hami39edj2.webcindario.com Open in urlscan Pro
5.57.226.202 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://teu16.app.link/JTFJErAcX7?platform=hootsuite
Effective URL:
https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAs...
Submission: On July 12 via automatic, source phishtank (July 12th 2020, 10:03:56 pm UTC)

Summary HTTP 53 Redirects Behaviour Indicators

Summary

This website contacted 13 IPs in 4 countries across 13 domains to perform 53 HTTP transactions. The main IP is 5.57.226.202, located in Madrid, Spain and belongs to SERVIHOSTING-AS AireNetworks, ES. The main domain is hami39edj2.webcindario.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on May 24th 2020. Valid for: 3 months.

This is the only time hami39edj2.webcindario.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of America (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	2600:9000:20e... 2600:9000:20eb:b000:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
5	5.57.226.202 5.57.226.202	29119 (SERVIHOST...) (SERVIHOSTING-AS AireNetworks)
17	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
3	2606:4700:20:... 2606:4700:20::681a:cc8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
2	34.253.69.115 34.253.69.115	16509 (AMAZON-02) (AMAZON-02)
6	2a00:1450:400... 2a00:1450:4001:816::200e	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
3	89.255.250.54 89.255.250.54	60626 (LEASEWEBCDN) (LEASEWEBCDN)
1	212.92.55.6 212.92.55.6	24592 (NEXICA-AS) (NEXICA-AS)
6	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
1	212.92.39.35 212.92.39.35	24592 (NEXICA-AS) (NEXICA-AS)
53	13

1 2600:9000:20eb:b000:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

teu16.app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 5.57.226.202 (Madrid, Spain)

ASN29119 (SERVIHOSTING-AS AireNetworks, ES)

hami39edj2.webcindario.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:20::681a:cc8 (United States)

ASN13335 (CLOUDFLARENET, US)

hosting.miarroba.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.253.69.115 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-69-115.eu-west-1.compute.amazonaws.com

des.smartclip.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:816::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 89.255.250.54 (Germany)

ASN60626 (LEASEWEBCDN, NL)

img.sunmediaads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.lzrikate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.92.55.6 (Spain)

ASN24592 (NEXICA-AS, ES)

play.sunmediaads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.92.39.35 (Barcelona, Spain)

ASN24592 (NEXICA-AS, ES)

play.lzrikate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com Failed	288 KB
6	google-analytics.com www.google-analytics.com	37 KB
5	webcindario.com hami39edj2.webcindario.com	13 KB
4	doubleclick.net googleads.g.doubleclick.net
3	sunmediaads.com img.sunmediaads.com play.sunmediaads.com Failed	66 KB
3	miarroba.info hosting.miarroba.info	1 KB
2	lzrikate.com img.lzrikate.com play.lzrikate.com	33 KB
2	googletagservices.com www.googletagservices.com	53 KB
2	google.com adservice.google.com	336 B
2	google.de adservice.google.de	336 B
2	smartclip.net des.smartclip.net	1020 B
2	googletagmanager.com www.googletagmanager.com	48 KB
1	app.link teu16.app.link	1 KB
53	13

	Domain	Requested by
11	pagead2.googlesyndication.com	hami39edj2.webcindario.com pagead2.googlesyndication.com
6	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com
6	www.google-analytics.com	www.googletagmanager.com hami39edj2.webcindario.com
5	hami39edj2.webcindario.com	teu16.app.link hami39edj2.webcindario.com
4	googleads.g.doubleclick.net	pagead2.googlesyndication.com
3	hosting.miarroba.info	hami39edj2.webcindario.com
2	img.sunmediaads.com	hami39edj2.webcindario.com
2	www.googletagservices.com	pagead2.googlesyndication.com
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	des.smartclip.net	hami39edj2.webcindario.com
2	www.googletagmanager.com	hami39edj2.webcindario.com
1	play.lzrikate.com	img.sunmediaads.com
1	img.lzrikate.com	teu16.app.link
1	play.sunmediaads.com	img.sunmediaads.com
1	teu16.app.link
53	16

This site contains no links.

Subject Issuer	Validity	Valid
appipv4.link Amazon	`2019-08-19` - `2020-09-19`	a year	crt.sh
webcindario.com Let's Encrypt Authority X3	`2020-05-24` - `2020-08-22`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-06-17` - `2020-09-09`	3 months	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-11-03` - `2020-10-09`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-06-17` - `2020-09-09`	3 months	crt.sh
*.smartclip.net Amazon	`2020-02-29` - `2021-03-29`	a year	crt.sh
*.google.de GTS CA 1O1	`2020-06-17` - `2020-09-09`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-06-17` - `2020-09-09`	3 months	crt.sh
leadzuin.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-13` - `2021-07-13`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-06-17` - `2020-09-09`	3 months	crt.sh

This page contains 10 frames:

Primary Page: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
Frame ID: EECC23AE78288B4B5B5857ACFEAE40C2
Requests: 44 HTTP requests in this frame

Frame: https://hami39edj2.webcindario.com/b2020123/1/://open?link_click_id=810982074878720711
Frame ID: 07382502F8085ED302CFB7352D0761B7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20200707/r20190131/zrt_lookup.html
Frame ID: 466084325BD365B392D765166591ABC9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7294310421616689&output=html&adk=1812271804&adf=3025194257&lmt=1594591421&plat=1%3A32776%2C2%3A32776%2C8%3A32768%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fhami39edj2.webcindario.com%2Fb2020123%2F1%2F%3Fplatform%3Dhootsuite%26_branch_match_id%3D810982074878720711%26utm_medium%3Dmarketing&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1594591421093&bpp=15&bdt=43&idt=84&shv=r20200707&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8068024116144&frm=20&pv=2&ga_vid=2112468214.1594591421&ga_sid=1594591421&ga_hid=704035623&ga_fc=0&iag=0&icsg=33440&dssz=11&mdo=0&mso=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3082915903831394&pem=482&ref=https%3A%2F%2Fteu16.app.link%2FJTFJErAcX7%3Fplatform%3Dhootsuite&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8208&bc=31&ifi=0&uci=a!0&fsb=1&dtd=100
Frame ID: 87D52CF36858276F740A9CE71517B150
Requests: 1 HTTP requests in this frame

