccb33c9bf5c357bd89fd

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLzhhvi7mv0CFTMiBgAdkssPrQ&gqi=q1ruY8qSF6PFmLAPosqdwAU&layout=/sadbundle/%24csp%253Der3%24/11231308909508724055/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://shells.red-pill.eu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 44773
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLzhhvi7mv0CFTMiBgAdkssPrQ&gqi=q1ruY8qSF6PFmLAPosqdwAU&layout=/sadbundle/%24csp%253Der3%24/11231308909508724055/index.html
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 16:32:44 GMT
expires: Thu, 16 Feb 2023 16:32:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2A78 71 KB
23 KB 970ms
967ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3731767089&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163162&bpp=1&bdt=193&idt=214&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280%2C620x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=2931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IXiHbOnFHH&p=https%3A//shells.red-pill.eu&dtd=217

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a3cd4f0cc68c5893c0a8e4c7e72b1d4839805d91101f28f9363e0be88a9fafc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://shells.red-pill.eu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 23711
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 16:32:44 GMT
expires: Thu, 16 Feb 2023 16:32:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/ Frame E08F 126 KB
21 KB 52ms
14ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/index.html

Requested by

Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c192cf4006e9fa0583a2762f1f5a075aece64149e9534cbb22ada284828b3489

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 56690
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 19652
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 00:47:54 GMT
expires: Fri, 16 Feb 2024 00:47:54 GMT
last-modified: Thu, 28 Jul 2022 10:15:54 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 4D6C 0
0 54ms
53ms Fetch
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CyVR5q1ruY_zfF7PEmLAPkpe_6Ar_nNnxburxzefWD6rbv6DUARABIIW_uhVglZqGgpgHoAGl4IzcA8gBCakC2eCOHq7qsT6oAwHIA0iqBNMBT9DCKUa-q09mC9CpnWVR44Ap1383qUaxo5YIW5UH8k5Z7yKqJLdyCYMLwY-7lGbxSedwhJSqYlZqTkAe6XFZzXAopt11ftZGSd7_KS0qp0CJfUdpuUjFeIO70KAlldnVwm5wz7xnzcNtZhqXnDctjykLulQHbMPiII_HvUeJTGY1htSOVAXd6yhY8oJuBCpQFlkK3Tp3hnoaE0u-kmdNT_k45Zr73n8mZ_6Rzx7JhA6ZF4ra1oFwiEBhZPlxmhXHoNay_XIVVTR6xY4Gey1r1GjV1sAE6rPY2I0EkgUECAQYAZIFBAgFGASgBi6AB7ORqyioB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBDvxRDSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTAtAVAYAXAbIXHAoaCAASFHB1Yi02MDk4NDk2MTI0NzUxNzEyGAA&sigh=XSihV4rLIEI&uach_m=[UACH]&cid=CAQSKQDUE5ymeEsYJkhzJ-8wHysLQOqwhbJNW3BCEioswyqb3bwU3mY3rRpWGAE&template_id=419

Requested by

Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3425153661&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163161&bpp=1&bdt=192&idt=202&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=1505&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=TXBlB4odYp&p=https%3A//shells.red-pill.eu&dtd=207
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 16 Feb 2023 16:32:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/ Frame 4D6C 22 KB
9 KB 43ms
8ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3425153661&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163161&bpp=1&bdt=192&idt=202&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=1505&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=TXBlB4odYp&p=https%3A//shells.red-pill.eu&dtd=207

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0e4d1d7a07ea6fddd6ab116e27bc0e074f5fe6ad6c89f719a515ae9c80436b6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 13:31:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10878
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8846
x-xss-protection: 0
server: cafe
etag: 8106178524699001248
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 13:31:26 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 4D6C 3 KB
1 KB 46ms
11ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 13:41:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10297
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 13:41:07 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 4D6C 20 KB
8 KB 43ms
9ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 13:31:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10878
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8316
x-xss-protection: 0
server: cafe
etag: 7067238764211672077
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 13:31:26 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 4D6C 0
0 41ms
16ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQJfPyLa7KcO8bS1azZTrSAIJ-e3xW-IclJY7-TS0mRZAcreca6F7liQUf1bO02g6IojH9vLCqKhH3OAmjSV-8q884xUA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3425153661&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163161&bpp=1&bdt=192&idt=202&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=1505&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=TXBlB4odYp&p=https%3A//shells.red-pill.eu&dtd=207
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4D6C 156 KB
48 KB 40ms
15ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Feb 2023 16:32:44 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 059F 143 B
166 B 10ms
8ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3425153661&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163161&bpp=1&bdt=192&idt=202&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=1505&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=TXBlB4odYp&p=https%3A//shells.red-pill.eu&dtd=207
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3232
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 15:38:52 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame E08F 16 KB
6 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 09:23:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25735
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5660
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 17 Feb 2023 09:23:49 GMT

GET
H2 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame E08F 34 KB
13 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:42:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42636
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 17 Feb 2023 04:42:08 GMT

POST
H2 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame 4D6C 0
112 B 48ms
47ms Other
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLzhhvi7mv0CFTMiBgAdkssPrQ&gqi=q1ruY8qSF6PFmLAPosqdwAU&layout=/sadbundle/%24csp%253Der3%24/11231308909508724055/index.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 16:32:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 4D6C 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3206373aa000390529fff3af76675f170621c851eec6c7dd822ad6ea48600779

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame 2A78 8 KB
1 KB 40ms
16ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3731767089&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163162&bpp=1&bdt=193&idt=214&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280%2C620x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=2931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IXiHbOnFHH&p=https%3A//shells.red-pill.eu&dtd=217

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

74017d97a0876e72ef09a14ea0b3ad49a744811c726e7b05e305d4a6e3e07612

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 16 Feb 2023 16:32:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 15:30:15 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Feb 2023 16:32:44 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 2A78 2 KB
765 B 8ms
7ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3731767089&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163162&bpp=1&bdt=193&idt=214&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280%2C620x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=2931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IXiHbOnFHH&p=https%3A//shells.red-pill.eu&dtd=217

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 15:14:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4692
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 15:14:32 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/ Frame 2A78 22 KB
9 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3731767089&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163162&bpp=1&bdt=193&idt=214&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280%2C620x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=2931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IXiHbOnFHH&p=https%3A//shells.red-pill.eu&dtd=217

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0e4d1d7a07ea6fddd6ab116e27bc0e074f5fe6ad6c89f719a515ae9c80436b6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 13:31:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10878
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8846
x-xss-protection: 0
server: cafe
etag: 8106178524699001248
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 13:31:26 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 2A78 3 KB
1 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3731767089&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163162&bpp=1&bdt=193&idt=214&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280%2C620x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=2931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IXiHbOnFHH&p=https%3A//shells.red-pill.eu&dtd=217

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 13:41:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10297
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 13:41:07 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 2A78 20 KB
8 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3731767089&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163162&bpp=1&bdt=193&idt=214&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280%2C620x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=2931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IXiHbOnFHH&p=https%3A//shells.red-pill.eu&dtd=217