Frame: https://hosting.miarroba.info/607f6b0b381bbc1f64fa027d62891072_cookie.php
Frame ID: C5E11CE954321A19347102E423BFD3B2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20200707/r20190131/zrt_lookup.html
Frame ID: C00A1A73F121C62293AE5847504504F1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7294310421616689&output=html&adk=1812271804&adf=3025194257&lmt=1594591421&plat=1%3A32776%2C2%3A32776%2C8%3A32768%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fhami39edj2.webcindario.com%2Fb2020123%2F1%2Findex2.php%3Fhttps%3A%2F%2Faccount.1und1.de%2Fhome%2Fparticulares_esAssistanceDesktop%2FLoadLoginAssistance%3Ftype%3Dpwd&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1594591421782&bpp=2&bdt=36&idt=57&shv=r20200707&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8406759586888&frm=20&pv=2&ga_vid=2112468214.1594591421&ga_sid=1594591422&ga_hid=571948363&ga_fc=0&iag=0&icsg=33440&dssz=11&mdo=0&mso=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=4307831022625541&pem=482&ref=https%3A%2F%2Fhami39edj2.webcindario.com%2Fb2020123%2F1%2F%3Fplatform%3Dhootsuite%26_branch_match_id%3D810982074878720711%26utm_medium%3Dmarketing&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8208&bc=31&ifi=0&uci=a!0&fsb=1&dtd=62
Frame ID: 4FDA8CD0F865999FC70A1A09DE8787B6
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html
Frame ID: 4A767A731FC5082674E6392047A2F196
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html
Frame ID: 0EBA54AD9EFB6BEF3070DBE04FDF929D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html
Frame ID: C14AFF4ADC7492C25FD25C45D66BB0DA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://teu16.app.link/JTFJErAcX7?platform=hootsuite Page URL
https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_mediu... Page URL
https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanc... Page URL

Detected technologies

Lua (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

OpenResty (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Amazon Cloudfront (CDN) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Page Statistics

53
Requests

96 %
HTTPS

58 %
IPv6

13
Domains

16
Subdomains

13
IPs

4
Countries

542 kB
Transfer

1455 kB
Size

8
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://teu16.app.link/JTFJErAcX7?platform=hootsuite Page URL
https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing Page URL
https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

53 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Cookie set JTFJErAcX7 Show response
teu16.app.link/ 2 KB
1 KB 245ms
183ms Document
text/html 2600:9000:20eb:b000:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://teu16.app.link/JTFJErAcX7?platform=hootsuite
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20eb:b000:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty/1.13.6.2 / Express
Resource Hash: 2a50911c25c3f72ce4ac7671330466b023996379bf77b998714647ae074579d4

Request headers

Host: teu16.app.link
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Server: openresty/1.13.6.2
Date: Sun, 12 Jul 2020 22:03:40 GMT
X-Powered-By: Express
Set-Cookie: _s=d%2BdceU5Fx6JfRcQsvCbYMxDGztSFKaGqEVxcg3ABshwjhv6nWNs9EdL1NegFIKdh; Max-Age=31536000; Domain=.app.link; Path=/; Expires=Mon, 12 Jul 2021 22:03:40 GMT; Secure; SameSite=None
Last-Modified: Sun, 12 Jul 2020 22:03:40 GMT
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 d8328954e51c0912a8419c1a67cea1dc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C1
X-Amz-Cf-Id: hQ8ijXNSQ99pXLwL03X52Da7CnfGzfoLhvKWtZ3I0omW5i98aL2JbQ==

GET
H2 404 open
hami39edj2.webcindario.com/b2020123/1/:// Frame 0738 0
0 200ms
81ms Document
text/html 5.57.226.202
SERVIHOSTING-AS A...

General

Check archive.org

Show headers Download Go to

Full URL: https://hami39edj2.webcindario.com/b2020123/1/://open?link_click_id=810982074878720711
Requested by: Host: teu16.app.link
URL: https://teu16.app.link/JTFJErAcX7?platform=hootsuite
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 5.57.226.202 Madrid, Spain, ASN29119 (SERVIHOSTING-AS AireNetworks, ES),
Reverse DNS
Software: nginx / Webcindario Hosting Service
Resource Hash

Request headers

:method: GET
:authority: hami39edj2.webcindario.com
:scheme: https
:path: /b2020123/1/://open?link_click_id=810982074878720711
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://teu16.app.link/JTFJErAcX7?platform=hootsuite
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://teu16.app.link/JTFJErAcX7?platform=hootsuite

Response headers

status: 404
server: nginx
date: Sun, 12 Jul 2020 22:03:40 GMT
content-type: text/html
vary: Accept-Encoding
set-cookie: __muid=034498fac95048cf32c8f8058b345b25e797f82c; Domain=.webcindario.com; Path=/; Expires=Tue, 19 Jan 2038 03:14:11 GMT; HttpOnly
x-powered-by: Webcindario Hosting Service
content-encoding: gzip

GET
H2 200 / Show response
hami39edj2.webcindario.com/b2020123/1/ 2 KB
1 KB 69ms
68ms Document
text/html 5.57.226.202
SERVIHOSTING-AS A...

General

Check archive.org

Show headers Download Go to

Full URL: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing
Requested by: Host: teu16.app.link
URL: https://teu16.app.link/JTFJErAcX7?platform=hootsuite
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 5.57.226.202 Madrid, Spain, ASN29119 (SERVIHOSTING-AS AireNetworks, ES),
Reverse DNS
Software: nginx / Webcindario Hosting Service
Resource Hash: 2580cde1b676fdca2dd963aaff2a5613fa8406f568a870f37e0f268dfa866711

Request headers

:method: GET
:authority: hami39edj2.webcindario.com
:scheme: https
:path: /b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://teu16.app.link/JTFJErAcX7?platform=hootsuite
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __muid=034498fac95048cf32c8f8058b345b25e797f82c; _ga=GA1.3.2112468214.1594591421; _gid=GA1.3.704001135.1594591421; _gat_UA-597118-17=1; _gat_UA-597118-7=1; _gat_UA-597118-1=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://teu16.app.link/JTFJErAcX7?platform=hootsuite

Response headers

status: 200
server: nginx
date: Sun, 12 Jul 2020 22:03:41 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: Webcindario Hosting Service
content-encoding: gzip