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 13:31:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10878
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8316
x-xss-protection: 0
server: cafe
etag: 7067238764211672077
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 13:31:26 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 2A78 0
0 16ms
14ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRA4Y3qUQt0TfX94dpGb1eCpnPFJIqEeLWgZVzY3DK8FZEPoFPV8aZaXMFDX5IHyjicJRicPHlnupCtcE-TjDP4_p-2dQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3731767089&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163162&bpp=1&bdt=193&idt=214&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280%2C620x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=2931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IXiHbOnFHH&p=https%3A//shells.red-pill.eu&dtd=217
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2A78 156 KB
48 KB 29ms
27ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3731767089&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163162&bpp=1&bdt=193&idt=214&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280%2C620x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=2931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IXiHbOnFHH&p=https%3A//shells.red-pill.eu&dtd=217

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Feb 2023 16:32:44 GMT

GET
H2 200 ed8ae2896763956dad3710d8730c1299.js Show response
www.gstatic.com/mysidia/ Frame 2A78 33 KB
14 KB 33ms
7ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ed8ae2896763956dad3710d8730c1299.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3731767089&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163162&bpp=1&bdt=193&idt=214&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280%2C620x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=2931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IXiHbOnFHH&p=https%3A//shells.red-pill.eu&dtd=217

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9282b885825f1f265eb093acf11379fc90dd4e156588a02790c1515822e79858

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 01:10:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 141735
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14007
x-xss-protection: 0
last-modified: Wed, 15 Feb 2023 00:53:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 16 May 2023 01:10:29 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 2A78 0
0 48ms
48ms Fetch
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C636mq1ruY6n6GJeoxwLIy77AA7-FooNvs8_K_7EQz9HriI8aEAEghb-6FWCVmoaCmAegAavVtLsCyAEBqAMBqgTTAU_QsS83RLApS-UXXgk6yIQ7Nkib8qRlGtIsAq1hz3bJDyedT8fWx3X43bdA75Dq_PyZuZhUSK7d8tugEzolM7Fp3tiGI273IK0VuV5KWit5hVpludoDT5FvWhGUFlt-nyb-K4iRtNXbe9hvzs_7ME4u_KrGh4L06J52aZvfi6p62t78w7rVRDhX50bXlZx1RBBvvf4uoXut7QDKFgoqmJ7w_o87qJk2ijdJNMSYKH8esZj9DIxjCEvETuPUpFmhBxRJuwg232sO78fIgsIkxfLkVH3ABI3-2O3xApIFBAgEGAGSBQQIBRgEgAfFtJPJAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEOmSJdIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMMiBQF0BUBgBcBshccChoIABIUcHViLTYwOTg0OTYxMjQ3NTE3MTIYAA&sigh=EcYOCSD9Vv8&uach_m=[UACH]&cid=CAQSKQDUE5ymGEs8F_aRA9I_HG8ryMFGQx2hABV7JdHnLb9zhdOSxX-Rn8BaGAE&template_id=5020

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3731767089&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163162&bpp=1&bdt=193&idt=214&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280%2C620x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=2931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IXiHbOnFHH&p=https%3A//shells.red-pill.eu&dtd=217

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3731767089&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163162&bpp=1&bdt=193&idt=214&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280%2C620x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=2931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IXiHbOnFHH&p=https%3A//shells.red-pill.eu&dtd=217
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 16 Feb 2023 16:32:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 2A78 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a663467e111fd2237a1bc5255e8d702b099f29cb553ecab24efe98cbf898b5d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 059F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

20ms
18ms

Document
text/html

2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 16:32:44 GMT
expires: Thu, 16 Feb 2023 16:32:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 16:32:44 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 31C5 143 B
166 B 9ms
7ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3731767089&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163162&bpp=1&bdt=193&idt=214&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280%2C620x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=2931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IXiHbOnFHH&p=https%3A//shells.red-pill.eu&dtd=217

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3731767089&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163162&bpp=1&bdt=193&idt=214&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280%2C620x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=2931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IXiHbOnFHH&p=https%3A//shells.red-pill.eu&dtd=217
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3232
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 15:38:52 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame B8ED 1 KB
643 B 9ms
9ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3731767089&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163162&bpp=1&bdt=193&idt=214&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280%2C620x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=2931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IXiHbOnFHH&p=https%3A//shells.red-pill.eu&dtd=217

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 6567
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 14:43:17 GMT
etag: 48472445140208031
expires: Fri, 17 Feb 2023 14:43:17 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 2A78 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 611c52a54f6e842caafca72cc8e33d21032adfffd998dc21795f1daa2d28a5b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 2A78 28 KB
28 KB 45ms
8ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 17:05:31 GMT
x-content-type-options: nosniff
age: 84433
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Feb 2024 17:05:31 GMT

GET
H3 200 EWloDjzMQOvRZmCEufFfn6ZrYQ_lvyXFrAdKlYrDV_0.js Show response
pagead2.googlesyndication.com/bg/ Frame E08F 36 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/EWloDjzMQOvRZmCEufFfn6ZrYQ_lvyXFrAdKlYrDV_0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1169680e3ccc40ebd1666084b9f15f9fa66b610fe5bf25c5ac074a958ac357fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 22:04:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66523
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14328
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 22:04:01 GMT

GET
H3 200 claim.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/ Frame E08F 14 KB
5 KB 10ms
9ms Image
image/svg+xml 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/claim.svg

Requested by

Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a5d4a160fd3d78a5fc7c8f4ed216518922c6b8a0f95e49799cade5781a4f886

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 13 Feb 2023 00:49:51 GMT
age: 315773
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5164
x-xss-protection: 0
last-modified: Thu, 28 Jul 2022 10:15:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 13 Feb 2024 00:49:51 GMT

GET
H3 200 produkt.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/ Frame E08F 13 KB
13 KB 12ms
9ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/produkt.png

Requested by

Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a05772f2df1c43c5da65fd85be4f376b67a042d153092a733d6e301bdf3f7de

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Sat, 11 Feb 2023 08:18:56 GMT
x-content-type-options: nosniff
age: 461628
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13111
x-xss-protection: 0
last-modified: Thu, 28 Jul 2022 10:15:54 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 11 Feb 2024 08:18:56 GMT

GET
H3 200 icon_04.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/ Frame E08F 28 KB
9 KB 13ms
10ms Image
image/svg+xml 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/icon_04.svg

Requested by

Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3f54e2dea68172515c6fc486c42ae6d0137c0a6cc0d2c7813599c708b35e9ed

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Feb 2023 12:43:46 GMT
age: 13738
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8941
x-xss-protection: 0
last-modified: Thu, 28 Jul 2022 10:15:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 16 Feb 2024 12:43:46 GMT

GET
H3 200 icon_03.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/ Frame E08F 7 KB
2 KB 23ms
20ms Image
image/svg+xml 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/icon_03.svg

Requested by

Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1a50433551c62c8657965f14003ba2fa39ff1f2f367737d62c1d9510c3fa7768

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 15 Feb 2023 07:12:01 GMT
age: 120043
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2493
x-xss-protection: 0
last-modified: Thu, 28 Jul 2022 10:15:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 15 Feb 2024 07:12:01 GMT