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 116 KB
41 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: hami39edj2.webcindario.com
URL: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

adaffcf78c771c8ad1f860d8caf5451b364211b0bdbdab1260f7c0edb2016f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 12 Jul 2020 22:03:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42076
x-xss-protection: 0
server: cafe
etag: 9567404131682417885
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 12 Jul 2020 22:03:41 GMT

GET
H2 200 / Show response
hosting.miarroba.info/ 1 KB
980 B 144ms
143ms Script
application/javascript 2606:4700:20::681a:cc8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hosting.miarroba.info/?__muid=034498fac95048cf32c8f8058b345b25e797f82c&h=1991872&t=1594591421&k=9f5db214f0b15945227d1eed7bfec434
Requested by: Host: hami39edj2.webcindario.com
URL: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:cc8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bad8afcb05a1356c25dc2e974c6054be565fbcf24e6dbd1150468b11c15b2d03

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray: 5b1e0e3d9d99c2f4-FRA
pragma: no-cache
date: Sun, 12 Jul 2020 22:03:41 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Sun, 12 Jul 2020 22:03:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
status: 200
cache-control: no-cache
content-type: application/javascript; charset=iso-8859-1
cf-request-id: 03e6a73a7e0000c2f4970fa200000001
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 60 KB
24 KB 18ms
17ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T2VG59

Requested by

Host: hami39edj2.webcindario.com
URL: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

57feb489981b1a7f35f80b6a8a67d353f14955057cb73bb65470146f571cf5a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 12 Jul 2020 22:03:41 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24329
x-xss-protection: 0
last-modified: Sun, 12 Jul 2020 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 12 Jul 2020 22:03:41 GMT

GET
H/1.1 200 ads Show response
des.smartclip.net/ 20 B
510 B 42ms
42ms Script
application/javascript 34.253.69.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://des.smartclip.net/ads?type=dyn&plc=75133&elementId=034498fac95048cf32c8f8058b345b25e797f82c&sz=400x320&rnd=67936138
Requested by: Host: hami39edj2.webcindario.com
URL: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.69.115 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-69-115.eu-west-1.compute.amazonaws.com
Software: nginx/1.17.6 /
Resource Hash: 7285303c6f1bd19a091fb8046d1c43704c3f846461b957fe4198c3e051fce7eb

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 12 Jul 2020 22:03:41 GMT
Content-Encoding: gzip
Sc-Supply-Network: 999999
Vary: Accept-Encoding
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Sc-Uuid: d5b59f3f-92b5-4a38-8472-830b5cedfe20
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Content-Type: application/javascript; charset=utf-8
Sc-Device-Type: PC
Server: nginx/1.17.6

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T2VG59

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jun 2020 23:38:14 GMT
server: Golfe2
age: 6481
date: Sun, 12 Jul 2020 20:15:40 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18469
expires: Sun, 12 Jul 2020 22:15:40 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
168 B 16ms
15ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=hami39edj2.webcindario.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Jul 2020 22:03:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
168 B 15ms
15ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=hami39edj2.webcindario.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Jul 2020 22:03:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20200707/r20190131/ 220 KB
83 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20200707/r20190131/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

70d6b51fd67d36bf5403cb362aee641d7702084f4b4d50c223af7280a19a2fe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 12 Jul 2020 22:03:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 84839
x-xss-protection: 0
server: cafe
etag: 14750969798358805552
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Jul 2020 22:03:41 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20200707/r20190131/ Frame 4660 0
0 6ms
5ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20200707/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20200707/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
vary: Accept-Encoding
date: Tue, 07 Jul 2020 21:12:54 GMT
expires: Tue, 21 Jul 2020 21:12:54 GMT
content-type: text/html; charset=UTF-8
etag: 4448614309292777386
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4502
x-xss-protection: 0
cache-control: public, max-age=1209600
age: 435047
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 collect
www.google-analytics.com/ 35 B
130 B 6ms
6ms Image
image/gif 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j83&a=704035623&t=pageview&_s=1&dl=https%3A%2F%2Fhami39edj2.webcindario.com%2Fb2020123%2F1%2F%3Fplatform%3Dhootsuite%26_branch_match_id%3D810982074878720711%26utm_medium%3Dmarketing&dr=https%3A%2F%2Fteu16.app.link%2FJTFJErAcX7%3Fplatform%3Dhootsuite&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAAABC~&jid=&gjid=&cid=2112468214.1594591421&tid=UA-597118-7&_gid=704001135.1594591421&gtm=2wg6o0T2VG59&z=583727049

Requested by

Host: hami39edj2.webcindario.com
URL: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 10 Jun 2020 18:26:49 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 2777812
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
90 B 8ms
7ms Image
image/gif 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j83&a=704035623&t=pageview&_s=1&dl=https%3A%2F%2Fhami39edj2.webcindario.com%2Fb2020123%2F1%2F%3Fplatform%3Dhootsuite%26_branch_match_id%3D810982074878720711%26utm_medium%3Dmarketing&dr=https%3A%2F%2Fteu16.app.link%2FJTFJErAcX7%3Fplatform%3Dhootsuite&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAAABC~&jid=&gjid=&cid=2112468214.1594591421&tid=UA-597118-1&_gid=704001135.1594591421&gtm=2wg6o0T2VG59&z=925060108

Requested by

Host: hami39edj2.webcindario.com
URL: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 10 Jun 2020 18:26:49 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 2777812
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 403 ads
googleads.g.doubleclick.net/pagead/ Frame 87D5 0
0 26ms
24ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7294310421616689&output=html&adk=1812271804&adf=3025194257&lmt=1594591421&plat=1%3A32776%2C2%3A32776%2C8%3A32768%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fhami39edj2.webcindario.com%2Fb2020123%2F1%2F%3Fplatform%3Dhootsuite%26_branch_match_id%3D810982074878720711%26utm_medium%3Dmarketing&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1594591421093&bpp=15&bdt=43&idt=84&shv=r20200707&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8068024116144&frm=20&pv=2&ga_vid=2112468214.1594591421&ga_sid=1594591421&ga_hid=704035623&ga_fc=0&iag=0&icsg=33440&dssz=11&mdo=0&mso=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3082915903831394&pem=482&ref=https%3A%2F%2Fteu16.app.link%2FJTFJErAcX7%3Fplatform%3Dhootsuite&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8208&bc=31&ifi=0&uci=a!0&fsb=1&dtd=100

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200707/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7294310421616689&output=html&adk=1812271804&adf=3025194257&lmt=1594591421&plat=1%3A32776%2C2%3A32776%2C8%3A32768%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fhami39edj2.webcindario.com%2Fb2020123%2F1%2F%3Fplatform%3Dhootsuite%26_branch_match_id%3D810982074878720711%26utm_medium%3Dmarketing&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1594591421093&bpp=15&bdt=43&idt=84&shv=r20200707&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8068024116144&frm=20&pv=2&ga_vid=2112468214.1594591421&ga_sid=1594591421&ga_hid=704035623&ga_fc=0&iag=0&icsg=33440&dssz=11&mdo=0&mso=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=3082915903831394&pem=482&ref=https%3A%2F%2Fteu16.app.link%2FJTFJErAcX7%3Fplatform%3Dhootsuite&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8208&bc=31&ifi=0&uci=a!0&fsb=1&dtd=100
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing

Response headers

status: 403
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 12 Jul 2020 22:03:41 GMT
server: cafe
content-length: 46
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 12-Jul-2020 22:18:41 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 71 KB
27 KB 41ms
39ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200707/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e6d71bf2160bc0d24ab53c6cec6dc42bbd63e259d803a11b23ff14b510e491d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 12 Jul 2020 22:03:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1594380418682853"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 27203
x-xss-protection: 0
expires: Sun, 12 Jul 2020 22:03:41 GMT

POST
H2 200 607f6b0b381bbc1f64fa027d62891072_cookie.php
hosting.miarroba.info/ Frame C5E1 0
0 202ms
202ms Document
text/html 2606:4700:20::681a:cc8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hosting.miarroba.info/607f6b0b381bbc1f64fa027d62891072_cookie.php
Requested by: Host: hami39edj2.webcindario.com
URL: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:cc8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: POST
:authority: hosting.miarroba.info
:scheme: https
:path: /607f6b0b381bbc1f64fa027d62891072_cookie.php
content-length: 162
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
origin: https://hami39edj2.webcindario.com
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __weslvu=1594591421
Upgrade-Insecure-Requests: 1
Origin: https://hami39edj2.webcindario.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing

Response headers

status: 200
date: Sun, 12 Jul 2020 22:03:41 GMT
content-type: text/html; charset=iso-8859-1
set-cookie: __cfduid=d6fbf9d231d682a6d84913ab01f55a0691594591421; expires=Tue, 11-Aug-20 22:03:41 GMT; path=/; domain=.miarroba.info; HttpOnly; SameSite=Lax __weslvu=1594591421; expires=Sun, 12-Jul-2020 23:03:41 GMT; Max-Age=3600; path=/; domain=hosting.miarroba.info
vary: Accept-Encoding
cf-cache-status: DYNAMIC
cf-request-id: 03e6a73b150000c2f4970ff200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5b1e0e3e8f3fc2f4-FRA
content-encoding: br

GET
H2 200 lz_loader.js Show response
img.sunmediaads.com/ads/ 112 KB
32 KB 428ms
343ms Script
text/javascript 89.255.250.54
LEASEWEBCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sunmediaads.com/ads/lz_loader.js?ver=1.4
Requested by: Host: hami39edj2.webcindario.com
URL: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.255.250.54 , Germany, ASN60626 (LEASEWEBCDN, NL),
Reverse DNS
Software: leasewebcdn/5.4.2 /
Resource Hash: 7c074d5639b08b7eee3923842b52d5333c37eceb96baf14ee213584981066fe5

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 12 Jul 2020 22:03:41 GMT
content-encoding: gzip
cdn-cache-hit: 0
last-modified: Sun, 05 Apr 2020 16:15:53 GMT
server: leasewebcdn/5.4.2
etag: W/"1724833545"
content-type: text/javascript
status: 200
expires: Sun, 12 Jul 2020 22:03:41 GMT
cache-control: max-age=0
cdn-cache: MISS
cdn-node: FRA1-SO03022

GET zone.php
play.sunmediaads.com/red/ 0
0

GET
H2 200 sodar
pagead2.googlesyndication.com/getconfig/ 7 KB
6 KB 37ms
17ms XHR
application/json 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200707&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200707/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Jul 2020 22:03:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 5631
x-xss-protection: 0

GET
H2 200 Primary Request index2.php Show response
hami39edj2.webcindario.com/b2020123/1/ 3 KB
2 KB 81ms
81ms Document
text/html 5.57.226.202
SERVIHOSTING-AS A...

General

Check archive.org

Show headers Download Go to

Full URL: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 5.57.226.202 Madrid, Spain, ASN29119 (SERVIHOSTING-AS AireNetworks, ES),
Reverse DNS
Software: nginx / Webcindario Hosting Service
Resource Hash: 3c620a8f4cc76e87f06601cc8d8c9a672047aa836e8e924fa1ab4f810ae06367

Request headers

:method: GET
:authority: hami39edj2.webcindario.com
:scheme: https
:path: /b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __muid=034498fac95048cf32c8f8058b345b25e797f82c; _ga=GA1.3.2112468214.1594591421; _gid=GA1.3.704001135.1594591421; _gat_UA-597118-17=1; _gat_UA-597118-7=1; _gat_UA-597118-1=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://hami39edj2.webcindario.com/b2020123/1/?platform=hootsuite&_branch_match_id=810982074878720711&utm_medium=marketing

Response headers

status: 200
server: nginx
date: Sun, 12 Jul 2020 22:03:41 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: PHPSESSID=8b47b2c8611a0e4f3df5c8306dbc06d1; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-powered-by: Webcindario Hosting Service
content-encoding: gzip

GET sodar2.js
tpc.googlesyndication.com/sodar/ 0
0

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 116 KB
41 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: hami39edj2.webcindario.com
URL: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

adaffcf78c771c8ad1f860d8caf5451b364211b0bdbdab1260f7c0edb2016f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 12 Jul 2020 22:03:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42076
x-xss-protection: 0
server: cafe
etag: 9567404131682417885
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 12 Jul 2020 22:03:41 GMT