GET
H3 200 icon_03_text.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/ Frame E08F 6 KB
2 KB 20ms
18ms Image
image/svg+xml 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/icon_03_text.svg

Requested by

Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd706705c8acf67772f738a017bcf0fdee88ad8a4dd1365243f568cddb6db1a4

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Feb 2023 05:14:02 GMT
age: 40722
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2289
x-xss-protection: 0
last-modified: Thu, 28 Jul 2022 10:15:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 16 Feb 2024 05:14:02 GMT

GET
H3 200 icon_02.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/ Frame E08F 4 KB
2 KB 14ms
12ms Image
image/svg+xml 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/icon_02.svg

Requested by

Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d126aafd6d95cbeb04e1e6cae74dca27e4bc887c9ed9f5cd1c814f3da2df8b2e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Feb 2023 05:14:02 GMT
age: 40722
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1926
x-xss-protection: 0
last-modified: Thu, 28 Jul 2022 10:15:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 16 Feb 2024 05:14:02 GMT

GET
H3 200 icon_02_text.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/ Frame E08F 5 KB
2 KB 21ms
19ms Image
image/svg+xml 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/icon_02_text.svg

Requested by

Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e695d359efef6d478a85e193cbbac9205f760c86992e5b316b6ab71cfdef8573

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Feb 2023 05:26:19 GMT
age: 39985
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2181
x-xss-protection: 0
last-modified: Thu, 28 Jul 2022 10:15:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 16 Feb 2024 05:26:19 GMT

GET
H3 200 icon_01.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/ Frame E08F 4 KB
2 KB 16ms
14ms Image
image/svg+xml 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/icon_01.svg

Requested by

Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75026443430cd929b0abfebf09c037e7e9945c0718dd6f0025961a6ee039e107

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 14 Feb 2023 00:30:29 GMT
age: 230535
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1885
x-xss-protection: 0
last-modified: Thu, 28 Jul 2022 10:15:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 14 Feb 2024 00:30:29 GMT

GET
H3 200 icon_01_text.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/ Frame E08F 4 KB
2 KB 17ms
15ms Image
image/svg+xml 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/icon_01_text.svg

Requested by

Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dbc9cc8f26a60084a917cf636f452eac46cb877b0262913c3383d67caa5f3c28

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 15 Feb 2023 04:19:46 GMT
age: 130378
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1627
x-xss-protection: 0
last-modified: Thu, 28 Jul 2022 10:15:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 15 Feb 2024 04:19:46 GMT

GET
H3 200 cta_pfeil.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/ Frame E08F 538 B
382 B 23ms
19ms Image
image/svg+xml 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/cta_pfeil.svg

Requested by

Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35a51621e50352536f127ae012d3bd16e675a788376445036d8b60ace17e6566

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 15 Feb 2023 11:59:57 GMT
age: 102767
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 350
x-xss-protection: 0
last-modified: Thu, 28 Jul 2022 10:15:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 15 Feb 2024 11:59:57 GMT

GET
H3 200 cta_text.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/ Frame E08F 8 KB
3 KB 24ms
21ms Image
image/svg+xml 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/cta_text.svg

Requested by

Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

51221c99c3f23f575a336ff40229eeb0f244875fabd454a656e45987b43faacd

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 15 Feb 2023 12:19:21 GMT
age: 101603
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2645
x-xss-protection: 0
last-modified: Thu, 28 Jul 2022 10:15:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 15 Feb 2024 12:19:21 GMT

GET
H3 200 logo.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/ Frame E08F 8 KB
3 KB 23ms
20ms Image
image/svg+xml 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11231308909508724055/logo.svg

Requested by

Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

624c8bbb356c56b649a3520491c3fbabe232d77d48e0e67ddc894a00d4e623a2

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 11 Feb 2023 06:23:56 GMT
age: 468528
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2947
x-xss-protection: 0
last-modified: Thu, 28 Jul 2022 10:15:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 11 Feb 2024 06:23:56 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame B8ED
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEFDZL6LBlpzpJuCUqu-vHjg&google_cver=1&google_push=Aa02lx-yP5Aqe5DMeu-A80EpFn3vFNlbPKd89S3yZne3gjdpk4CAdDundYcTpbDiBdAJYgZkIZKx67Qrkd-CIEtcg13GXY8unhyQZ...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEFDZL6LBlpzpJuCUqu-vHjg&google_cver=1&google_push=Aa02lx-yP5Aqe5DMeu-A80EpFn3vFNlbPKd89S3yZne3gjdpk4CAdDundYcTpbDiBdAJYgZkIZKx67Qrkd-CIEtcg13GXY8unhy...

43 B
414 B

205ms
184ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEFDZL6LBlpzpJuCUqu-vHjg&google_cver=1&google_push=Aa02lx-yP5Aqe5DMeu-A80EpFn3vFNlbPKd89S3yZne3gjdpk4CAdDundYcTpbDiBdAJYgZkIZKx67Qrkd-CIEtcg13GXY8unhyQZ3bLz8aGQcEYZof3Rf7O3bbbUFPWlMf2dV8UQ6tNOi3UjQ&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx-yP5Aqe5DMeu-A80EpFn3vFNlbPKd89S3yZne3gjdpk4CAdDundYcTpbDiBdAJYgZkIZKx67Qrkd-CIEtcg13GXY8unhyQZ3bLz8aGQcEYZof3Rf7O3bbbUFPWlMf2dV8UQ6tNOi3UjQ%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 16:32:44 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 79a7ae5809418fc5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 16:32:44 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 65
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEFDZL6LBlpzpJuCUqu-vHjg&google_cver=1&google_push=Aa02lx-yP5Aqe5DMeu-A80EpFn3vFNlbPKd89S3yZne3gjdpk4CAdDundYcTpbDiBdAJYgZkIZKx67Qrkd-CIEtcg13GXY8unhyQZ3bLz8aGQcEYZof3Rf7O3bbbUFPWlMf2dV8UQ6tNOi3UjQ&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAa02lx-yP5Aqe5DMeu-A80EpFn3vFNlbPKd89S3yZne3gjdpk4CAdDundYcTpbDiBdAJYgZkIZKx67Qrkd-CIEtcg13GXY8unhyQZ3bLz8aGQcEYZof3Rf7O3bbbUFPWlMf2dV8UQ6tNOi3UjQ%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 79a7ae56bf7f8fc5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B8ED
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFsyIDjYW_ty7J6u5GjXOgE&google_push=Aa02lx9_eypOiwGjEr5LnOl8V1HrbAjyQCWi2SLNWV_SfvDDoy2UdzsYjO...