GET
H2 200 clog1.png
hami39edj2.webcindario.com/b2020123/1/run/images/ 4 KB
4 KB 108ms
108ms Image
image/png 5.57.226.202
SERVIHOSTING-AS A...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hami39edj2.webcindario.com/b2020123/1/run/images/clog1.png
Requested by: Host: hami39edj2.webcindario.com
URL: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 5.57.226.202 Madrid, Spain, ASN29119 (SERVIHOSTING-AS AireNetworks, ES),
Reverse DNS
Software: nginx / Webcindario Hosting Service
Resource Hash: f9fca4070dbcf45060d9cc1306c76ffdc71ff26d527401d0192f90d09a35f7df

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 12 Jul 2020 22:03:41 GMT
last-modified: Thu, 19 Jan 2017 20:10:28 GMT
server: nginx
x-powered-by: Webcindario Hosting Service
etag: "58811d34-10c4"
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 4292

GET
H2 200 captcha.php
hami39edj2.webcindario.com/b2020123/1/run/ 6 KB
6 KB 196ms
195ms Image
image/jpeg 5.57.226.202
SERVIHOSTING-AS A...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hami39edj2.webcindario.com/b2020123/1/run/captcha.php?rand=931270912
Requested by: Host: hami39edj2.webcindario.com
URL: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 5.57.226.202 Madrid, Spain, ASN29119 (SERVIHOSTING-AS AireNetworks, ES),
Reverse DNS
Software: nginx / Webcindario Hosting Service
Resource Hash: 0c83c0e8b9f9c955b577faa8897a953e894298085b7b5fa82a20a4c7c5a59c34

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Jul 2020 22:03:41 GMT
server: nginx
x-powered-by: Webcindario Hosting Service
content-type: image/jpeg
status: 200
cache-control: no-store, no-cache, must-revalidate
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 / Show response
hosting.miarroba.info/ 0
193 B 142ms
141ms Script
application/javascript 2606:4700:20::681a:cc8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hosting.miarroba.info/?__muid=034498fac95048cf32c8f8058b345b25e797f82c&h=1991872&t=1594591421&k=9f5db214f0b15945227d1eed7bfec434
Requested by: Host: hami39edj2.webcindario.com
URL: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:cc8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray: 5b1e0e41fcbac2f4-FRA
pragma: no-cache
date: Sun, 12 Jul 2020 22:03:41 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Sun, 12 Jul 2020 22:03:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
status: 200
cache-control: no-cache
content-type: application/javascript; charset=iso-8859-1
cf-request-id: 03e6a73d370000c2f497110200000001
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 60 KB
24 KB 15ms
14ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T2VG59

Requested by

Host: hami39edj2.webcindario.com
URL: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

57feb489981b1a7f35f80b6a8a67d353f14955057cb73bb65470146f571cf5a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 12 Jul 2020 22:03:41 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24329
x-xss-protection: 0
last-modified: Sun, 12 Jul 2020 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 12 Jul 2020 22:03:41 GMT

GET
H/1.1 200 ads Show response
des.smartclip.net/ 20 B
510 B 42ms
42ms Script
application/javascript 34.253.69.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://des.smartclip.net/ads?type=dyn&plc=75133&elementId=034498fac95048cf32c8f8058b345b25e797f82c&sz=400x320&rnd=75675810
Requested by: Host: hami39edj2.webcindario.com
URL: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.69.115 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-69-115.eu-west-1.compute.amazonaws.com
Software: nginx/1.17.6 /
Resource Hash: 7285303c6f1bd19a091fb8046d1c43704c3f846461b957fe4198c3e051fce7eb

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 12 Jul 2020 22:03:41 GMT
Content-Encoding: gzip
Sc-Supply-Network: 999999
Vary: Accept-Encoding
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Sc-Uuid: 0c54f861-43fa-4527-8bea-94065fde517a
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Content-Type: application/javascript; charset=utf-8
Sc-Device-Type: PC
Server: nginx/1.17.6

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T2VG59

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jun 2020 23:38:14 GMT
server: Golfe2
age: 6481
date: Sun, 12 Jul 2020 20:15:40 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18469
expires: Sun, 12 Jul 2020 22:15:40 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
168 B 18ms
15ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=hami39edj2.webcindario.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Jul 2020 22:03:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
168 B 16ms
14ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=hami39edj2.webcindario.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Jul 2020 22:03:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20200707/r20190131/ 220 KB
83 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20200707/r20190131/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

70d6b51fd67d36bf5403cb362aee641d7702084f4b4d50c223af7280a19a2fe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 12 Jul 2020 22:03:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 84839
x-xss-protection: 0
server: cafe
etag: 14750969798358805552
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Jul 2020 22:03:41 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20200707/r20190131/ Frame C00A 0
0 6ms
5ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20200707/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20200707/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
vary: Accept-Encoding
date: Tue, 07 Jul 2020 21:12:54 GMT
expires: Tue, 21 Jul 2020 21:12:54 GMT
content-type: text/html; charset=UTF-8
etag: 4448614309292777386
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4502
x-xss-protection: 0
cache-control: public, max-age=1209600
age: 435047
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 collect
www.google-analytics.com/ 35 B
90 B 6ms
5ms Image
image/gif 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j83&a=571948363&t=pageview&_s=1&dl=https%3A%2F%2Fhami39edj2.webcindario.com%2Fb2020123%2F1%2Findex2.php%3Fhttps%3A%2F%2Faccount.1und1.de%2Fhome%2Fparticulares_esAssistanceDesktop%2FLoadLoginAssistance%3Ftype%3Dpwd&ul=en-us&de=UTF-8&dt=Document&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAAABC~&jid=&gjid=&cid=2112468214.1594591421&tid=UA-597118-7&_gid=704001135.1594591421&gtm=2wg6o0T2VG59&z=1567136997

Requested by

Host: hami39edj2.webcindario.com
URL: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 10 Jun 2020 18:26:49 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 2777812
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
90 B 6ms
6ms Image
image/gif 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j83&a=571948363&t=pageview&_s=1&dl=https%3A%2F%2Fhami39edj2.webcindario.com%2Fb2020123%2F1%2Findex2.php%3Fhttps%3A%2F%2Faccount.1und1.de%2Fhome%2Fparticulares_esAssistanceDesktop%2FLoadLoginAssistance%3Ftype%3Dpwd&ul=en-us&de=UTF-8&dt=Document&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAAABC~&jid=&gjid=&cid=2112468214.1594591421&tid=UA-597118-1&_gid=704001135.1594591421&gtm=2wg6o0T2VG59&z=917250423

Requested by

Host: hami39edj2.webcindario.com
URL: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 10 Jun 2020 18:26:49 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 2777812
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 403 ads
googleads.g.doubleclick.net/pagead/ Frame 4FDA 0
0 25ms
25ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7294310421616689&output=html&adk=1812271804&adf=3025194257&lmt=1594591421&plat=1%3A32776%2C2%3A32776%2C8%3A32768%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fhami39edj2.webcindario.com%2Fb2020123%2F1%2Findex2.php%3Fhttps%3A%2F%2Faccount.1und1.de%2Fhome%2Fparticulares_esAssistanceDesktop%2FLoadLoginAssistance%3Ftype%3Dpwd&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1594591421782&bpp=2&bdt=36&idt=57&shv=r20200707&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8406759586888&frm=20&pv=2&ga_vid=2112468214.1594591421&ga_sid=1594591422&ga_hid=571948363&ga_fc=0&iag=0&icsg=33440&dssz=11&mdo=0&mso=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=4307831022625541&pem=482&ref=https%3A%2F%2Fhami39edj2.webcindario.com%2Fb2020123%2F1%2F%3Fplatform%3Dhootsuite%26_branch_match_id%3D810982074878720711%26utm_medium%3Dmarketing&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8208&bc=31&ifi=0&uci=a!0&fsb=1&dtd=62

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200707/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7294310421616689&output=html&adk=1812271804&adf=3025194257&lmt=1594591421&plat=1%3A32776%2C2%3A32776%2C8%3A32768%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fhami39edj2.webcindario.com%2Fb2020123%2F1%2Findex2.php%3Fhttps%3A%2F%2Faccount.1und1.de%2Fhome%2Fparticulares_esAssistanceDesktop%2FLoadLoginAssistance%3Ftype%3Dpwd&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1594591421782&bpp=2&bdt=36&idt=57&shv=r20200707&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8406759586888&frm=20&pv=2&ga_vid=2112468214.1594591421&ga_sid=1594591422&ga_hid=571948363&ga_fc=0&iag=0&icsg=33440&dssz=11&mdo=0&mso=0&u_tz=120&u_his=3&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=4307831022625541&pem=482&ref=https%3A%2F%2Fhami39edj2.webcindario.com%2Fb2020123%2F1%2F%3Fplatform%3Dhootsuite%26_branch_match_id%3D810982074878720711%26utm_medium%3Dmarketing&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8208&bc=31&ifi=0&uci=a!0&fsb=1&dtd=62
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd

Response headers

status: 403
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 12 Jul 2020 22:03:41 GMT
server: cafe
content-length: 46
x-xss-protection: 0
set-cookie: IDE=AHWqTUlxJ0teulQ8Tk5du86g0SmobezLOriMvRsQExXlBgTIVIVZLL66FS4m2bN5; expires=Fri, 06-Aug-2021 22:03:41 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 71 KB
27 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200707/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e6d71bf2160bc0d24ab53c6cec6dc42bbd63e259d803a11b23ff14b510e491d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 12 Jul 2020 22:03:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1594380418682853"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 27203
x-xss-protection: 0
expires: Sun, 12 Jul 2020 22:03:41 GMT

GET
H2 200 lz_loader.js Show response
img.sunmediaads.com/ads/ 112 KB
32 KB 275ms
274ms Script
text/javascript 89.255.250.54
LEASEWEBCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sunmediaads.com/ads/lz_loader.js?ver=1.4
Requested by: Host: hami39edj2.webcindario.com
URL: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.255.250.54 , Germany, ASN60626 (LEASEWEBCDN, NL),
Reverse DNS
Software: leasewebcdn/5.4.2 /
Resource Hash: 7c074d5639b08b7eee3923842b52d5333c37eceb96baf14ee213584981066fe5

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 12 Jul 2020 22:03:41 GMT
content-encoding: gzip
cdn-cache-hit: 0
last-modified: Sun, 05 Apr 2020 16:15:53 GMT
server: leasewebcdn/5.4.2
etag: W/"3871808260"
content-type: text/javascript
status: 200
expires: Sun, 12 Jul 2020 22:03:41 GMT
cache-control: max-age=0
cdn-cache: MISS
cdn-node: FRA1-SO03022

GET
H/1.1 200
OK zone.php Show response
play.sunmediaads.com/red/ 1 KB
1 KB 47ms
46ms Script
text/html 212.92.55.6
NEXICA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://play.sunmediaads.com/red/zone.php?code=HEZRL65RXYI2&a=&pubid=&lgid=11585553750.42534990872422207
Requested by: Host: img.sunmediaads.com
URL: https://img.sunmediaads.com/ads/lz_loader.js?ver=1.4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 212.92.55.6 , Spain, ASN24592 (NEXICA-AS, ES),
Reverse DNS
Software: Apache /
Resource Hash: 2d978d7d6a887c5153f62485c26987d4ff9b44ff13f3a07560a3d28b2e85b8cd

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 12 Jul 2020 22:03:42 GMT
Server: Apache
Connection: close
Content-Length: 1076
Content-Type: text/html; charset=UTF-8

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 7 KB
6 KB 17ms
17ms XHR
application/json 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200707&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200707/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428ad305931460e56ff793899ce61d89aa5f377cad96ab95681c0df5519a938c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Jul 2020 22:03:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 5646
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 14 KB
6 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200707/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 12 Jul 2020 22:03:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1591403518460474"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5540
x-xss-protection: 0
expires: Sun, 12 Jul 2020 22:03:42 GMT

GET
H2 200 lz_loader.js Show response
img.lzrikate.com/ads/ 112 KB
32 KB 515ms
333ms Script
text/javascript 89.255.250.54
LEASEWEBCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://img.lzrikate.com/ads/lz_loader.js?ver=1.4
Requested by: Host: teu16.app.link
URL: https://teu16.app.link/JTFJErAcX7?platform=hootsuite
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.255.250.54 , Germany, ASN60626 (LEASEWEBCDN, NL),
Reverse DNS
Software: leasewebcdn/5.4.2 /
Resource Hash: 7c074d5639b08b7eee3923842b52d5333c37eceb96baf14ee213584981066fe5