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFsyIDjYW_ty7J6u5GjXOgE&google_push=Aa02lx9_eypOiwGjEr5LnOl8V1HrbAjyQCWi2SLNWV_SfvDDoy2UdzsYjOS7BiKOyDsc-Ld9dFGkwdcXvUJcmk7XLjCnUKmcLRjoJwlbTxnUFw3tcvOd_z1si_jsFm0ZW06SG0lhEBgNb4HIa-g

Requested by

Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 16:32:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-hhn-etou8220051-HHN
pragma: no-cache
date: Thu, 16 Feb 2023 16:32:44 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1676565165.575100,VS0,VE93
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFsyIDjYW_ty7J6u5GjXOgE&google_push=Aa02lx9_eypOiwGjEr5LnOl8V1HrbAjyQCWi2SLNWV_SfvDDoy2UdzsYjOS7BiKOyDsc-Ld9dFGkwdcXvUJcmk7XLjCnUKmcLRjoJwlbTxnUFw3tcvOd_z1si_jsFm0ZW06SG0lhEBgNb4HIa-g
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame B8ED
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEJFCpj0CwTCinKGSb9gCSCU&google_cver=1&google_push=Aa02lx9PEdYHcyt1KYyxXydvteacY8imTUBtpWEz9jmu-VDZ97Sdw4WASr6_LkwyveppUwLuXd4O0fGCOdhbGCwf2ALucLdGBZ_P1y...
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=288C23C716F9488187B122CC9E4057D0&google_push=Aa02lx9PEdYHcyt1KYyxXydvteacY8imTUBtpWEz9jmu-VDZ97Sdw4WASr6_LkwyveppUwLuXd4O0fGCOdhbGCw...

170 B
232 B

20ms
19ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=288C23C716F9488187B122CC9E4057D0&google_push=Aa02lx9PEdYHcyt1KYyxXydvteacY8imTUBtpWEz9jmu-VDZ97Sdw4WASr6_LkwyveppUwLuXd4O0fGCOdhbGCwf2ALucLdGBZ_P1y4bz196VsWMRhVQnHhdHIaRsYIC7yiXS8PDr_raJn-RVkw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3731767089&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163162&bpp=1&bdt=193&idt=214&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280%2C620x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=2931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IXiHbOnFHH&p=https%3A//shells.red-pill.eu&dtd=217

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 16:32:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 16 Feb 2023 16:32:44 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=288C23C716F9488187B122CC9E4057D0&google_push=Aa02lx9PEdYHcyt1KYyxXydvteacY8imTUBtpWEz9jmu-VDZ97Sdw4WASr6_LkwyveppUwLuXd4O0fGCOdhbGCwf2ALucLdGBZ_P1y4bz196VsWMRhVQnHhdHIaRsYIC7yiXS8PDr_raJn-RVkw
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 15 Feb 2023 16:32:44 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame B8ED 70 B
265 B 124ms
31ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESECq5sQfs2eUxGQ51zUL95VU&google_cver=1&google_push=Aa02lx-NC--XydiRgIadzLvxqmGi_Lk7DTg6zOdrroL90Pe_xDMcURfcnu6U__ggAi1al3YZxms8XXfxLInrL7vnrJCoUXHONeu4Wn2YEfD-6wsdUIP61l9ik4nLOV_836XvhVu0gP6ejuWaX7A
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3731767089&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163162&bpp=1&bdt=193&idt=214&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280%2C620x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=2931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IXiHbOnFHH&p=https%3A//shells.red-pill.eu&dtd=217
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 16 Feb 2023 16:32:44 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame B8ED
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEGfuYmuk5DvES4Roky3nLj4&google_cver=1&google_push=Aa02lx-5dio7xMjjmnk2PrHSS1C-jCtMzt906K1Fot5on84tdCOU8ndm17XNGsGddGzSy2SWhygswhVeShi...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aa02lx-5dio7xMjjmnk2PrHSS1C-jCtMzt906K1Fot5on84tdCOU8ndm17XNGsGddGzSy2SWhygswhVeShi8cI7OqiGfQWHEBiOmRrevjiOd-DBgqsXlJUGHXQSiepoDWhK...

170 B
232 B

16ms
16ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aa02lx-5dio7xMjjmnk2PrHSS1C-jCtMzt906K1Fot5on84tdCOU8ndm17XNGsGddGzSy2SWhygswhVeShi8cI7OqiGfQWHEBiOmRrevjiOd-DBgqsXlJUGHXQSiepoDWhKmGkkDVViEbPu7Tzg&google_hm=1CqtWnyhSru6dNPZj7Oe6IY

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3731767089&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163162&bpp=1&bdt=193&idt=214&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280%2C620x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=2931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IXiHbOnFHH&p=https%3A//shells.red-pill.eu&dtd=217

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 16:32:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Feb 2023 16:32:44 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=Aa02lx-5dio7xMjjmnk2PrHSS1C-jCtMzt906K1Fot5on84tdCOU8ndm17XNGsGddGzSy2SWhygswhVeShi8cI7OqiGfQWHEBiOmRrevjiOd-DBgqsXlJUGHXQSiepoDWhKmGkkDVViEbPu7Tzg&google_hm=1CqtWnyhSru6dNPZj7Oe6IY
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame B8ED
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEPX7mmoO2hzgew0HGEFLkAM&google_cver=1&google_push=Aa02lx94z4mCP4wP878QvfB1zDcfvKA5aQ_21a-qUZDElWnbIX0-ADQTcIlKOJtVcgZWlgXrz3t-egIO-5_4B6IS...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=XyArZZUMT7SotvlsSNoxFg2&google_push=Aa02lx94z4mCP4wP878QvfB1zDcfvKA5aQ_21a-qUZDElWnbIX0-ADQTcIlKOJtVcgZWlgXrz3t-egIO-5_4B6ISUTEOuIk51vMN_v...

170 B
232 B

18ms
18ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=XyArZZUMT7SotvlsSNoxFg2&google_push=Aa02lx94z4mCP4wP878QvfB1zDcfvKA5aQ_21a-qUZDElWnbIX0-ADQTcIlKOJtVcgZWlgXrz3t-egIO-5_4B6ISUTEOuIk51vMN_vRfvT-pqBBlnDOLykUx3qcX3jQnRGmAQKKAzcxcvlY9vw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3731767089&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163162&bpp=1&bdt=193&idt=214&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280%2C620x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=2931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IXiHbOnFHH&p=https%3A//shells.red-pill.eu&dtd=217

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 16:32:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 16 Feb 2023 16:32:44 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=XyArZZUMT7SotvlsSNoxFg2&google_push=Aa02lx94z4mCP4wP878QvfB1zDcfvKA5aQ_21a-qUZDElWnbIX0-ADQTcIlKOJtVcgZWlgXrz3t-egIO-5_4B6ISUTEOuIk51vMN_vRfvT-pqBBlnDOLykUx3qcX3jQnRGmAQKKAzcxcvlY9vw
x-host: tde-deliveryengine-production-bb6cbfb9d-wtflc
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame B8ED
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEKois-EVHPUG-Gzj-9wWICc&google_cver=1&google_push=Aa02lx9zc9LwgVTXv9z88SEMrJWZZLtmlQLbiXNRFX_0sLSDDwtzWxG4k1yDb1pBdFX9WfRHmgg2Go-7ZGSSYOaC...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=Aa02lx9zc9LwgVTXv9z88SEMrJWZZLtmlQLbiXNRFX_0sLSDDwtzWxG4k1yDb1pBdFX9WfRHmgg2Go-7ZGSSYOaCS8-2JdQMulrE1-oD4opwqtGcx1kMCCzPk6QfGU0jxruY...

170 B
329 B

17ms
17ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=Aa02lx9zc9LwgVTXv9z88SEMrJWZZLtmlQLbiXNRFX_0sLSDDwtzWxG4k1yDb1pBdFX9WfRHmgg2Go-7ZGSSYOaCS8-2JdQMulrE1-oD4opwqtGcx1kMCCzPk6QfGU0jxruYpEmIvvsQltYo4w

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3731767089&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163162&bpp=1&bdt=193&idt=214&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280%2C620x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=2931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IXiHbOnFHH&p=https%3A//shells.red-pill.eu&dtd=217

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 16:32:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 16 Feb 2023 16:32:44 GMT
via: 1.1 69f13f852a135432abb1b7bfc5a8b420.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA2-C1
x-cache: GeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=Aa02lx9zc9LwgVTXv9z88SEMrJWZZLtmlQLbiXNRFX_0sLSDDwtzWxG4k1yDb1pBdFX9WfRHmgg2Go-7ZGSSYOaCS8-2JdQMulrE1-oD4opwqtGcx1kMCCzPk6QfGU0jxruYpEmIvvsQltYo4w
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: tWZ-u6g29cQv-qhpmmqUeZr6i6kTxhjqaCwCRUh-KuGYWOAyFjRcEQ==

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame B8ED 0
130 B 91ms
17ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LaowIJ1jays8nfhPCiLBVaBLrusf1FROcAPDH94ZS8A_J9pPttRelJCY5IkucUSjFmmumX

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3731767089&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163162&bpp=1&bdt=193&idt=214&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280%2C620x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=2931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IXiHbOnFHH&p=https%3A//shells.red-pill.eu&dtd=217

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:44 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 31C5
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

20ms
19ms

Document
text/html

2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3731767089&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163162&bpp=1&bdt=193&idt=214&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280%2C620x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=2931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IXiHbOnFHH&p=https%3A//shells.red-pill.eu&dtd=217

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 16:32:44 GMT
expires: Thu, 16 Feb 2023 16:32:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 16:32:44 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7133738465686760745/ Frame 1B18 12 KB
3 KB 11ms
10ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7133738465686760745/index.html

Requested by

Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b08831e1f763775a9db32e0dadd3471039544695630b2c3631a1d6bfd492c62e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 376168
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 3416
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Sun, 12 Feb 2023 08:03:16 GMT
expires: Mon, 12 Feb 2024 08:03:16 GMT
last-modified: Mon, 31 Oct 2022 16:57:53 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame BD52 0
0 52ms
51ms Fetch
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CPpFlq1ruY7uvF4PI1wacwLfwCL_MxJpt-KPW-L4Q4ffC3aAwEAEghb-6FWCVmoaCmAegAYr1ntoDyAEJqAMByANIqgTUAU_QUJgMMeALyorCGhpijBC5paIwvMXOFV8NhInrm1yKKj5nfNzrkkEnBQit8ao2__KZB7GPFvrMocSd1hQENdZlBciQ9JdK3RWuhFR_H6nvcOC-gT65G3nli9x3Pm4MRFwyirq-KeGKJ9ycoKtPEIoyytkmISarLQD8yD5JAtW8m2j-Ki47Ocu4E8-0Oo0Kn-QmPytilL6JdjApdi46GaV-a-1_iqJjnubWvW4M0dEKrZmbg8q8tKeCTOm66IggK0sJVJIJjnoUpQOockVJElepv4fCwATQ1omplgSSBQQIBBgBkgUECAUYBKAGLoAH3orhJagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcFEPfn6wHSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDYgUAtAVAZgWAYAXAbIXHAoaCAASFHB1Yi02MDk4NDk2MTI0NzUxNzEyGAA&sigh=X39VxLa7z4U&uach_m=[UACH]&cid=CAQSKQDUE5ymuKlMP2l_srGeguk5Ycdl81mMGPx4_XT1CpOIRyz8z1qRdBw4GAE&template_id=419

Requested by

Host: shells.red-pill.eu
URL: https://shells.red-pill.eu/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=1720655930&adf=1228456142&pi=t.ma~as.9148949735&w=700&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=700x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163159&bpp=2&bdt=190&idt=195&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=451&ady=134&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pxU28KOE8N&p=https%3A//shells.red-pill.eu&dtd=200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 16 Feb 2023 16:32:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/ Frame BD52 22 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=1720655930&adf=1228456142&pi=t.ma~as.9148949735&w=700&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=700x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163159&bpp=2&bdt=190&idt=195&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=451&ady=134&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pxU28KOE8N&p=https%3A//shells.red-pill.eu&dtd=200

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0e4d1d7a07ea6fddd6ab116e27bc0e074f5fe6ad6c89f719a515ae9c80436b6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 13:31:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10878
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8846
x-xss-protection: 0
server: cafe
etag: 8106178524699001248
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 13:31:26 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame BD52 3 KB
1 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=1720655930&adf=1228456142&pi=t.ma~as.9148949735&w=700&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=700x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163159&bpp=2&bdt=190&idt=195&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=451&ady=134&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pxU28KOE8N&p=https%3A//shells.red-pill.eu&dtd=200

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 13:41:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10297
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 13:41:07 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame BD52 20 KB
8 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=1720655930&adf=1228456142&pi=t.ma~as.9148949735&w=700&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=700x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163159&bpp=2&bdt=190&idt=195&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=451&ady=134&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pxU28KOE8N&p=https%3A//shells.red-pill.eu&dtd=200

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 13:31:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10878
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8316
x-xss-protection: 0
server: cafe
etag: 7067238764211672077
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 02 Mar 2023 13:31:26 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame BD52 0
0 15ms
15ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQe_lmNwSIpRGZJSYECfyJo1BGw952eEPbVVQo3uHbirM0Fxdln6pZ7m79cAhlXT7ahkLMsnh2vxxl3vvyx7PPN_jiD7A
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=1720655930&adf=1228456142&pi=t.ma~as.9148949735&w=700&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=700x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163159&bpp=2&bdt=190&idt=195&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=451&ady=134&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pxU28KOE8N&p=https%3A//shells.red-pill.eu&dtd=200
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BD52 156 KB
48 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=1720655930&adf=1228456142&pi=t.ma~as.9148949735&w=700&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=700x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163159&bpp=2&bdt=190&idt=195&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=451&ady=134&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pxU28KOE8N&p=https%3A//shells.red-pill.eu&dtd=200

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Feb 2023 16:32:44 GMT

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 1B18 6 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7133738465686760745/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f4813e4fe6dd891838e421479bf603f6d3f0d2a55b90517b875a77050471d4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:25:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 76021
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2551
x-xss-protection: 0
server: cafe
etag: 4618035238173732404
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 16 Feb 2023 19:25:43 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 1B18 34 KB
13 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7133738465686760745/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:42:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42636
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 17 Feb 2023 04:42:08 GMT