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 12 Jul 2020 22:03:42 GMT
content-encoding: gzip
cdn-cache-hit: 0
last-modified: Sun, 05 Apr 2020 16:15:53 GMT
server: leasewebcdn/5.4.2
etag: W/"1724833545"
content-type: text/javascript
status: 200
expires: Sun, 12 Jul 2020 22:03:42 GMT
cache-control: max-age=0
cdn-cache: MISS
cdn-node: FRA1-SO03022

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 7 KB
6 KB 23ms
23ms XHR
application/json 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200707&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200707/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

459c959a9950f85418a335a1a9743da080974a039160b267b052bf5a601dcae6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Jul 2020 22:03:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 5594
x-xss-protection: 0

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/210/ Frame 4A76 0
0 6ms
5ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/210/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4590
date: Sun, 12 Jul 2020 21:29:48 GMT
expires: Mon, 12 Jul 2021 21:29:48 GMT
last-modified: Wed, 26 Feb 2020 19:47:50 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 2034
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 14 KB
5 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200707/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 12 Jul 2020 22:03:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1591403518460474"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5540
x-xss-protection: 0
expires: Sun, 12 Jul 2020 22:03:42 GMT

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/210/ Frame 0EBA 0
0 6ms
5ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/210/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4590
date: Sun, 12 Jul 2020 21:29:48 GMT
expires: Mon, 12 Jul 2021 21:29:48 GMT
last-modified: Wed, 26 Feb 2020 19:47:50 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 2034
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
120 B 39ms
39ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=210&t=2&li=gda_r20200707&jk=4307831022625541&bg=!PzylPCRYDCorb-43jgMCAAAAgVIAAAAXmQGLo1Goy5o4bLI59OOKJyz3fpota6WapIB4pxc14vuHrxfxlCCQ3lSse6-0EAu-Wi_MsSy9x0mPVGRSlbTFOrv8yVYYsnP_IQQDzuY3uPpV3XA4lJ_WxutaQPcZFaccMFMCRjsTpT1W7wBXa6rGDl9ssPBUVf2VBCzvkjRT6UiE5sRvo-kSnLCA6z1VrdhJU1QVgK_Q9wp7-dw_zx8n9rUJSGihOezNSH8CFt2VUxYPLGulU6Qebpb-ewBoFCHSTLNCUa6oGkiNyQ5n5gSsUhDDrfKrobXAUdGdFQu0SOceu_OfV_ns6x0B492iwi1T5gxJhqdAQAKkojx7kA1tvsdYrTVNn6ur0cSredOyb7japE4ct9mrZD0cb3M9EufdEsRzzeIUNOX0lKHxqzXeG6DO_trjTlrDqyqfV8zd2Ticw8noMf50HYcidJhK0dX5x5xi9WDXxgyMp3IgY3CXtXO2O2-V_uWJdvaO-RUFyfZbpBFAIEK0ltrm8fh8Qk3IHX4lg6_QwwOFrGoI454

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Jul 2020 22:03:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
55 B 39ms
38ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=210&t=2&li=gda_r20200707&jk=4307831022625541&bg=!np2lnYVYF0GCQAgoNkICAAAAhlIAAAAPmQGLfRr4PBJlkfdkhuT6gADwEKW5AIOe9XyZPiAvSFZ7f-H3F8hNlZ_1jEjvaXpbo4VEmq9wJl9PLbCKqoH0k0qznsl2MBpzGai3Gl1jI3PryPASAXttRRUQXbw4sAGxtYm9C3bwKQBVx60pDyD6aprMutaBsAwHeQ8-jLwVWR9OhlJfXvo-ZTdmTUiAGNF2EISGFJQJNE1DCK-iU0g21UpC64kcQMw6GgQvbqxKizwskcnMKB8EXqdhipv9nPg8lIA__9Ls6tlvlol7s9wyGhZOWD7IsfdI1Pt9Fb7vMXI4t_O-1Gm_nkZs6njzBlEv5hIJtpJcVmnBGx-fXdIbLMJ_kgOBAz2zl14f1AAtcfJUlTCve7myg-9VYw-U7bq--vrM60uTb5EcmDXbW_tpAdXHbxJ80npD5MnPd-YU9b_zSTTd7Cdoao0bLqVOzqThoXPDcHs5TpZRuqRbWMSrsDaj_u5Lt9dn378EA-7s_9N2pzlkod81HqIHu0-AZlni8ZFFSjrOmHDQy0SNteo

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Jul 2020 22:03:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK zone.php Show response
play.lzrikate.com/red/ 15 B
350 B 294ms
44ms Script
text/html 212.92.39.35
NEXICA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://play.lzrikate.com/red/zone.php?code=DCA12TRKI42N&a=&pubid=&lgid=11585559510.518503367633991
Requested by: Host: img.sunmediaads.com
URL: https://img.sunmediaads.com/ads/lz_loader.js?ver=1.4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 212.92.39.35 Barcelona, Spain, ASN24592 (NEXICA-AS, ES),
Reverse DNS
Software: Apache /
Resource Hash: 958ef07c64d939b1ed12399d6a945c97097fa66cdf44398edf4e30c5c84e781d

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 12 Jul 2020 22:03:43 GMT
Server: Apache
Connection: close
Content-Length: 15
Content-Type: text/html; charset=UTF-8

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 7 KB
6 KB 18ms
18ms XHR
application/json 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200707&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200707/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d00af7af4447a4b3c1238b437d6d0a417371ce90cf54ff76876180adf83e04b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Jul 2020 22:03:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 5630
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 14 KB
5 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200707/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 12 Jul 2020 22:03:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1591403518460474"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5540
x-xss-protection: 0
expires: Sun, 12 Jul 2020 22:03:43 GMT