GET
H3 200 333c0f61c15237b9b279562de0e6f269.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7133738465686760745/ Frame 1B18 93 KB
27 KB 10ms
9ms Script
application/x-javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7133738465686760745/333c0f61c15237b9b279562de0e6f269.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7133738465686760745/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0a02bd9b497255fee7095aa04ce46e4b7bb7baf9bff4f810cfba02ac3cbe65f

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Feb 2023 15:21:32 GMT
age: 4272
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27927
x-xss-protection: 0
last-modified: Mon, 31 Oct 2022 16:57:53 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 16 Feb 2024 15:21:32 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7313 143 B
166 B 9ms
7ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=1720655930&adf=1228456142&pi=t.ma~as.9148949735&w=700&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=700x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163159&bpp=2&bdt=190&idt=195&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=451&ady=134&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pxU28KOE8N&p=https%3A//shells.red-pill.eu&dtd=200

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=1720655930&adf=1228456142&pi=t.ma~as.9148949735&w=700&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=700x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163159&bpp=2&bdt=190&idt=195&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=451&ady=134&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pxU28KOE8N&p=https%3A//shells.red-pill.eu&dtd=200
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3232
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 15:38:52 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame BD52 0
20 B 46ms
44ms Other
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPuwhvi7mv0CFQPk1QodHOANjg&gqi=q1ruY5DZFvS3mLAPjuCwmAg&layout=/sadbundle/%24csp%253Der3%24/7133738465686760745/index.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=1720655930&adf=1228456142&pi=t.ma~as.9148949735&w=700&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=700x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163159&bpp=2&bdt=190&idt=195&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=451&ady=134&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pxU28KOE8N&p=https%3A//shells.red-pill.eu&dtd=200

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 16:32:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame BD52 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9cff2030581d745018af5d588b9f4b4eb88c63b082191784a25945ae24b9acff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame 1B18 2 KB
530 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins:700|Poppins:300

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/7133738465686760745/333c0f61c15237b9b279562de0e6f269.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7d61fc5d1678bc9414aa7ab2d33c78af6a5a0572792efc31af2fd8af6a567285

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 16 Feb 2023 16:32:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 16:32:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Feb 2023 16:32:44 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7313
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

20ms
20ms

Document
text/html

2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=1720655930&adf=1228456142&pi=t.ma~as.9148949735&w=700&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=700x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163159&bpp=2&bdt=190&idt=195&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=451&ady=134&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pxU28KOE8N&p=https%3A//shells.red-pill.eu&dtd=200

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 16:32:44 GMT
expires: Thu, 16 Feb 2023 16:32:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 16:32:44 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ Frame 1B18 8 KB
8 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:700|Poppins:300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 13 Feb 2023 19:10:42 GMT
x-content-type-options: nosniff
age: 249722
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7816
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 13 Feb 2024 19:10:42 GMT

GET
H2 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ Frame 1B18 8 KB
8 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:700|Poppins:300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:34:28 GMT
x-content-type-options: nosniff
age: 158296
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7840
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:51:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Feb 2024 20:34:28 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 54ms
54ms XHR
application/json 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230213&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50c09d49068bf9a220d62ade2b0c378c0be87a6a2a73c2db29b1219e0644ac96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11164
x-xss-protection: 0

GET
H3 200 EWloDjzMQOvRZmCEufFfn6ZrYQ_lvyXFrAdKlYrDV_0.js Show response
pagead2.googlesyndication.com/bg/ Frame 1B18 36 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/EWloDjzMQOvRZmCEufFfn6ZrYQ_lvyXFrAdKlYrDV_0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1169680e3ccc40ebd1666084b9f15f9fa66b610fe5bf25c5ac074a958ac357fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 22:04:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66523
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14328
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 22:04:01 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Feb 2023 16:32:45 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9AE5 13 KB
5 KB 9ms
7ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://shells.red-pill.eu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 596
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 16:22:49 GMT
expires: Fri, 16 Feb 2024 16:22:49 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 4F7D 783 B
536 B 67ms
67ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

80785792f481b36dc028950af266429cda438ded6e56d2d8d3c2e5d7e4c60928

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-TL6xg4m6CzKrmEWW20FzzA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://shells.red-pill.eu/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-TL6xg4m6CzKrmEWW20FzzA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 16 Feb 2023 16:32:45 GMT
expires: Thu, 16 Feb 2023 16:32:45 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 EWloDjzMQOvRZmCEufFfn6ZrYQ_lvyXFrAdKlYrDV_0.js Show response
pagead2.googlesyndication.com/bg/ Frame 9AE5 36 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/EWloDjzMQOvRZmCEufFfn6ZrYQ_lvyXFrAdKlYrDV_0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1169680e3ccc40ebd1666084b9f15f9fa66b610fe5bf25c5ac074a958ac357fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 22:04:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66524
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14328
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 22:04:01 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4F7D 0
0 41ms
41ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230213&jk=763567565680394&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 9AE5 0
12 B 7ms
7ms Image
text/plain 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?AhgD8g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:32:45 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 44ms
44ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230213&jk=763567565680394&bg=!lJell8PNAAYuhb89DoU7ADkAdvg8WurhCUGbBQ9lxLWFlBfcmv2KQ-vmln-7AkWQOjq7BWqpSMRrxiRh2ASQCf6-sLsd3njafBMCAAAAXFIAAAADaAEHmQLiBQf3tijVkSxUJlV6wXf98mqE58XA_MHgASYBeOptpC5uVR0d49TuZ38OYaHPzH-Emw7o2ZC8EvPe2UeF2o9ZIiUauaavD_NdHHCcMpYGm297aoDTpWi2ZTu3_bHMM5PZYW6JDT5cAU0I1pUjRa7JCvGakpaLnxYKXSDDdl7QzW9XE9Yw9DOCJPSuXiwlJ4nvRG8UPBe5FvIgxfY8-TlDqaKeKt4EdKoI7ILD7mC1LlCOP-ebDYapIAfPzmckflrwCjR-P1szDwWBnWv_VfZPRxuBBmavzLICcWzhvUFJyf69C2efNLR4VU4bMix83ml10lQZEKL_vyq22RM8IZeK0gHkHIUGhK5CdRMWVgbLqJ_G3LjDrG5VaNdOmpdr3t1DRs-QuTX4ocgbe5onJm-ls5pl4pEN6TcnT-aCbQ3_JPch0BJJKOUnt2fBEJbamuS9OvaUkxV9A_NyUvLhMDDsRoTIKQqd9ebGTUB_s5JK6Q9t1ZCQrw1r4pFMfUdwUDeJKYFydjgFCbpQx79M5yna_LFmIfTbveq2bRF2xgpi__ILrBI8R7JE02hKt_dpRBYswr6evwImdvp4nqVQE16cUFAXFOZUU_EM_digW9oO8FdsSvmYI0Ek5cbx2K6GfEg_hbj-0-b86etrG58SEQOGmwZIwcQSWa1Y5wiW6b-tUSBEGkp8-0AleJJBoMs1PHjcuiKmqG3zopIXUcVawBCCLEg4MO-i9kiOuvD7FIKB4B7Syzwh2SiHB1kjnYe8hROXX4IF0I5WBjIc8NKe0kGFoj7JpdYkWCGgrO_CextuVuMdLM1pLxKjV19JaVveN-S_4ya5cImavkVudHu2HiGlQSW3UQCFnqr2Gfmcu4AKWRejIEFKJQRtwrt94_yVrDuvIvC7DP9uANIsXkCA7xr-WD3mqnJOFoJqZswVnouNLpmcd8zRwjNQxKeFh6GOx8ZY--UmrT6YkBEBGq8X_OVJ4c1V
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shells.red-pill.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame BD52 42 B
64 B 49ms
48ms Fetch
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssVxYoPFxU9UjuYbMrZPA7eiWG34z98O_6TKvf9GLTsqor-5jwT2vXou2jDmAzOq6W40spaHIq5IXqrZWkZi4WXFuSV_wWyCeTzLKBe6mIsVCX-9HFoTXGRyRmxFzz3XACZFhWGw8DPvl6RqA-idnIWkR2wl8WtfKLb&sai=AMfl-YQqEYynH4mHIXXQG5_GcXVD12ccqom2vzs2N9Ezc9YbWy-GM7GoZS83eYDCjrV7aHvev6Mt0caqLpBhQGiXhGAAB3v1frs5Vkc&sig=Cg0ArKJSzD5JNCPBSm2EEAE&cid=CAQSKQDUE5ymuKlMP2l_srGeguk5Ycdl81mMGPx4_XT1CpOIRyz8z1qRdBw4GAE&id=lidar2&mcvt=1000&p=0,0,180.4375,700&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230215&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=2&adk=1720655930&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1676565164798&rpt=96&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Feb 2023 16:32:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.polarhome.com
URL: https://www.polarhome.com/images/polarhome.gif

Verdicts & Comments Add Verdict or Comment

200 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
shells.red-pill.eu/	1970-01-20 18:28:21	Name: cb-enabled Value: enabled
.shells.red-pill.eu/	1970-01-20 19:18:45	Name: __utma Value: 132252620.1480027111.1676565163.1676565163.1676565163.1
.shells.red-pill.eu/	1969-12-31 23:59:59	Name: __utmc Value: 132252620
.shells.red-pill.eu/	1970-01-20 14:05:33	Name: __utmz Value: 132252620.1676565163.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.shells.red-pill.eu/	1970-01-20 09:42:45	Name: __utmt Value: 1
.shells.red-pill.eu/	1970-01-20 09:42:46	Name: __utmb Value: 132252620.1.10.1676565163
.red-pill.eu/	1970-01-20 19:04:21	Name: __gads Value: ID=fbd749c5d5ae8fce-22da26eabddc00ba:T=1676565163:RT=1676565163:S=ALNI_ManHfLmrOanNqfmmv0E-_LI8R67og
.red-pill.eu/	1970-01-20 19:04:21	Name: __gpi Value: UID=00000bb8678b1544:T=1676565163:RT=1676565163:S=ALNI_MZ-Qt1yR3I2pHtGS5p0_KHE47Ki9w
.doubleclick.net/	1970-01-20 09:42:48	Name: DSID Value: NO_DATA
.simpli.fi/	1970-01-20 18:29:47	Name: suid Value: 288C23C716F9488187B122CC9E4057D0
.ctnsnet.com/	1970-01-20 18:28:21	Name: gid_CAESEGfuYmuk5DvES4Roky3nLj4 Value: 1
.ctnsnet.com/	1970-01-20 18:28:21	Name: cid_d42aad5a7ca14abbba74d3d98fb39ee8 Value: 1
.travelaudience.com/	1970-01-20 19:10:06	Name: _tracker Value: %7B%22UUID%22%3A%225F202B65-950C-4FB4-A8B6-F96C48DA3116%22%7D
.everesttech.net/	1970-01-20 18:28:21	Name: everest_g_v2 Value: g_surferid~Y_5arAAHZjxXPAAb
.doubleclick.net/	1970-01-20 19:04:21	Name: IDE Value: AHWqTUlzDSkE2TVF8gNzg9EdVTpHIhy4qm8n7II8J1qDryloy0IGYvzF8-bhsrsC_QY
.tribalfusion.com/	1970-01-20 11:52:21	Name: ANON_ID Value: annseFoZdUQcR2Hp9vcgbY7Hj6jADsZcAoTKVUb7wDsknh2L0tZbcGVVqtT0ZdBJ5JEM0yvpQd0KybNT3ALCIi6U

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://shells.red-pill.eu/ Message: Mixed Content: The page at 'https://shells.red-pill.eu/' was loaded over HTTPS, but requested an insecure element 'http://www.polarhome.com/images/polarhome.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://shells.red-pill.eu/(Line 233) Message: Mixed Content: The page at 'https://shells.red-pill.eu/' was loaded over HTTPS, but requested an insecure element 'http://www.polarhome.com/images/polarhome.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
network	error	URL: https://www.polarhome.com/images/polarhome.gif Message: Failed to load resource: net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH
security	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3425153661&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163161&bpp=1&bdt=192&idt=202&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=1505&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=TXBlB4odYp&p=https%3A//shells.red-pill.eu&dtd=207 Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/11231308909508724055/index.html".
security	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=4210125070&adf=3425153661&pi=t.ma~as.9148949735&w=620&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=620x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163161&bpp=1&bdt=192&idt=202&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C700x280&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=491&ady=1505&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeEbr%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=TXBlB4odYp&p=https%3A//shells.red-pill.eu&dtd=207 Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/11231308909508724055/index.html".
security	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=1720655930&adf=1228456142&pi=t.ma~as.9148949735&w=700&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=700x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163159&bpp=2&bdt=190&idt=195&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=451&ady=134&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pxU28KOE8N&p=https%3A//shells.red-pill.eu&dtd=200 Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/7133738465686760745/index.html".
security	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6098496124751712&output=html&h=280&slotname=9148949735&adk=1720655930&adf=1228456142&pi=t.ma~as.9148949735&w=700&fwrn=4&fwrnh=100&lmt=1676565163&rafmt=1&format=700x280&url=https%3A%2F%2Fshells.red-pill.eu%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1676565163159&bpp=2&bdt=190&idt=195&shv=r20230213&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&prev_slotnames=6474157215&nras=1&correlator=3043022299960&frm=20&pv=1&ga_vid=1480027111.1676565163&ga_sid=1676565163&ga_hid=192793894&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=451&ady=134&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759842%2C44759927%2C44759876%2C31071755%2C31072255%2C31072440%2C31072427&oid=2&pvsid=763567565680394&tmod=1467936504&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaeE%7C&abl=CA&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=pxU28KOE8N&p=https%3A//shells.red-pill.eu&dtd=200 Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/7133738465686760745/index.html".