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/210/ Frame C14A 0
0 6ms
5ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/210/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4590
date: Sun, 12 Jul 2020 21:29:48 GMT
expires: Mon, 12 Jul 2021 21:29:48 GMT
last-modified: Wed, 26 Feb 2020 19:47:50 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 2035
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
55 B 40ms
39ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=210&t=2&li=gda_r20200707&jk=4307831022625541&bg=!iYqlipJYuJR3Nljk5g0CAAAATlIAAAANmQGLIohuC8ZVyp73qKPjOxsF7OvR5oxvgNhtecuSI5o8yIzySeHXzxooB4rGU1cp4rxOx65RJs4MoVrL3LZRbUeZ6S2fDJLrbbm1mbDuAnHBuNzN0WsGlKOAJT_ankzfgewvO78HkFDM8J9czGJgDN24KG9NBSGa4yC2HbTtsrSes5rle_5U02Za2SVoLIcA3yX5scd7g5o2dahXR2WdKFMrGXHEel-bCRCdIvX7RQExlKUjklXyc0zYnY0tDgVUfjZL1XP47S2aTvLWQ6eilAGZY1jVCKjjZBaZATvqcYg6wIryTIgPZi26eKbOisp5Ryx-bWXNOsg3ezEnJELqiV56BrwTOLVQmYPevLwWYgUNniPQXtiNKsLY-V8CNc6udNO7bTcsq7iver0VnmyaVmoEcgw7xK_UaFMhQ_PdQJ3F-qi2Wd5KD3oEURmKI66HZr7C7pfOyCj-0UZ6IRqtcHyiJVzw73LsVwReBhH2whe1RSRFY13dR6zvd7FIX1eUXrtQBSSlBI0LlDIy0To

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hami39edj2.webcindario.com/b2020123/1/index2.php?https://account.1und1.de/home/particulares_esAssistanceDesktop/LoadLoginAssistance?type=pwd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Jul 2020 22:03:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: play.sunmediaads.com
URL: https://play.sunmediaads.com/red/zone.php?code=HEZRL65RXYI2&a=&pubid=&lgid=11585548380.4846741043598084

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of America (Banking)

90 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 20:18:07	Name: IDE Value: AHWqTUlxJ0teulQ8Tk5du86g0SmobezLOriMvRsQExXlBgTIVIVZLL66FS4m2bN5
hami39edj2.webcindario.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 8b47b2c8611a0e4f3df5c8306dbc06d1
.hami39edj2.webcindario.com/	1970-01-19 10:56:31	Name: _gat_UA-597118-1 Value: 1
.hami39edj2.webcindario.com/	1970-01-19 10:56:31	Name: _gat_UA-597118-17 Value: 1
.hami39edj2.webcindario.com/	1970-01-19 10:57:57	Name: _gid Value: GA1.3.704001135.1594591421
.webcindario.com/	1970-01-25 20:31:23	Name: __muid Value: 034498fac95048cf32c8f8058b345b25e797f82c
.hami39edj2.webcindario.com/	1970-01-19 10:56:31	Name: _gat_UA-597118-7 Value: 1
.hami39edj2.webcindario.com/	1970-01-20 04:27:43	Name: _ga Value: GA1.3.2112468214.1594591421

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://img.sunmediaads.com/ads/lz_loader.js?ver=1.4(Line 4) Message: [43m%s[0m Send completed [object Object]
console-api	log	URL: https://img.lzrikate.com/ads/lz_loader.js?ver=1.4(Line 4) Message: [43m%s[0m Send completed [object Object]

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
des.smartclip.net
googleads.g.doubleclick.net
hami39edj2.webcindario.com
hosting.miarroba.info
img.lzrikate.com
img.sunmediaads.com
pagead2.googlesyndication.com
play.lzrikate.com
play.sunmediaads.com
teu16.app.link
tpc.googlesyndication.com
www.google-analytics.com
www.googletagmanager.com
www.googletagservices.com
play.sunmediaads.com
tpc.googlesyndication.com
212.92.39.35
212.92.55.6
2600:9000:20eb:b000:19:9934:6a80:93a1
2606:4700:20::681a:cc8
2a00:1450:4001:800::2001
2a00:1450:4001:801::2002
2a00:1450:4001:80b::2002
2a00:1450:4001:80b::2008
2a00:1450:4001:816::200e
34.253.69.115
5.57.226.202
89.255.250.54
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c
0c83c0e8b9f9c955b577faa8897a953e894298085b7b5fa82a20a4c7c5a59c34
2580cde1b676fdca2dd963aaff2a5613fa8406f568a870f37e0f268dfa866711
2a50911c25c3f72ce4ac7671330466b023996379bf77b998714647ae074579d4
2d978d7d6a887c5153f62485c26987d4ff9b44ff13f3a07560a3d28b2e85b8cd
2e6d71bf2160bc0d24ab53c6cec6dc42bbd63e259d803a11b23ff14b510e491d
3c620a8f4cc76e87f06601cc8d8c9a672047aa836e8e924fa1ab4f810ae06367
428ad305931460e56ff793899ce61d89aa5f377cad96ab95681c0df5519a938c
459c959a9950f85418a335a1a9743da080974a039160b267b052bf5a601dcae6
57feb489981b1a7f35f80b6a8a67d353f14955057cb73bb65470146f571cf5a4
70d6b51fd67d36bf5403cb362aee641d7702084f4b4d50c223af7280a19a2fe4
7285303c6f1bd19a091fb8046d1c43704c3f846461b957fe4198c3e051fce7eb
7c074d5639b08b7eee3923842b52d5333c37eceb96baf14ee213584981066fe5
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
958ef07c64d939b1ed12399d6a945c97097fa66cdf44398edf4e30c5c84e781d
adaffcf78c771c8ad1f860d8caf5451b364211b0bdbdab1260f7c0edb2016f73
bad8afcb05a1356c25dc2e974c6054be565fbcf24e6dbd1150468b11c15b2d03
d00af7af4447a4b3c1238b437d6d0a417371ce90cf54ff76876180adf83e04b0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f9fca4070dbcf45060d9cc1306c76ffdc71ff26d527401d0192f90d09a35f7df
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

hami39edj2.webcindario.com Open in urlscan Pro 5.57.226.202 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

53 Requests

96 %HTTPS

58 %IPv6

13 Domains

16 Subdomains

13 IPs

4 Countries

542 kBTransfer

1455 kBSize

8 Cookies

0 Outgoing links

Page URL History

Redirected requests

53 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

hami39edj2.webcindario.com Open in urlscan Pro
5.57.226.202 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

53
Requests

96 %
HTTPS

58 %
IPv6

13
Domains

16
Subdomains

13
IPs

4
Countries

542 kB
Transfer

1455 kB
Size

8
Cookies

53 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!