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
ads.travelaudience.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
blinkenshell.org
cm.g.doubleclick.net
fonts.googleapis.com
fonts.gstatic.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
match.adsrvr.org
pagead2.googlesyndication.com
partner.googleadservices.com
s.ad.smaato.net
s.tribalfusion.com
shells.red-pill.eu
ssl.google-analytics.com
sync-tm.everesttech.net
tpc.googlesyndication.com
um.simpli.fi
www.google.com
www.googletagservices.com
www.gstatic.com
www.insomnia247.nl
www.openshells.net
www.polarhome.com
www.xshellz.com
www.polarhome.com
142.250.185.130
151.101.2.49
2001:41d0:305:2100::4e16
2600:9000:20eb:5000:1b:5138:8a40:93a1
2606:4700:3037::6815:3139
2606:4700::6812:18ad
2a00:1450:4001:802::2002
2a00:1450:4001:803::2002
2a00:1450:4001:806::2001
2a00:1450:4001:808::200a
2a00:1450:4001:80b::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:811::2003
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2003
2a00:1450:4001:830::2004
2a00:1450:4001:831::200a
2a00:1450:400d:803::2002
2a00:1450:400d:808::2008
2a01:4f8:c0c:b93a::1
2a06:98c1:3120::3
3.33.220.150
35.186.193.173
35.190.0.66
35.204.74.118
77.38.124.140
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
02e82b0c6573f49da9969ec1d9076059957b9ad313aea5ed0335d910bb930d22
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e4d1d7a07ea6fddd6ab116e27bc0e074f5fe6ad6c89f719a515ae9c80436b6d
1169680e3ccc40ebd1666084b9f15f9fa66b610fe5bf25c5ac074a958ac357fd
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18f3fdfc1e129a0817a87b8f2dd14b82e03d1557dee8db43e14e464c1e43dd90
1a50433551c62c8657965f14003ba2fa39ff1f2f367737d62c1d9510c3fa7768
1f0577dd577c9554727f467983027ef63ab9e19cd533e5d589a8937ae0360fe8
2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3206373aa000390529fff3af76675f170621c851eec6c7dd822ad6ea48600779
35a51621e50352536f127ae012d3bd16e675a788376445036d8b60ace17e6566
3a663467e111fd2237a1bc5255e8d702b099f29cb553ecab24efe98cbf898b5d
3f132006efbbe99ecee57b78c8987716800533afca00d8011350560040fc3e00
418655ed8adf3d9b6767395ede2509b31756f5cd672e0e203e5d30cf80fd326a
4603202b757955aca0728987b6448e592603087ead05b65f89f509ce62a2c2aa
4a3cd4f0cc68c5893c0a8e4c7e72b1d4839805d91101f28f9363e0be88a9fafc
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4ca532668f4a9157dde5a5a8c00ff50c11b32c97e48e05b84ca86c316b9ec583
50c09d49068bf9a220d62ade2b0c378c0be87a6a2a73c2db29b1219e0644ac96
51221c99c3f23f575a336ff40229eeb0f244875fabd454a656e45987b43faacd
543de6d7b5b2f5b58043d559fd630f64499a48cd741c9dc2b72dbd33cc9c2050
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
611c52a54f6e842caafca72cc8e33d21032adfffd998dc21795f1daa2d28a5b2
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
624c8bbb356c56b649a3520491c3fbabe232d77d48e0e67ddc894a00d4e623a2
6a05772f2df1c43c5da65fd85be4f376b67a042d153092a733d6e301bdf3f7de
6f4813e4fe6dd891838e421479bf603f6d3f0d2a55b90517b875a77050471d4b
74017d97a0876e72ef09a14ea0b3ad49a744811c726e7b05e305d4a6e3e07612
75026443430cd929b0abfebf09c037e7e9945c0718dd6f0025961a6ee039e107
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
7a5d4a160fd3d78a5fc7c8f4ed216518922c6b8a0f95e49799cade5781a4f886
7d61fc5d1678bc9414aa7ab2d33c78af6a5a0572792efc31af2fd8af6a567285
7fe2bafdeb9c561d3d0ac4f93da4d4d3de27c0cee9a938f3d5484a55d189e3c0
80785792f481b36dc028950af266429cda438ded6e56d2d8d3c2e5d7e4c60928
82dab744c3c5429be7ee6062813395265a1fbedb29a6ccb33c9bf5c357bd89fd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8c6adb6f3c13fac8af2ed01d387d59e0d3cc0d63ca7d7584c995728abc1dd780
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8f3ec5897cadb82af9e2f1b9195c0e279f0482fef2b456774862ace8ced40dc0
9006b0c56dd36c035dfeeeb01b314af0556c565f5486880913f76e6bab035dde
9282b885825f1f265eb093acf11379fc90dd4e156588a02790c1515822e79858
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9cde0422a8cba5c14a3d06b584730049c9df9f47d721180a162e866dd8566907
9cff2030581d745018af5d588b9f4b4eb88c63b082191784a25945ae24b9acff
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
a01c07907aef447d1dc58a508f416ce9c1ae3a695e4961ae6512e159660934b8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0
af26eb6093f6b16b8d0d2fe29bcd0eaa5fe68e8cd369e603ff6fc8cffdf0b78d
b08831e1f763775a9db32e0dadd3471039544695630b2c3631a1d6bfd492c62e
c192cf4006e9fa0583a2762f1f5a075aece64149e9534cbb22ada284828b3489
c5fcbbed83baac508ee6ba358593a03a385fa46b7887af2450b9502d8a633980
c6d48af74ed45c47032cecb58d33222630130aecf9ebb7847df84c3ba4d6e7bf
c9634d0e4698e2f2f45ea005722ad4fd57b98845dbcf25fc2d1bed4163034d7e
cd706705c8acf67772f738a017bcf0fdee88ad8a4dd1365243f568cddb6db1a4
d0a02bd9b497255fee7095aa04ce46e4b7bb7baf9bff4f810cfba02ac3cbe65f
d126aafd6d95cbeb04e1e6cae74dca27e4bc887c9ed9f5cd1c814f3da2df8b2e
d3f54e2dea68172515c6fc486c42ae6d0137c0a6cc0d2c7813599c708b35e9ed
dbc9cc8f26a60084a917cf636f452eac46cb877b0262913c3383d67caa5f3c28
e16f7579677fa60f9f16f525fe622fd6fcdb65368fc2c2357129f0bc176d93d0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e664acc7bbabe41ea64e8517e2af2e0d426f719f32c72b911402f0ab40c35546
e695d359efef6d478a85e193cbbac9205f760c86992e5b316b6ab71cfdef8573
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f16e8128eca1d20ddb6e1f2d5e93d552679880773674779357afc9afa6253866
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

shells.red-pill.eu Open in urlscan Pro 77.38.124.140 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

104 Requests

93 %HTTPS

73 %IPv6

22 Domains

28 Subdomains

22 IPs

6 Countries

1005 kBTransfer

2539 kBSize

16 Cookies

22 Outgoing links

Page URL History

Redirected requests

104 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

shells.red-pill.eu Open in urlscan Pro
77.38.124.140 Public Scan

Screenshot
Live screenshot

Full Image

104
Requests

93 %
HTTPS

73 %
IPv6

22
Domains

28
Subdomains

22
IPs

6
Countries

1005 kB
Transfer

2539 kB
Size

16
Cookies

104 HTTP transactions
4 data transactions